Looking forward, what can we expect from similar types of hackers?
Last week’s hack of high-profile Twitter accounts belonging to Joe Biden, Barack Obama, Bill Gates and others raises questions about who carried out the attack, why it was done and what it means for the future of democracy.
A few days in, researchers are calling it more of an amateurish stunt than a professionally engineered, long-con takedown. The hack did successfully scam hundreds of Twitter users out of an estimated $120,000 in bitcoin. But it could have been worse. The level of access they had — direct messages of influential world leaders and organizations — was priceless. The hackers had to have known that the Twitter security team would be all over the situation once they launched their tweets. So this was a one-shot opportunity that, if executed more shrewdly, could have netted millions.
It doesn’t appear to be a professionally engineered ploy to land a king’s ransom. The hack did successfully scam hundreds of Twitter users out of an estimated $120,000 in bitcoin. But it could have been worse. The level of access they had — direct messages of influential world leaders and organizations — is priceless. The hackers had to have known that the Twitter security team would be all over the situation once they launched their tweets. So this was a one-shot opportunity that, if executed more shrewdly, could have netted millions.
At a surface level, it appears their goal was to show off, get some attention, have a little fun, and walk away with a pocket full of cash in the end.
Then again, they could have a longer-term play. If the attackers had internal access for some time, obtained all of the data they sought, they could have tweeted the phony requests for bitcoin donations as a final step.
What we do know is that the attackers pulled off their hack by gaining access to Twitter employees’ accounts. Twitter pretty much confirmed this in a tweet: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
A Monday report in Krebs on Security argued that the attack appears to have been perpetrated by individuals engaging in “SIM swapping,” which involves bribing, hacking or coercing employees into providing access to a target’s account. They could have collected insider credentials through a phishing expedition or issuing a pay-off to one or more staff members.
TechCrunch quoted a source pinning the attack on a hacker using the handle “Kirk.” The source said they had started out by selling access to vanity Twitter accounts, such as usernames that are short, simple and recognizable, then “started hacking everything.”
Along with Biden, Obama and Gates, accounts belonging to Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, entertainers Kanye West and wife Kim Karsashian were hacked. Fake tweets were sent out from each account offered to send back $2,000 for every $1,000 donated in bitcoin.
This latest cyberthreat should serve as a stark reminder that everything we do online, even private chats, is at risk of exposure without the proper safeguards.
Researchers are watching the Twitter situation closely for signs that the hackers have more moves in store.
“Nothing is safe on Twitter right now,” the security consultant David Kennedy told The Wall Street Journal.
The Cybersecurity Tech Accord and Economist Intelligence Unit report measures the beliefs of IT security leaders and experts regarding threats posed by state-led and sponsored threat actors.
MyData Global is a non-profit organization built to empower individuals by improving their rights regarding personal data. Read up on their current efforts to enable secure data sharing.