San Francisco (AFP)
Twitter has provided further details on the spectacular mid-July attack on celebrity and political figure accounts: Hackers targeted a handful of employees via a coordinated phishing attack by phone, to obtain their credentials.
"The attack consisted of a major and concerted attempt to deceive certain employees and exploit human loopholes to access our internal systems," the social network said in a statement Thursday evening.
On July 15, hackers attempted to break into 130 accounts, and 45 of them got there.
Among these hacked accounts were politicians like Democratic presidential candidate Joe Biden, former President Barack Obama and big bosses like Amazon founder Jeff Bezos, Tesla boss Elon Musk, and Bill Gates, the founder of Microsoft.
The "phone spear phishing" operation "significantly limited access to our tools and systems," said Twitter, which has been investigating and taking measures to strengthen its protections since.
The telephone scam method is reminiscent of "the hackers of the 1980s and 1990s - they were very good at scamming people into giving them their credentials," notes John Dickson of cybersecurity firm Denim Group.
The origin of the attack is not clear but there is no indication, according to him, that it comes from a foreign state or is supported by a government.
In this case, the hackers' goal seemed to make a quick buck, according to their modus operandi.
From the hacked accounts, they sent flirtatious messages urging subscribers to these accounts to send bitcoins, a cryptocurrency, supposedly in exchange for double the amount sent.
According to specialized sites which record bitcoin exchanges but do not allow the recipients to be traced, some 100,000 dollars have been sent in this way.
The FBI is investigating in parallel.
© 2020 AFP