Twitter Says “Human Error” And “Spear-Phishing Attack” Responsible For Massive Bitcoin Hack
Tyler Durden
Fri, 07/31/2020 – 14:53
Twitter suffered from a major hack about two weeks ago and has now said that its staff was tricked by “spear-phishing”, which is a targeted attack to trick people into simply handing out their passwords.
Twitter staff were targeted through their phones, according to a new report from the BBC. The attacks then allowed hackers the ability to Tweet from celebrity Twitter accounts. Twitter has said it was “taking a hard look” at how it could improve its permissions and processes.
“The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter wrote on Wednesday.
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
— Twitter Support (@TwitterSupport) July 31, 2020
Twitter also said the direct messages of 36 accounts were accessed.
Recall, just days ago we reported that Twitter has had trouble controlling the number of its employees with the ability to reset user accounts. In fact, Jack Dorsey and Twitter’s board were warned about the growing problem “multiple times since 2015”, according to four former Twitter security employees and “a half dozen” other people close to the company.
The problem is so well known that contractors reportedly made a game out of creating bogus help-desk inquiries in 2017 and 2018 so they could open up celebrity accounts – giving them access to personal data and IP addresses. In other words, Twitter is stalking its users…
Recall, we reported about two weeks ago that Twitter had said 130 accounts were compromised during the hack. We also noted that the FBI had launched an official inquiry into the massive security breach, according to Reuters.
The FBI said two weeks ago: “We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud.”
Twitter had initially commented that there was “no evidence that attackers accessed the passwords of its users”.
The massive hack allegedly originated from a Twitter employee with access to the company’s user management panel. The hack affected hundreds of billionaires and politicians, including Barack Obama, Joe Biden, Bill Gates, Kanye West, Elon Musk, Wiz Khalifa, Apple, Uber, Jeff Bezos and Benjamin Netanyahu.
Tweets urged people to send money to a Bitcoin address; over $113,000 was sent.
For the full details on the hack, you can read our report on it here. In addition to the hack, a subplot emerged when we reported that sources “close to or inside” the underground hacking community leaked a screenshot of what is allegedly an internal software panel used by Twitter to interact with user accounts.
The tool was said to be used to help change ownership of popular accounts and, in the case of the hack, was said to play a role in usurping the high profile accounts involved. Screenshots of the supposed internal software are being aggressively pursued and deleted from Twitter by Twitter itself, with the company claiming that they violate the platform’s rules.
Of particular interest are the buttons labeled “SEARCH BLACKLIST” and “TRENDS BLACKLIST”.
We asked earlier this month: Could these be tools actively used by Twitter to censor what Tweets and topics appear during searches and on its trends page?
Go to Source
Author: Tyler Durden
Sign up for the daily Inside Washington email for exclusive US coverage and analysis sent to your inbox
Get our free Inside Washington email
For a brief moment, the world’s most powerful man lost his social media megaphone.
Twitter admitted that it accidently deactivated President Donald Trump’s personal account thanks to a “human error”. It went back online after an uncertain 11 minutes in which Americans wondered if a fixture of their recent civic life — a steady stream of presidential tweets — was no more.
It was not to be so. The account was swiftly restored, and the social media company said that Mr Trump’s @realdonaldtrump account was “inadvertently deactivated” due to human error by a Twitter Inc employee around 7pm ET (11.30pm GMT).
“Earlier today @realdonaldtrump’s account was inadvertently deactivated due to human error by a Twitter employee,” the company said in a tweet.
“We are continuing to investigate and are taking steps to prevent this from happening again,” it added.
The official @POTUS account — which mostly includes retweets from the @realDonaldTrump account — was unaffected.
The personal account is Mr Trump’s main tools for communicating with the American people — for better or worse. He uses it to issue policy announcements — at times catching officials in his administration off guard, as when he unveiled a ban on transgender Americans serving in the military — attack those he perceives as enemies, and confront members of his own administration that displease him.
However, for a time on Thursday evening, all visitors to the account were left with was a «Sorry, that page does not exist!» message — setting off a frenzy of 140-character speculation.
Donald Trump’s least presidential moments so far…
Show all 30
Mr Trump joined the service in March 2009 and has sent more than 36,000 tweets in that time. He now has a following of more than 41m.
The President has regularly courted controversy on the platform — most recently on Thursday by reiterating his view that the terror suspect in custody over the New York truck attack should get the death penalty.
A legal expert warned that the tweet could backfire, making it more difficult to win the sentence Mr Trump advocated. Other tweets have stirred similar concerns that the President’s itchy Twitter finger may undercut his goals, as when he blasted his own Department of Justice’s revised travel ban or contradicted his stated rationale for firing former FBI director James Comey.
His other recent tweets included congratulating the baseball World Series champions Houston Astros, and calling on Congress to “TERMINATE” the diversity visa lottery programme, as well as announcing the nomination of Jerome Powell as the next Chairman of the Federal Reserve.
Mr Trump was also soon back to taking on a familiar subject, Hillary Clinton — whom he again called “crooked”.
It was if he had never been away, although some pointed out they would always remember those minutes of nothing.
Twitter recently revised its rules for responding to sexual harassment or violence on its platform, reflecting concerns that the social media site has been slow to respond to abuse. It has also rolled out new transparency rules around political advertising, a change that came amid intensifying political pressure as lawmakers dig into how Russian operatives deployed bots and trolls to try and influence the 2016 election.
Over the holiday weekend, The New York Times found that one of its Twitter accounts had been locked. @nytimesworld was frozen for a full 24 hours over an innocuous tweet about a story in which Canadian Prime Minister Justin Trudeau apologized for the country’s treatment of indigenous school children.
Twitter restored the account Sunday afternoon, apologizing to The Times “for any inconvenience this may have caused.” The service blamed the temporary freeze on human error, but didn’t offer much more by way of explanation. “After reviewing the account, it appears that one of our agents made an error,” Twitter told The Times. “We have flagged this issue so that similar mistakes are not made going forward.”
It’s true that mistakes do happen, but this is yet another high-profile bumble for Twitter in a year that’s been filled with them. Last month, the service issued a new set of rules, focused on “unwanted sexual advances, non-consensual nudity, hate symbols, violent groups, and tweets that glorifies violence.”
The stricter set of guidelines came in the wake of bad publicity for temporarily blocking Rose McGowan from the site, after the actress publicly called out Harvey Weinstein. Twitter later reinstated McGowan’s account, citing her “inclusion of a private phone number.”
Earlier this month, the service promised a rethink of its verification process after giving a blue checkmark to white nationalist Jason Kessler. CEO Jack Dorsey took to the platform to note that the company’s verification system “is broken and needs to be reconsidered.”
This latest self-described human error also comes as the paper finds itself a focal point in President’s Trump’s war on so-called “fake news,” repeatedly calling out “the failing New York Times” by name on Twitter. This morning, the President posted a rambling tweet suggesting a “fake news trophy” for America’s network news.
Trump’s own account was temporarily missing from the service for 11 minutes earlier this month, an act Twitter blamed on the actions of a rogue employee.