How did Twitter Bitcoin hack happen?
In July, 2020, variations of tweets like “Send Bitcoin and get back your money doubled.” were posted on celebrity Twitter accounts of Elon Musk, Bill Gates, Kanye West, Former President Barack Obama, Democratic presidential candidate Joe Biden and several others. Apparently, it turned out to be one of the high-profile hacks in recent years, to be remembered as the Twitter Bitcoin Hack.
The mastermind behind the hack appears to be a 17 year-old, together with two other accomplices. According to the chat logs, Mr. Clark approached the two other hackers by claiming to have worked at Twitter and proving his claims by modifying the settings of their Twitter accounts.
- Graham Ivan Clark, aka “Kirk”, a 17 year-old, Tampa, Florida.
- Mason John Sheppard, aka “Chaewon”, a 19 year-old, United Kingdom.
- Nima Fazeli, aka “Rolex”, a 22 year-old, Orlando, Florida.
Graham Ivan Clark, from on or about the 3rd day of May, 2020, to on or about the 16th day of July, 2020, inclusive, in the County of Hillsborough and State of Florida, did willfully, knowingly, and without authorization access and cause to be accessed a computer, computer system, computer network, and electronic devices used by Twitter, Inc., with knowledge that such access is unauthorized and the manner of use exceeds authorization, for the purpose of devising and executing a schemer and artifice to defraud and obtain property. Contrary to the form of the statute in such cases made and provided, and against the peace and dignity of the State of Florida.
Allegedly, a co-worker in the technology department was convinced by the Mr. Clark to share his credentials to allow Mr. Clark to access the customer service portal. Such an attack is called a social engineering attack in the parlance of cyber security. By exploiting this access right, they could reset the passwords of some of the high-profile accounts. Through the hack, they broken into about 130 Twitter accounts and managed to tweet from 45 of those accounts before they were stopped. In addition to scamming users out of Bitcoin, the attackers are also charged with accessing the private direct messages of 36 Twitter users.
The hackers also posted ads on the OGUsers forum to hijack Twitter accounts and following these postings, multiple people are believed to bought unauthorized access to some Twitter accounts. In this respect, it is reported that the investigation is ongoing and there could be others to be arrested of getting involved in the hack.
Though they were clever enough to contemplate such an attack, they were not so apt in hiding their traces and identities, and these mistakes allowed the law enforcement to uncover their identities. Mr. Clark has been identified, partly, because of using his personal driver’s license to verify himself with the Finance and Coinbase cryptocurrency exchange accounts that got involved in receiving some of the scammed Bitcoin. Similarly, Mr. Fazili has been identified thorough the same email addresses he used to register both on the OGUsers forum and the Coinbase accounts, which had been verified with a photo of his driver’s license. Furthermore, Mr. Fazili used his home connection in the hacking scheme to access Coinbase and OGUsers accounts, leaving a trace of his home IP address in the connection logs.
What should we learn from it?
This recent Twitter hack should be taken seriously since it could have more drastic consequences. Though the hacking scheme used was clever, thanks to the hackers’ rash and ineptitude, the hack has not been exploited to its full potential. I can’t help but ask how bad consequences of the hack could have been? To name a few, what if the hacked accounts were not high profiles? What would it take to prove your innocence if you were one of the victims as an ordinary Twitter user? Would the authorities take similar swift actions to prove your innocence on the tweets made by the hackers? What would be the damage on your life until your innocence gets proven?
What are the lessons learned after this hack?
Firstly, the verified accounts feature of the Twitter helps to prove authenticity of an account but not the authenticity of the tweets or messages.
Secondly, this infamous hack showed us that the employees of the social media companies are more privileged than we thought to access and modify our accounts. These privileged employees could fall victims of social engineering attacks if they are not trained well enough. Besides, we simply assume the social media companies and their users have good intentions. But every cyber security professional is well aware that the most dangerous and capable attackers are malicious insiders.
In this respect, beware of upcoming malicious insider attacks on social media platforms. If this Twitter hack was not one of them.
People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.
Bruce Schneier
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?
