If you don’t already know, high profile Twitter accounts were hacked to give out messages that looked like this one which appeared to come from Joe Biden.
Here are some other accounts that were hacked.
After initially closing down all of these accounts, Twitter issued the following statement.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Interestingly, this hack occurred shortly after Twitter began its new direct messaging service. No evidence yet whether the two events are connected but it wouldn’t surprise me. Keep in mind that Twitter employees were recently told that they could work from home forever. It’s possible that this may have also contributed to the hack by making Twitter’s endpoints more vulnerable to attacks.
In any event, one of these endpoints, with administrative privileges, was compromised. Either they were manipulated by some sort of spearphishing attack, or they were actively working with the hackers. At this point, both are equally possible. We don’t know any details about the attack but the fact that all these hacked accounts sent out the same messages at roughly the same time means that it was well planned and leads one to suspect that either a nation-state or an organized hacking group was behind it . Hacking groups would only be interested in getting some quick money, but, if they had this sort of access, they could have done a lot more damage. They could, for example, have gathered all the account information they could get their hands on and sell it.
If a nation-state was behind this, they may have just wanted to ruin Twitter’s reputation. Maybe they held some sort of grudge. Maybe they collected other information during the hack which they hope to use later in more complex hacks. We’ll just have to wait and see.
The attackers made around $120,000 in Bitcoin, according to information from the hacker’s wallet.
In the end, we are once more made aware of the importance of first-rate endpoint protection which could have undermined such an attacks. I keep wondering if this is a lesson anyone will ever learn.