The Twitter social network has experienced coordinated hacking of corporate and personal accounts of an unprecedented scale. A social engineering attack may have allowed hackers to gain remote access to the microblogging glove’s tweet management system.
The Twitter planet has trembled. During the night of Wednesday to Thursday, the American social network had to face a massive hacking of user accounts with the aim of extorting funds. This large-scale usurpation started around 9 p.m. (French time) with first a multiplication of tweets from companies and personalities specializing in bitcoin (Kucoin, Bitfinex, Coindesk, Coinbase, TRON Foundation, Charlie Lee, Justin Sun …) relaying having concluded a partnership with CryptoForHealth within the framework of a bitcoin transfer operation: “We are partners of CryptoForHealth and we give 5000 BTC to the community. More information here: cryptoforhealth.com ”. The site in question was in fact controlled by cyber hackers for the sole purpose of making a bitcoin giveway scam, promising “investors” to recover their initial bet twice.
Bitcoin giveway attacks are common on the Internet but can be effective, as in this case: “Cybercriminals ask users to send between 0.1 BTC and 20 BTC to a designated Bitcoin address and to double the victims’ money. This is a common scam that has been going on for a few years now, where scammers are usurping the identities of notable cryptocurrency figures or accounts. What makes this incident particularly noteworthy, however, is that the fraudsters managed to compromise the official and recognized Twitter accounts to launch their scams. Since the tweets come from these certified accounts, the chances of users trusting the CryptoForHealth website, or the so-called Bitcoin address, are even greater, “said Satnam Naranq, senior research engineer at Tenable.
Hacking Twitter accounts of unprecedented scale
Alerted by the owners of the hijacked accounts, Twitter began to put out the fire before the pirates began a new act of their plan by this time hijacking the accounts of dozens of entrepreneurs, politicians, artists and personalities from all walks of life in order to try extort a large volume of funds as quickly as possible. Among the victims: Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, Kim Kardashian, Barack Obama, Joe Biden, George W. Bush, Mike Bloomberg, Benjamin Netanyahu, Warren Buffett … The message relayed by the pirates, including a link to a booby trapped website was: “I give back to the community. All Bitcoin sent to the address below will be returned to you twice! If you send $ 1,000, I will give you back $ 2,000. It is only valid for 30 minutes ”. This massive hacking of accounts, unprecedented in the history of Twitter, allowed a group of cyber criminals to recover for more than 100,000 dollars in funds in the space of a few hours.
Regarding the origin and the means of action used to reach their end, Twitter indicated via its support account: “We have detected what we think is a social engineering attack coordinated by people who have managed to target certain of our employees with access to internal systems and tools […] Internally, we have taken significant steps to limit access to internal systems and tools while our investigation continues. More updates to come as our investigation continues. ” The hypothesis of internal complicity is not ruled out.
Exploitation of human gullibility
“Humans remain the primary target of threat actors, even in scenarios in which a system is also potentially compromised. The social engineering of this scam shows that the authors first targeted Twitter employees with access to internal tools, then counted on the trust placed in verified accounts as well as on the attractiveness of doubling its bet. Beyond that, the implementation of a time limit and a simple solution for payment added to the credibility of the attack. Malicious actors fully understand human nature and are constantly on the lookout for opportunities to take advantage of our society’s trust in social networks and digital technology, ”explained Loïc Guezo, director of cybersecurity strategy EMEA at Proofpoint.