Company 
Team 
League Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Cloud Hosting 
Co-Managed %201.svg){kind=icon}
Managed VOIP 
Managed Security Services 
Data Backup + Disaster Recovery 
Security Assessment 
CMMC Compliance 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
Cybersecurity
Updated July 31, 2020
A massive, simultaneous attack on the Twitter accounts of various celebrities, political figures, and well-known people took place on Wednesday, resulting in large numbers of accounts being compromised, exploited, and used for a bitcoin scam.
Hackers accessed Twitter’s internal systems, hijacking the accounts of some of the platform's largest and most influential accounts, including U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama, and billionaire Elon Musk.
The hack involved sending tweets from these accounts attempting to solicit bitcoin with a scam offering to double any funds received. 10’s of millions of Twitter followers saw these tweets, and the cybercriminals were able to earn nearly 13 bitcoin, around C$160,000 dollars, in just a few hours. The hack seems to have been able to bypass all Two Factor Authentication protocols, as well as Twitter’s standard security measures.
A spokesman from Twitter said: “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
As an immediate response to the attack, Twitter took the extraordinary step of shutting down the accounts of ‘verified’ users (those with a blue tick) for several hours on Wednesday afternoon. Verified users were unable to tweet, and access was only restored once the platform was once again secure.
Experts have speculated that someone probably gained administrator access to the Twitter ecosystem to bypass all the security. In theory, this may have meant that they had complete control of all Twitter accounts, including all direct messages.
“This appears to be the worst hack of a major social media platform yet,” said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
The hacking of political figures raises the possibility that a similar attack in the future could have national security ramifications, particularly as the influence of political Twitter accounts has grown over the last few years.
Oren Falkowitz, the former CEO of Area 1 Security, said: “It’s clear the company is not doing enough to protect itself.”
Dimitri Alperovitch added that: “We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people.”
Discussions in the hacker community suggested that there may be a new 0-day for Twitter (unknown exploit). As a result, it is vital that all businesses double-check their own Twitter accounts to ensure that they have not been compromised.
Twitter CEO Jack Dorsey has pledged to share everything they discover as soon as they have a more complete understanding of what happened.
Update: July 21
Twitter’s latest update on last week’s hack
Following the massive security incident last week that resulted in the simultaneous hacking of a number of verified Twitter accounts, including Jeff Bezos, Barack Obama, and Joe Biden, Twitter Support has released a report on the causes and the results of the attack.
Their analysis shows that the attack did not use malicious software to hack Twitter’s systems but targeted Twitter employees through a social engineering scheme. These employees were manipulated into carrying out actions that exposed confidential information and allowed the attackers access to the network.
The group responsible was able to obtain the credentials of various employees and used them to access internal systems (including getting past the two-factor protections). They were able to act as members of Twitter’s Internal Support Team and targeted 130 accounts, succeeding in accessing 45 of them in order to send tweets. As far as Twitter is aware, the attackers were only able to take data from eight of the accounts.
Twitter’s initial analysis shows that for the vast majority of users, no private information could have been accessed or stolen. For the 130 accounts targeted, it is possible that the attackers were able to see personal information like email addresses and phone numbers, and Twitter is working with the affected accounts to mitigate any possible repercussions.
According to Twitter’s statement, as soon as they became aware of the attack, they locked down the compromised accounts and revoked access to the internal systems affected. In order to help prevent any related malicious activity, they went one step further, restricting many accounts across the platform, preventing further tweeting or password changes. Some accounts were locked, again as a precautionary measure. Full functionality for the majority of users was able to be restored by the weekend.
Twitter has assured those affected, and all users of their platform, that they have multiple teams working on this attack and are continuing to investigate alongside law enforcement agencies.
Twitter is now focused on restoring access for any account owners still locked out of their accounts and securing their systems and processes against similar attacks in the future. They have pledged to roll out training across the organization to help guard against social engineering tactics and raise awareness amongst staff.
Update: July 31
Twitter hackers arrested
The US Department of Justice has reported that a number of individuals have been detained in relation to the recent Twitter hack, with one already charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
The US DOJ has named Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, and Nima Fazeli, aka "Rolex," 22, from Florida. The third suspect is reportedly 17 years old and, as a juvenile, has not been named.
The hack was the biggest security lapse in Twitter’s history, with over 130 accounts compromised, including incredibly high-profile users such as Barack Obama, Bill Gates, and Jeff Bezos.
The hackers reportedly received more than $100,000 USD in Bitcoin in just a few hours.
Twitter has issued various reports and updates in the aftermath of the attack, explaining that the attackers were able to compromise employees' accounts and gain unauthorized access to the targeted profiles.
Twitter stated that the hackers had used a spear-phishing attack over the phone, a social engineering tactic that misled, manipulated, and exploited human weaknesses in the system to allow them to gain internal access.
Twitter has also revealed that the hackers managed to access Direct Message inboxes of at least 36 accounts but only downloaded data using the ‘Your Twitter Data’ archive tool from eight.
US Attorney Anderson stated:
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence. Today's charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”
The three hackers arrested have reportedly been charged with 30 felonies of communications and organized fraud.
