It was surprising how easily the Hackers were able to penetrate Twitter’s network

On July 15, 2020, a 17-year old hacker and his accomplices breached Twitter’s network and seized control of dozens of Twitter accounts assigned to high-profile users. For several hours, the world watched while the Hackers carried out a public cyberattack, by seizing one high-profile account after another and tweeting out a “double your bitcoin” scam. The Hackers took over the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, and Elon Musk, as well as Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services. And for several hours Twitter seemed unable to stop the hack.

it was surprising how easily the Hackers were able to penetrate Twitter’s network and gain access to internal tools allowing them to take over any Twitter user’s account. Indeed, the Hackers used basic techniques more akin to those of a traditional scam artist: phone calls where they pretended to be from Twitter’s Information Technology department. The extraordinary access the Hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences. Notably, the Twitter Hack did not involve any of the high-tech or sophisticated techniques often used in cyberattacks–no malware, no exploits, and no backdoors.

Twitter plays a major role in political discussions and decisions, so it was also concerning that the accounts of former President Barack Obama, Presidential Candidate Joe Biden and former New York Mayor Michael Bloomberg were also affected. Several suspects have been charged in relation to this attack.

What is the impact of Twitter hack?

It could be one of the most expensive tweets in history. 

This time with the hack of high profile public figures, executives and celebrities twitter accounts raised so many questions on cybersecurity. Hackers started tweeting out links to bitcoins scams. It was reported that in just 24 hours of time bitcoin wallet got a value of $120,000 through 518 transactions by Chain analysis, a research company that tracks the movement of cryptocurrencies.

The stock market value of Twitter has gone down. This is not an only financial loss but reputation loss also. And the followers lost their money by falling into this trap.

What could be possible ways to hack Twitter?

Hackers got access into an internal Twitter administrative tool by one or all of the reasons mentioned below:

Hackers tricked an employee with spear-phishing scam & steal the password of Twitter’s system administrators.

Someone coerced an employee to provide access.

Coordinated social engineering attack on some employees having access to administrative tools.

Hackers might exploit a vulnerability in a particular operating system and might have got access to every computer that runs on that system’s software.

Not having strong Privileged Access Management Solutions, otherwise, it should raise the flag if there is any change in the popular Twitter accounts.

After getting access to the Twitter administrative tool then they might have hacked these 130 popular Twitter accounts with Sim Swapping.

What do we know about the attackers?

Bitcoin is extremely hard to trace and the three separate crypto-currency wallets that the cyber-criminals used have already been emptied. The digital money is likely to be split into smaller amounts and run through so-called “mixer” or “tumbler” services to make it even harder to trace back to the attackers.

Clues about those responsible are surfacing through bragging on social media – including on Twitter itself.

Earlier this week, researchers at cyber-crime intelligence firm Hudson Rock spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.

The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees. It appeared to allow full control of adding an email to an account or “detaching” existing ones.