Twitter hack shows that the insider threat cannot be removed
Yesterday many high profile Twitter accounts were hacked as part of a coordinated attack to spread a cryptocurrency scam. This is a big embarrassment for Twitter that is now the official voice of many world leaders.
Users of the social media platform noticed that the verified accounts of political figures such as Joe Biden and leaders in technology such as Bill Gates had Tweeted a unusual message that included a bitcoin wallet address and a claim that the amount paid in to this wallet would be doubled and returned to the sender. Some of the messages stated that this was a generous act to give back to the community and others messages stated that the generous act was because of Covid-19. This message must appear very suspicious to most people but still the bitcoin wallet has received more than $120,000 USD since the hack.
Accounts that displayed these tweets included Barak Obama, Joe Biden, Elon Musk, Bill Gates, and companies such as Apple. For hours after the hacks, owners of other popular verified accounts reported that they were not able to tweet.
Similar tweets also appeared on cryptocurrency accounts such as @ripple and @bitcoin with a different bitcoin wallet address. Some of these tweets contained a link to a website that was quickly taken down.
Twitter has now confirmed that the attack involved one of its own employees who had access to the company’s internal systems. It is believed that this employee was not a victim of the attack but was paid to be part of the hack and used to gain access to an internal Twitter tool. Screenshots of this tool used in the attack were uploaded onto hacking forums and then shared on Twitter. Twitter is removing screenshots of the tool and suspending accounts that share the image and this suggests that there is truth in this theory.
The blockchain data shows that there was also some interesting payments being made to the advertised bitcoin wallet. One user sent many small payments to the wallet in order to send a message that suggested Bitcoin users to move to Monero to get better privacy and security!
This most recent hack is a reminder that even if you use a service that you trust with protection such as 2 factor authentication and strong encryption it is very difficult to remove the threat from inside. This is not the first time that social media platforms have been vulnerable to the insider threat with examples before in Facebook and MySpace. These big companies are vulnerable just like smaller companies or other types of business because they will have some employees that need access to the important internal tools and might take payment to abuse privileged access.