Attack on Twitter: failure, hacking or bribery?

• Technology - Mass hacking of Twitter accounts for Apple, Uber, Elon Musk, Joe Biden, Bill Gates and other personalities in a scam attempt

The massive attack Twitter suffered recently still has consequences. For now, verified accounts, the main target of scammers due to their greater reach and reputation, have been deactivated. The social network has not yet explained how it occurred, although it has made its suspicions public.

What is clear is that it was not a normal attack, much less a casual one: initially accounts related to the world of cryptocurrencies were chosen and later it became famous ( Barack Obama, Joe Biden, Elon Musk or Kanye West , among others) and companies ( Apple or Uber ).

At first it was directed to the page of a project that supposedly combined this virtual money with the health sector and later they directly offered to double the bitcoins that anyone sent to their account. The problem, of course, is that this amount was never going to arrive and in this case the transaction is much more complicated to track and cancel than if it were, for example, a normal bank transfer.

According to the investigation - still underway - on Twitter, everything points to a "coordinated social engineering attack" directed at people who work at the company "with access to internal tools and systems." With these they could have controlled the account of personalities such as Bill Gates to publish the message that promised bitduros for four pesetas.

Twitter response

"We know that they used this access to take control of many highly visible accounts (including some verified ones) and tweet," the firm explains in another message. This, in addition, could have allowed them to access confidential information such as private messages and, in fact, if they had not published the tweets with the scam, the attack could never have been known.

Twitter's response was to temporarily block affected accounts, delete their fraudulent messages, and limit access and functionality to all verified accounts (over 350,000), regardless of whether they suspected they had been attacked. They will regain control of the account soon, but at the moment upon entering they will see a message explaining that their account has been disconnected from all the devices they were logged in on and to use it again it will be necessary to change the password (currently not always it is possible to complete the process).

From the beginning, however, another possibility was rumored: that access to the internal Twitter tool was not achieved with an attack, but with a wallet full of bills. Motherboard claims to have obtained screenshots and statements from hackers that prove this theory. Furthermore, according to its sources, the attack would also have been used to change the 'ownership' of coveted accounts, such as those whose username is only a letter. By changing the password and email, their owners would not be able to retrieve them without Twitter intervention.

The company blocked all accounts that were compromised and will not return its control until it can safely do so. They have also limited access to their systems and tools for the duration of the investigation.

Could it have been avoided?

Although in the first moments there were doubts, it seems quite evident that the attack skipped the security measures provided by the social network by directly attacking it. That is, as much as the affected people had activated the verification in two steps and had strong passwords (something that, given their profiles, is more than likely), they could not do anything.

So could it have been avoided? Preparing for such an attack is very difficult, since it does not depend on the security structure of the platform, but on the people who work on it. As demonstrated by computer attacks such as the one at the Torrejón hospital at the beginning of the year, sometimes it is enough to trick an employee into opening a link, file or malicious device at his workplace. In this sense, it is best to always be suspicious of unknown senders.

Regardless of which key was used to open the door, the house has been smashed. The attack is, without a doubt, the most important that Twitter has suffered and possibly the worst that a social network has faced.

To this we must add that the company's response was not the fastest, possibly because it was slow to suspect that its own tools were the cause. He reported a problem, but it took hours to take more drastic action and he just deleted the messages. Thus, Elon Musk's account was able to tweet up to three times without Twitter getting behind the wheel.

In addition, the profiles attacked were very relevant ( Joe Biden , let's not forget, he is a candidate for the US elections and was vice-president of a Barack Obama who was also affected). Donald Trump's account was not hijacked, but had he been, he could have tweeted a declaration of war in the same way that Jeff Bezos 'gifted' bitcoins.

According to the criteria of The Trust Project

• Twitter

TechTwitch bans Donald Trump for posting hateful content

InvestigationFetuses, spiders and pornography against Ina, the journalist "crushed" for criticizing the CEO of Ebay

TechnologyWhy the boycott of Facebook doesn't work

See links of interest

• Last News
• TV programming
• English translator
• Work calendar
• Daily horoscope
• Santander League Ranking
• League calendar
• TV Movies
• Themes
• Twitter hack