Hackers target Twitter accounts of celeberties in Bitcoin scam

[ritchie58]

Here is a news article by NBC News reporter Kevin Collier how some celebrities and politicians had their Twitter accounts hacked today!

• Over a dozen high-profile Twitter accounts, including Apple, Amazon CEO Jeff Bezos, Microsoft founder Bill Gates, Democratic presidential candidate Joe Biden, and former president Barack Obama, were apparently hacked on Wednesday and posted tweets telling followers to send bitcoin to a specific address.
• One wallet linked to in the tweets had apparently received over 12 bitcoin, worth over $110,000 at the current exchange rate.
• Twitter is looking into the issue. 

Over a dozen high-profile Twitter accounts, including Apple, Amazon CEO Jeff Bezos, Microsoft founder Bill Gates, Democratic presidential candidate Joe Biden, and former president Barack Obama, were apparently hacked on Wednesday and posted tweets telling followers to send bitcoin to a specific address.

Tesla CEO Elon Musk was first high-profile account to be hacked, posting a tweet early Wednesday afternoon promising to double any payments sent to the bitcoin address.

Twitter's stock dropped over 2% in extended trading. "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly," the company said in a tweet. 

The Musk tweet was deleted minutes after it was sent, before a second tweet asking for bitcoin was posted from the same account and deleted again. In total, Musk's account sent at least three bitcoin tweets from a Twitter web account and one reply to Bill Gates. The bitcoin-related tweet was Apple's first ever tweet, although the account had placed ads in the past. 

Other accounts hacked included former New York City mayor Mike Bloomberg, musicians Kanye West and Wiz Khalifa, Berkshire Hathaway chairman Warren Buffett, reality TV star Kim Kardashian, the Cash App corporate account, and Uber's corporate account. 

Rachel Tobac, the CEO of cybersecurity firm SocialProof Security, told NBC News that the attack was likely the largest Twitter had ever seen. "I'm surprised twitter hasn't gone completely dark to prevent misinformation campaigns and political upheaval," she said. "We are lucky the attackers are going after bitcoin (money motivated) and not motivated by chaos and destruction."

Teresa Payton, former White House Chief Information Officer and CEO of Fortalice Solutions, said that she expects Twitter to provide a full report detailing how and why these accounts were hacked. She also warned that information, such as direct messages, may have been stolen from the affected accounts and could be released or used in the future.

"They're going to need to apologize to the VIPs and to the individuals who were defrauded and fell for the scam," Payton told CNBC. "The next thing they're going to need to do is to conduct a thorough and transparent investigation, and they're going to need to share what they can about who the attackers were and how they pulled this off."

Kelley Robinson, a security advocate for Authy, a company that provides two-factor authentication, told NBC News that the scale of the attack indicated the hackers had gotten administrative access at Twitter itself. "It's really unlikely that Bezos, Musk, and especially Biden all had credentials compromised," she said over Twitter Direct Message.

Mel Shakir, a Managing Director at DreamIt Ventures and a veteran of the IT security industry, said that high-profile users like those attacked on Wednesday should be using as many security options as possible, including biometric authentication like fingerprints, or using hardware keys instead of text messages for two-factor authentication. "Passwords are inherently insecure. But Twitter has provided all the security options that are available," Shakir said. 

Earlier on Wednesday, several cryptocurrency accounts simultaneously linked to a phishing site called CryptoForHealth. Cameron Winklevoss, cofounder of Gemini, a cryptocurrency market, said in a tweet: "ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED." In the past, one popular cryptocurrency scam on Twitter involved attackers changing their display name and avatar to match Elon Musk, then they would reply to his tweets pretending to be him asking for bitcoin. But on Wednesday, the accounts tweeting about bitcoin were real. 

All hacked accounts on Wednesday were verified. The tweets on Wednesday appeared to have been sent through a web browser accessing Twitter.com, not an app or third-party software. Around 3:15 PT, Twitter blocked all verified accounts from tweeting in an attempt to regain control.

