General Discussion

Nevilledog

(50,952 posts) Thu Jul 16, 2020, 01:51 AM Jul 2020

Twitter reveals what it knows so far about massive hack

https://www.digitaltrends.com/news/twitter-reveals-what-it-knows-so-far-about-massive-hack/

Twitter has revealed what it knows so far about the massive hack involving a bitcoin scam that targeted dozens of high-profile accounts on its service on Wednesday, July 15.

In a series of tweets posted on its Support account, the company said it believed the hack had been made possible by tricking one or more of its employees who had access to Twitter’s internal systems and tools.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company said. Such an attack involves the perpetrator duping the target — in this case one or more individuals at Twitter — into making security-related errors or divulging sensitive information that enables the hacker to gain access to a company’s internal systems. There are a number of ways in which this can be done, including through malicious emails that impersonate a trusted person.

“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

It said that once it learned of the incident, it immediately locked down the affected accounts and removed the scam tweets posted by the attackers.

*snip*

22 replies

= new reply since forum marked as read

Highlight:

Twitter reveals what it knows so far about massive hack (Original Post) Nevilledog Jul 2020 OP

Best to just stay off social media. captain queeg Jul 2020 #1

So how can you post on DU , if you stay off social media? irisblue Jul 2020 #11

You personally staying off social media doesn't fix a thing Silent3 Jul 2020 #15

Yes and Twit is every bit as bad as Falsebook. lagomorph777 Jul 2020 #18

Tricking an employee? HipChick Jul 2020 #2

Social engineering is a pretty good phishing ploy soothsayer Jul 2020 #6

Social engineering is a classic method of attack. NutmegYankee Jul 2020 #7

These are employees though.. HipChick Jul 2020 #12

You would be very disappointed in how many fall for these, even with training. NutmegYankee Jul 2020 #16

Just took a online course whistler162 Jul 2020 #22

They have to get in first uponit7771 Jul 2020 #10

Why do employees have access to post tweets? Renew Deal Jul 2020 #3

None have access. That wasn't how it was done. READ THE OP! Bernardo de La Paz Jul 2020 #17

Dang Commies and all this whistler162 Jul 2020 #4

Trump hired Russians maybe? Or NK to do this? JesterCS Jul 2020 #5

+1 uponit7771 Jul 2020 #13

Why would Putin and Trump hack their own platform? lagomorph777 Jul 2020 #21

Full Twitter statement: Dennis Donovan Jul 2020 #8

People, this is an op sec Earthquake ... This is bad uponit7771 Jul 2020 #9

Putin needs to tighten up security at Twit - somebody is eating his lunch there! lagomorph777 Jul 2020 #19

Deleted --- oops! Silent3 Jul 2020 #14

And the Prez rules by decree on a hackable medium. Nothing bad could ever happen... NightWatcher Jul 2020 #20

captain queeg

(10,073 posts)

1. Best to just stay off social media.

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 02:02 AM

Jul 2020

irisblue

(32,902 posts)

11. So how can you post on DU , if you stay off social media?

Reply to captain queeg (Reply #1)

Thu Jul 16, 2020, 08:15 AM

Jul 2020

Silent3

(15,119 posts)

15. You personally staying off social media doesn't fix a thing

Reply to captain queeg (Reply #1)

Thu Jul 16, 2020, 09:13 AM

Jul 2020

This is not about whether or not you personally get fooled by any of this hacking. Social media is here to stay. You are NOT going to stop that by setting some brave example of resistance to social media (and besides, as someone else pointed out, DU counts as a form of social media too).

Your own personal distaste or skepticism about social media doesn't change a thing about dangerous problems of public trust and public deception caused by these kinds of security failures.

lagomorph777

(30,613 posts)

18. Yes and Twit is every bit as bad as Falsebook.

Reply to captain queeg (Reply #1)

Thu Jul 16, 2020, 10:11 AM

Jul 2020

Both are Putin's Platforms.

HipChick

(25,485 posts)

2. Tricking an employee?

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 02:21 AM

Jul 2020

Nah..an internal job, or Twitter has some dumb ass employees..

soothsayer

(38,601 posts)

6. Social engineering is a pretty good phishing ploy

Reply to HipChick (Reply #2)

Thu Jul 16, 2020, 06:53 AM

Jul 2020

They’re very clever out there.

NutmegYankee

(16,197 posts)

7. Social engineering is a classic method of attack.

Reply to HipChick (Reply #2)

Thu Jul 16, 2020, 07:36 AM

Jul 2020

There are several methods, all well known in industry circles.
Think of emails that look like your bank with links to fill in data, classically known as a spear phishing attack.

HipChick

(25,485 posts)

12. These are employees though..

Reply to NutmegYankee (Reply #7)

Thu Jul 16, 2020, 09:00 AM

Jul 2020

Not ordinary Joe Public..
IT specialists at that...they have to take extra special training for these scenarios

NutmegYankee

(16,197 posts)

16. You would be very disappointed in how many fall for these, even with training.

Reply to HipChick (Reply #12)

Thu Jul 16, 2020, 10:00 AM

Jul 2020

Especially if it is a Whaling Attack.

whistler162

(11,155 posts)

22. Just took a online course

Reply to HipChick (Reply #12)

Thu Jul 16, 2020, 06:27 PM

Jul 2020

done by Google employees, Google IT Professional certification. One of the presenters told the story of testing Google employees with a globe that lit up when plugged into an USB port but also had some code embedded into it to test employees. Quite a few employees plugged it into their computer thinking how generous Google was.

uponit7771

(90,301 posts)

10. They have to get in first

Reply to HipChick (Reply #2)

Thu Jul 16, 2020, 08:11 AM

Jul 2020

Renew Deal

(81,840 posts)

3. Why do employees have access to post tweets?

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 04:54 AM

Jul 2020

Even Twitter administrators shouldn’t be able to do that.

Bernardo de La Paz

(48,930 posts)

17. None have access. That wasn't how it was done. READ THE OP!

Reply to Renew Deal (Reply #3)

Thu Jul 16, 2020, 10:10 AM

Jul 2020

This is a very simple concept.

The hackers didn't post tweets through admin accounts.

They phished enough admin details to gain access to the system. One they do that, they can can change passwords and reset notification email addresses. All they need do is the latter. Once notification email is going to a mailbox they can read, then they login and fail the password and request a temporary password to be sent to that mailbox.

Then they use the changed password to access the account in the normal way and post the bogus tweets.

whistler162

(11,155 posts)

4. Dang Commies and all this

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 06:03 AM

Jul 2020

Socialist engineering stuff!

Not to surprising social engineering was a factor.

JesterCS

(1,827 posts)

5. Trump hired Russians maybe? Or NK to do this?

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 06:40 AM

Jul 2020

I'm only mostly joking....

uponit7771

(90,301 posts)

13. +1

Reply to JesterCS (Reply #5)

Thu Jul 16, 2020, 09:06 AM

Jul 2020

lagomorph777

(30,613 posts)

21. Why would Putin and Trump hack their own platform?

Reply to JesterCS (Reply #5)

Thu Jul 16, 2020, 10:14 AM

Jul 2020

Dennis Donovan

(18,770 posts)

8. Full Twitter statement:

Reply to Nevilledog (Original post)

Thu Jul 16, 2020, 08:00 AM

Jul 2020

https://threadreaderapp.com/thread/1283518038445223936.html

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

You may be unable to Tweet or reset your password while we review and address this incident.

We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.

Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.

Our investigation is still ongoing but here’s what we know so far:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

</snip>