Big excitement in the favorite network of US President Donald Trump: One or more hackers have managed to hijack the accounts of famous people like Tesla boss Elon Musk, ex-US President Barack Obama and Amazon founder Jeff Bezos. Corporate accounts such as Apple or that of the cryptocurrency exchange Binance were also affected. The accounts sometimes have millions of followers.
What the hackers did with the accounts taken over puzzles. They distributed spam messages across the accounts, requesting the followers of the accounts to transfer bitcoins to a specific virtual address and then get back twice the amount of bitcoins. This type of fraud is reminiscent of the famous spam emails from alleged Nigerian princes who need some seed capital to share their great inheritance with victims.
How did the action work?
Around Wednesday evening in German time, accounts from the cryptocurrency industry began to send the fraudulent tweets. The tenor was always the same: Because of the Covid 19 pandemic, entrepreneurs and companies had decided to support the community. It was therefore decided to participate in the “CryptoForHealth” campaign. Each received Bitcoin value is sent back to the sender twice. Companies from the partly opaque cryptocurrency scene were able to take such an action with a little good will. But soon after, similar tweets also came from the likely US presidential candidate Joe Biden, New York’s ex-mayor Mike Bloomberg or Microsoft founder Bill Gates. It mainly affected accounts verified by Twitter. The verification is supposed to curb fake accounts.
In order to put the potential fraud victims under time pressure, it was also said that the action would only run for 30 minutes. When it became clear that it was a scam, Twitter initially blocked the affected accounts. Later, the platform briefly prevented all verified accounts from sending messages.
How did the hackers get access to the accounts of famous users?
The most promising theory at the moment is that the hacker or hackers had access to Twitter’s internal administrator software through an employee, a kind of control center. In the industry this is called “god mode” because of the omnipotence of the administrators. Screenshots of this tool, allegedly shared by the hacker himself, are circulating on US media sites. This allows employees to change user passwords and switch off additional security functions such as two-factor authentication (2FA). At 2FA, users must identify themselves with their password and a one-time code or a type of security key. The “god mode” would explain how the hackers could usually take over very well secured company accounts in such a short time. According to a report on the US website Motherboard, the hackers claim that they have got a Twitter employee to “do all the work for them.” Twitter largely confirmed the hypothesis. According to an official channel on the platform, several Twitter employees were fooled with “a coordinated social engineering attack”.
Is my Twitter account now insecure?
With the administrator tool, the hackers were apparently able to take over any account, no matter what security precautions the user had taken. In principle, every account should have been insecure during the attack. But the hackers were targeting prominent accounts for their Bitcoin fraud, and those that are believed to have obscure charity campaigns with Bitcoins. The most prominent of all Twitter accounts, that of President Trump, has not been adopted.
What does this mean for the security of the Twitter network?
Twitter has not yet announced any concrete steps. After the attack, there is no question that the security concept of one of the most important social media networks in the world can hardly be excused. Above all, that the employees were apparently able to deactivate the multi-factor authentication of many famous accounts without major problems, indicating negligence on Twitter. Because even if users had done everything possible to protect themselves, they were exposed to this attack via the platform themselves without protection.
How much money did the attackers make from the fraud?
Bitcoin payments are convenient for cybercriminals because they take place without control by central entities such as banks and the owners of Bitcoin accounts can remain anonymous. However, the accounts themselves can be viewed by any internet user. On Wednesday, interested observers were able to follow live how the attackers ‘Bitcoin account filled with the victims’ money. By Thursday noon in German time, around 100,000 euros had been raised at the current exchange rate.
A massive Twitter hack for 100,000 euros in Bitcoin?
There is currently no clear evidence that the attacker (s) were making political or other goals other than making a little money. Not only because of the apparently very mundane background, the hack is a little reminiscent of the sensational publication of celebrity and politician data in Germany 2019. At that time it turned out that the attacker was a teenager who primarily wanted to attract attention with the hacks . For this reason, a tweet from French hacker Robert Baptiste, who wrote: “Dear hackers, got a lot of support on the occasion of the Twitter hack, next time you have access to Twitter’s God mode, please tweet something useful instead of Bitcoin fraud tweets Imagine what you could have achieved if you tweeted “Wear Masks” from famous accounts. “