What is behind hacking accounts of famous and businessmen on Twitter?


London (BBC)

There are many unanswered questions yet about the hacking of personal accounts of many celebrities and business leaders on Twitter, but the one thing most people agree on is that it could have happened much worse.

Thousands of followers of some of the official accounts of some of the famous Twitter account – which was hacked – may have fallen victim to financial fraud after they were promised twice as much money as they would pay in Bitcoin.

Using Twitter’s internal systems, hackers’ messages could reach at least 350 million people.

It seems that the perpetrators of this hacking managed to earn about $ 110,000 (equivalent to 86,800 pounds) during the period of piracy on the site, which is just over one hour.

Huge reaction

This was an unprecedented attack that had an impact on privacy, confidence and safety factors.

However, experts believe that the pirates could have done much more damage.

Twitter is witnessing a huge interaction of users in the United States, Japan, Russia and the United Kingdom.

Good questions

Twitter is the platform on which most celebrities and influencers are chosen in the world, and their tweets on the site have implications for the financial markets and sometimes even lead to diplomatic problems.

With the US presidential elections approaching less than four months, there are valid questions that must be asked now about whether Twitter can be relied upon in the lead-up to the vote.

US President Donald Trump’s account has not been compromised in this latest hacking attack.

Favorite Tools

But many were watching whether Trump’s account would be hacked and spreading this tweet of fraud as well as with his Democratic opponent in the US election, Joe Biden.

“We already know that Russia is planning to intervene in the 2020 presidential election, just as it did in the 2016 election,” said Heather Williams, from King’s College University in London.

She added: “Manipulation through social media is one of their favorite tools, so this penetration shows how weak these platforms are and how vulnerable Americans are to being misled.”

“If something more is at stake, like the presidency, then this can lead to truly catastrophic consequences and undermine our democratic processes,” Williams said.

“The worst in history”

The security implications of this hack are also widespread, not only on Twitter, but on all social networks.

Initial estimates indicate that the hackers were able to access some of the administration’s privileges, which allowed them to bypass the passwords of any account they wanted.

It appears that Twitter confirmed this in a tweet saying: “We detected what we believe to be a coordinated social engineering attack by people who have successfully targeted some of our employees with access to internal systems and tools.”

The term “social engineering” behind it may bear one of several things.

Violation of instructions

This may include a targeted phishing process, a common tactic used by cyber criminals, as they work to monitor individuals who have the keys to the system they seek to breach and then target them with personal e-mails deceiving them to access details.

Or it may also mean that the perpetrators were able to persuade one or more employees to violate the instructions, through financial lure or any other means.

This will put great pressure on the company. “Twitter has paid off its reputation for this attack … It is a massive security breach for the company … and the worst in its history ever,” said William Dickson of the World Economic Forum.

He added, “More system flexibility will be required in the system, to be able to protect social media users all over the world.”

“Sensitive information”

Twitter did not directly answer journalists ’questions, but says it has taken“ important steps to limit access to internal systems ”while it is investigating.

The company said it was also looking into “what other pirate activities might have carried out by the pirates, or information that they might have accessed.”

Matthew Hodgson, executive director of the Element Messaging Service, had raised expectations that secret data might have been revealed in the attack.

“It is highly likely that in the short term it was possible to access direct private messages,” Hodgson said.

“Next time, collecting sensitive information can be a feed for a wave of blackmail or something much worse,” he added.

Facebook, Snapchat, Instagram, and YouTube did not respond to questions about their security arrangements.

“High risk accounts”

Alex Stamos, former chief security officer at Facebook, told BBC News that all companies that deal with consumers need a way in which they can help users recover their accounts that were compromised or otherwise blocked.

“The change that can be made here is that Twitter can limit this possibility for high-risk accounts to a much smaller number of users, or create tools that require a user to start the change process while requiring another person to agree to,” Stamos added. That change. ”

He continued, “It seems that this is what they did with President Trump’s account after an incident that occurred in 2017, and they will need to generalize these precautions.”

Loss of control

Speaking of something far beyond losing confidence, Twitter may now face legal ramifications as well.

The EU’s general data protection regulation says organizations like Twitter must show “appropriate” levels of safety for their users.

And if EU data protection officials conclude that Twitter has failed to take appropriate measures to protect European users, it is possible to impose fines on the company.

Early this year, Jack Dorsey, the company’s CEO, had lost control of his account for 20 minutes.

In 2010, Twitter reached a settlement with the Federal Trade Commission after allegations that pirates managed to obtain unauthorized administrative oversight, including the ability to send fake tweets from then-President-elect Barack Obama and the Fox News account.


Please enter your comment!
Please enter your name here