A Perfectly Planned Attack
The incident, which gained limelight after a tweet from Bill Gates’s account, where it read “Everyone is asking me to give back. You send $1,000, I send you back $2,000. Only going on for 30 minutes. Enjoy.”, followed by a Bitcoin address to receive funds. Similar tweets were posted from Elon Musk, Apple, Uber, Barack Obama, Kanye West, Kim Kardashian, Joe Biden’s accounts also – all at the same time! This gave followers no chance to verify the truth since weak people are already racing for fake returns before the said 30-minute countdown. And after Twitter coming into play, it removed all those fake tweets and locked concerned accounts for a while (even now) to contain further disruption. And in a series of tweets, it explained that some of its employees were targeted with a coordinated social engineering attack, to enter the internal network of Twitter and breach those accounts! Though there’s no in-depth explanation is given yet, basic social engineering tricks include phishing emails, where the adversary impersonates a reputed personality or institution to lure the victim in giving funds or sensitive data. Hackers here must have played a similar trick to gain credentials of the internal network, and launch a fake campaign as planned. So far, reports tell that hackers here have already received over $100,000 to their Bitcoin address!
Just be Cautious!
Hackers had a lot of room to disrupt further but limited to just robbing. If the campaign was a little more sophisticated, it would have lured more victims in and probably stay for a longer time without any suspicion. Yet, there are lessons to learn from this Twitter hack. One, to be skeptical about everything, especially if you’re dealing with cryptocurrencies. One of the primary rules that the crypto realm teaches us is to be cautious about transactions. Since they’re irreversible, make sure you’re sending to legitimate addresses and most importantly, to known and verified people. Further, this incident was described by Jack Dorsey as a “tough day for us“, though it’s because of social engineering tricks rather than the platform’s weak integrity. And this campaign happening at the time when elections are approaching is more concerning. People started accepting that Cambridge Analytica-like social engineering attacks could happen again, thus to remain cautious about everything. Moreover, using an extra layer of security like 2FA is highly recommended to safeguard your online accounts. This type of authentication could contain account compromises even if a hacker acquires login credentials someway.