Cryptocurrency scammers attack Twitter in insider breach

Cryptocurrency scammers attack Twitter in insider breach

Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam

Alex Scroxton

  • Alex Scroxton,
    Security Editor

Published: 16 Jul 2020 9:45

High-profile Twitter accounts including those of tech billionaires Jeff Bezos, Bill Gates and Elon Musk, politicians Joe Biden and Barack Obama, rapper Kanye West and reality star Kim Kardashian are among many “blue tick” verified accounts hacked in a major breach of the social media platform’s systems, and hijacked to promote a cryptocurrency scam.

Messages posted to the compromised accounts promised people they’d receive double their money back if they paid into a Bitcoin wallet, which rapidly swelled to a total dollar value of over $100,000 as the scam entrapped its victims.

Although the malicious tweets were swiftly removed, Twitter took several hours to bring the situation under control, at one point suspending the ability of every verified account on its books to use the platform.

As of approximately 4am UK time on 16 July, Twitter appeared to have restored normal access to its service. In a series of tweets, a spokesperson said the accounts had likely been compromised through what is known as an insider breach.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” it said.

This appeared to confirm claims made by sources with alleged links to the hack, who said they had paid an insider at Twitter for access to an internal administration tool, as per Vice’s Motherboard.

Screenshots posted widely of this tool appear to show its legitimate use is to allow Twitter to take control of accounts, alter their details, and even suspend them, presumably as a moderation feature to combat abuse on the platform.

Malicious activity

Twitter said: “We know they used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
“Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
“We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
“This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do,” said the spokesperson.
“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues,” said Twitter.

The scam deployed by the hackers is a relatively commonplace one; cryptocurrencies such as Bitcoin are frequently used by cyber criminals at least in part because they use encryption to secure the transaction process, which is conducted through anonymous hash codes over a peer-to-peer network.
However, the breach does raise questions for Twitter over the wider security and public safety implications – particularly in light of US president Donald Trump’s use and abuse of the platform.
In an open letter to Twitter head Jack Dorsey, US senator Josh Hawley, a Republican who represents the state of Missouri in Washington DC, wrote: “I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself.
“As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
California congressman John Garamendi, a Democrat, expressed similar concerns, writing on Twitter: “I don’t have any Bitcoin to offer you but I do have grave concerns about what today’s hack of Twitter means for the safety of our elections and other critical infrastructure from hostile actors. Now more than ever we have to strengthen our nation’s cyber security.”

Content Continues Below

Read more on Hackers and cybercrime prevention

XL subscribe to our newsletter banner

Get the latest news and advice on COVID-19, direct from the experts in your inbox. Join hundreds of thousands who trust experts by subscribing to our newsletter.

Send your news and stories to us or and WhatsApp: +447747873668.

Before you go...

Democratic norms are being stress-tested all over the world, and the past few years have thrown up all kinds of questions we didn't know needed clarifying – how long is too long for a parliamentary prorogation? How far should politicians be allowed to intervene in court cases? To monitor these issues as closely as we have in the past we need your support, so please consider donating to The Climax News Room.