UPDATED 23:02 EST / JULY 16 2020

SECURITY

Twitter blames social engineering for hack as a possible suspect is named

Further details came to light today concerning the hack of Twitter Inc. Wednesday in which scammers tweeted bitcoin scam messages across a large number of high-profile accounts — including a possible suspect behind the attack.

The path to the hack is still somewhat subject to conjecture, but one thing is clear: A Twitter employee was involved, directly or indirectly. Various reports claim that the Twitter employee was paid to give the hacker access to internal tools, whereas Twitter claims that a number of its employees were targeted in a social engineering attack.

The fact that Twitter’s internal tools allow employees to post tweets to the pages of account holders, including former U.S. President Barack Obama, has raised eyebrows, as have Twitter’s security measures. As Tae Kim at Bloomberg wrote, at the very least the hack has revealed Twitter’s engineering prowess and management practices are subpar. “The lackluster security is more ammunition for Twitter’s critics who have long questioned the company’s efficacy in using its engineering resources,” Kim wrote, adding that “the company spends an incredible amount in research and development annually — including nearly $700 million last year alone. Where does all the money go?”

Coupled to the seemingly poor security is that Twitter itself does not even currently have a chief information security officer. Reuters reported that the microblogging company had stepped up efforts to find a CISO in the last few weeks without success. According to LinkedIn, Twitter’s last CISO, Mike Convertino, left Twitter in December.

Just how bad Twitter’s security practices are may will come under the spotlight soon as U.S. lawmakers on both sides of politics called on Twitter Chief Executive Officer Jack Dorsey to provide briefings on the hack.

“While this scheme appears financially motivated… imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market or upset our international relations,” Senator Ed Markey said in a statement.

The U.S. Federal Bureau of Investigation has also launched an investigation. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident. As this investigation is ongoing, we will not be making further comment at this time.”

The hacker

Although there’s no official confirmation as to who was behind the attack, well-respected security researcher Brian Krebs claims that there are strong indications the attack was perpetrated by individuals traditionally specializing in hijacking social media accounts via SIM swapping.

While going through the lead-up to the attack, including discussion threads on hacking groups, Krebs points to a user who uses the name “PlugWalkJoe” online who according to his sources is a 21-year-old from Liverpool in the U.K. called Joseph James Connor who is currently living in Spain. Connor may not have acted alone, however, since he’s linked with a group of hackers known as ChucklingSquad. The same group is believed to have been behind the hack of Jack Dorsey’s Twitter account last year.

Whoever was behind the hack it turned out to be somewhat profitable, netting an estimated $121,000 in bitcoin payments. Accessing those payments is another matter: Payments on the bitcoin blockchain are fully traceable, meaning those behind the hack will have to go to severe measures to access the funds if they don’t want to be caught.

Although the hack has been halted for now, there are concerns that the attackers may be sitting on stolen credentials. “I think it would be highly likely that a number of credentials have been stolen by the attackers and we could see more accounts and sensitive information being leaked in the coming weeks,” Dan Panesar, director of U.K. and Ireland at security information and event management firm Securonix Inc., told SiliconANGLE. “The Twitter hack looks a classic case of insider threat. The insider’s behavior can be malicious, complacent or ignorant, which in turn amplifies the impact to the organization, resulting in monetary and reputational loss.”

Samantha Humphries, security strategist at security information and event management company Exabeam Inc., noted that almost all of the huge breaches we see in the news involve attackers leveraging stolen user credentials to gain access to sensitive data.

“Insiders with access to privileged information represent the greatest risk to a company’s security,” she said. “It’s a hard truth to accept that you can’t always trust your own employees – but even the best network defenses can easily be toppled from the inside. And this kind of threat can be much harder to detect. After all, an attacker with valid credentials looks just like a regular user, and this presents a significant problem for security teams.”

Image: Shawn Campbell/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.