Twitter Scam is buzzing! Do you know what happened?

1. What happened?

It was the afternoon (4pm) of july 15th, the day on which one of the biggest bitcoin scam was pulled off by a group of anonymous hackers. Security of the social media giant (twitter) was compromised which resulted in this fraud.

15+ high profile twitter accounts were hacked and they were used to tweet the same message saying any bitcoin sent to the link in the tweet will be doubled, this offer will last just for 30 minutes given in the tweet.

Apple and Uber were the first to be impacted initially, the list grew to  Elon Musk, Bill Gates, Jeff Bezos, former US President Barack Obama, former US Vice-President Joe Biden, media billionaire Mike Bloomberg, rapper Kanye West, his wife Kim Kardashian West and more in just a matter of minutes.

2.How it happened?

Official twitter handle said that a “coordinated social engineering attack” was executed by the hackers, in this attack the target wasn’t  twitter account users but the employees of twitter who were having access to internal systems and tools. Hackers exploited this to gain control over many highly viewed accounts and tweet on their behalf.

The fact that so many different users have been compromised at the same time implies that someone has managed to get hold of some sort of administration privileges and gain access to twitter’s internal dashboard bypassing the passwords of pretty much any account they want to use.

3.How did twitter & Law enforcements respond

Law enforcement, as well as many angry users, will have some strong questions for Twitter about how this could have happened.

In order to damage control twitter stopped all verified accounts from tweeting at all initially, deleted the messages and then slowly restored the accounts back

Person named Kirk (alias) gained access to an internal Twitter tool, which he used to take control of accounts, it is found that a webpage: https://www.cryptoforhealth.com &  an Instagram page (@cryptoforhealth) posted a story which said: “It was a charity attack. Your money will find its way to the right place”.The description of the profile read “It was us”, alongside a slightly smiling face emoticon.

This scam has resulted in a gain of bitcoin wallet over $180,000 i.e 20 BTC via at least 300 transactions.It has found that the scam is pulled by few individuals who are in their 20s and met each other on an online platform (OGusers.com) however their real identity is still unknown. Two individuals who go by the name “lol” & “why so anxious” are linked to the bitcoin wallet which was used in the scam were involved in hacking twitter handles. Krik was already involved in hacking twitter handles in exchange for Bitcoins in the Past, he used to send pictures of twitter’s internal dashboards as proof that he has taken control of the requested accounts.

Sent out by Kirk after he gave a customer access to an account, showing Twitter’s backend for the @R9 account

4.Conclusion

Twitter runs its security program on many open platforms such as hackerone and gives millions of dollars to security researchers all around the world to make their platform secure for their users but this scam is a result of security breach in twitter system and not on the user side.

So sometimes a low impact attack like Social engineering combined with a compromised system can cause such big damage to companies reputation.Twitter’s stocks fell by more than 3% after the attack.

This breach could have been much worse; other circumstances like spreading disinformation among the netizens, creating chaos in the middle of the pandemic, giving war threats to rival countries using accounts of senior defence officials/organizations, can just imagine the extent of damage that can be caused.

So in order to keep the businesses safe in the digital world companies should hire professionals that are capable of providing efficient security solutions. A secure environment is not an option anymore but a necessity in this digital world for the very same reason Sankey Cybertech Solutions are committed to provide complete Cyber Solution.

Find out more about the topic and how your business or project can start benefiting from it!