[ritchie58]

Here's additional information regarding the Twitter hacker breach.

By Kevin Collier and Jason Abbruzzese. NBC News corespondents.

Cyber-security professionals broadly agree on a central problem: Computers and code have clear fixes, but humans don't.

Twitter provided perhaps the highest-profile example of this challenge when its security was breached Wednesday, allowing for scam-filled messages to be sent from some of the most followed people on the platform, including Joe Biden, Barack Obama, Jeff Bezos, Kanye West and Elon Musk.

Specifics of how the attack happened are still unconfirmed, but Twitter announced Wednesday night that it suspected "a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

Put more simply, Twitter didn't break. An employee did. Or more than one.

"Humans and their behaviour continue to be the biggest threat for organizations," said Mikko Hyppönen, the chief research officer at the Finnish cybersecurity company F-Secure.

"Security holes come and go. Sometimes there's something urgent happening but once you patch and update, you're good to go," he said by text message. "The human weaknesses are there always. Every day. Forever."

Twitter worked to contain the damage, but it took several hours, including a period in which it prevented most verified users from posting new tweets. (Verified users, known for their check marks, tend to be prominent figures in politics, the media, business and culture.) During that time, scam tweets were sent from dozens of major accounts, as well as hundreds of unverified accounts. The hackers quickly received hundreds of transfers worth over $115,000.

Giovanna Falbo, a spokesperson for Twitter, declined to comment beyond the company's tweets. But the company indicated to Vice's Motherboard, a tech-focused publication, that whoever was behind the breach had gotten someone inside Twitter to provide the access willingly. Motherboard reported that people who claimed responsibility for the attack had worked with someone at Twitter and that one person said the Twitter employee was paid for the access.

It's more common for employees to be unaware of the roles they play in data breaches. The most common hacking efforts center on tricking employees into giving up login information, a process known as phishing.

But other major hacks have involved company insiders' using their access. An "insider threat" was alleged to have been responsible for the 2019 Capital One security breach, in which former Amazon engineer Paige Thompson was accused of leveraging her knowledge of the platform to gain access to Capital One servers on Amazon Web Services.

The problem of company insiders' opening the door to hackers has also become a national security issue at the heart of international espionage schemes. Twitter has also faced this problem. In November, the Justice Department charged two former Twitter employees with providing user data to Saudi Arabia. And in 2017, a Twitter employee briefly shut down President Donald Trump's account.

How to stop these kinds of security breaches has become the subject of growing efforts within the cybersecurity world. Which employees have access to what systems is closely watched, and security software can look out for employees who are doing things out of the ordinary.

Companies are also working to figure out how to make sure employees don't have more access than they need. Marcin Kleczynski, CEO of Malwarebytes, said Twitter will inevitably review the internal systems used in the breaches, pointing in particular to a tool for resetting account passwords that has been the focus of speculation by some cybersecurity experts.

"Twitter will be eager to make sure this never happens again, so it'll be interesting to see what focus they put on this admin tool and what access folks at Twitter will have going forward," he said.

Targeting people who may be willing to turn on their employers isn't a new tactic. For decades, the U.S. defense industry has been the target of widespread espionage efforts to steal sensitive information about weapons systems by pressuring company employees, often with lures of money or threats to reveal sensitive personal information.

While there are no signs that Twitter's breach was part of an espionage effort — such work usually doesn't try to attract international attention — other factors can push people to accept monetary offers.

Michael Hamilton, the former chief information security officer for the city of Seattle, said that during the recession that followed the financial crisis, employees were more likely to entertain offers from hackers.

"When the macroeconomics get to be real bad ... people have a higher tendency to go to the dark side," he said.

Hamilton said the current economic downturn has almost certainly triggered more activity from hackers looking for opportunities to persuade employees to take risks.

"The offers for people are probably coming with intensity right now, because the audience is receptive, and again this whole COVID-caused dropout of the economy creates the opportunity for this kind of insider malfeasance," he said.