The Twitter Hack Fiasco: Compromised Internal Tool, Paid Insiders, Direct Message Fears – Bitcoin News

On Wednesday, a large number of Twitter accounts were compromised and the hackers used the accounts to tweet about a bitcoin doubling scam. According to multiple reports, a Twitter employee was paid to give the hackers an internal tool that let them leverage high-profile social media accounts.

It was a crazy day in the world of cryptocurrencies, as a massive number of high-profile people and organizations like Bill Gates, Apple, Uber, Barack Obama, Elon Musk, Jeff Bezos, Joe Biden, and many others had their Twitter accounts hijacked. After the incident, a number of armchair sleuths and investigative journalists uncovered a wealth of information about the Twitter issue.

The popular columnist Joseph Cox detailed that he obtained leaked screenshots of an internal tool that was used by the hackers. According to the report, Cox says that one of his anonymous sources revealed that the culprits paid [a] Twitter insider. He also mentioned that Twitter was still investigating whether or not the employee leveraged the tool or merely allowed others to use it.

On Twitter, the Block Crypto analyst Larry Cermaks recent Twitter thread gives a comprehensive look at the incident as well. Cermak says that it all started at 2:16 PM ET with a known crypto account @Angelobtc asking for payment to join a fake telegram paid group.

The takeaway is that the hacker started with large crypto accounts and stuck to only a few formats and addresses, Cermak continued. The hacker then moved to non-crypto celebrities two hours after the first hack. They only used three BTC addresses. What I will say is that its totally unacceptable that it took Twitter to act as long as it did. At 4:17 PM ET it was absolutely clear to anyone that was paying attention that Twitter is compromised. It took Twitter 2 hours (at 6:05 PM ET) to start acting.

Another finding stemming from Joseph Cox explains that U.S. Senator Ron Wyden complained to Twitter about using end-to-encryption (e2e) for direct messages two years ago, and the firm never acted upon the idea.

In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitters CEO Jack Dorsey, Wyden tweeted. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. The Senator continued:

Its been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the companys systems, and hackers who gain unauthorized access.

Many people are concerned about the direct message access, as any person who was hacked in the incident may have had their chat logs scraped. The organization Fight for the Future tweeted a petition to the masses in order to convince Twitter CEO Jack Dorsey to protect an accounts direct messages. Its long past time for Twitter to implement default end-to-end encryption on direct messages, the group said. The Electronic Frontier Foundation (EFF) director of cybersecurity, Eva Galperin, also told the public in a tweet that the EFF was also begging Twitter to implement e2e.

Twitter wouldnt have to worry about the possibility that the attacker read, exfiltrated, or altered DMs right now if they had implemented e2e for DMs like EFF has been asking them to for years, Galperin tweeted after the event.

In addition to the famous people and organizations that saw Twitter accounts compromised, the crypto community has been abuzz with the conversation. The blockchain intelligence researchers, Whitestream, believe that some of the bitcoin addresses used during the Twitter incident sent funds to known Bitpay and Coinbase addresses. Twitter also responded to the hacking incident and noted that it was aware of the coordination with an insider. Twitter said:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. Were looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

By the end of the day, armchair sleuths noticed that the hackers raked in more than $114,000 worth of BTC and sent out more than half of the funds to external wallets. Moreover, the accounts that were hacked had an aggregate total of close to 140 million Twitter followers.

Speaking about the subject in an email sent to news.Bitcoin.com Danny Scott, CEO at Coincorner, commented on the Twitter hack fiasco.

Its also highly unlikely the hacker did this for monetary gain, Scott said. Contrary to what many people still believe, bitcoin isnt anonymous and all eyes around the world will now be on these bitcoin addresses, and can track where it moves via Bitcoins public blockchain. Scott concluded by adding:

Its a shame that people are now associating Bitcoin with this Twitter hack as Bitcoin itself has never been hacked and wasnt the problem in this scenario. The problem was a centralised service (Twitter) which I feel helps emphasize the benefits of Bitcoins decentralised nature and how an attack like this could not occur on Bitcoin.

What do you think about the massive Twitter breach and the findings after the incident? Let us know what you think about this subject in the comments section below.

Image Credits: Shutterstock, Pixabay, Wiki Commons, Twitter,

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

More here:

The Twitter Hack Fiasco: Compromised Internal Tool, Paid Insiders, Direct Message Fears - Bitcoin News

Related Posts

Comments are closed.