Twitter suffered one of the biggest cyberattacks in its history. The objectives? Take control of accounts of such relevant personalities as Barack Obama, Joe Biden, Bill Gates, Elon Musk and Kanye West, or companies such as Apple and Uber.
The hackers were able to access the accounts and post whatever they wanted. And the most incredible of all? They did it with the help (albeit indirect) of Twitter's own employees. The goal was to raise thousands of euros in cryptocurrencies in the shortest time possible. And they did.
The hackers' trick
Hackers used an old scheme, often seen on social media, to dishonestly get easy money in no time. What does it consist of? Well, the person simply says that they send double the money to whoever sends a sum of money first. Too good to be true? That's because it is.
What made this scheme popular on the Internet was the possibility of being done with cryptocurrencies. This technology allows fast, secure and undetectable transfers, which is ideal for those who do not want to be discovered. As you can see in the image below, this is exactly what the hackers did… but with the accounts of famous personalities.
The chosen cryptocurrency was the most valuable in that market. Many people want to learn how to invest in Bitcoin. Others prefer the easy way, and that is what the pirates took advantage of. Using the accounts of these famous personalities, they asked for the cryptocurrency with the promise of sending double. But of course the latter never happened.
The truth is that if you see an unknown scam making this offer, you will doubt it much more than if you were the former president of the United States, right? So, of course, a lot of people fell in love with the vicar's story. It is that Barack Obama was just one of several elected personalities.
Managed hackers to access 130 accounts
As in Barack Obama's message, using the other affected accounts the pirates wrote: “Everyone is asking that we give to the community, and the time has come. I will be doubling all payments sent to my BTC address in the next 30 minutes. If I send a thousand dollars, I send two thousand dollars ”.
Hackers made more than $ 120.000 in just a few minutes with this scheme. The equivalent of 20 Bitcoins. Regardless, they admitted that they hoped to get more money from this scam.
To fix the problem in the short term, Twitter even suspended the accounts in question to prevent more people from being affected. The CEO of the company, Jack Dorsey, immediately said that he would launch an internal investigation, in parallel with the initiatives of the FBI, to find out what had happened. But he certainly wouldn't be expecting what he discovered.
Pirates managed to manipulate the Twitter team
The pirates, one 19-year-old and other twenty-somethings, had the help of employees of the social network, who managed to manipulate them successfully. In a statement, the social network writes: "We are ashamed, disappointed and, above all, we apologize."
Twitter further adds: "Attackers have successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including two-factor protection," the statement said.
It was thanks to the manipulation of the computers of the social network itself that those responsible for the attack even managed to overcome the 2-factor authentication of the affected accounts. What's more serious is that hackers were even able to access private data, such as exchanged messages, on 8 of these accounts, which constitutes a serious security breach and can have damaging legal consequences for the company.
The problem takes on a worrying form because in addition to Barack Obama, who may have secret information because he is the former president of the United States, Joe Biden, the current Democratic candidate, has also been invaded. All this reinforces the danger that the manipulation of social networks can have, at a time when the next elections in the United States are approaching.
Several politicians have even asked the social network for additional explanations to understand what information may be at stake, being certain that the damage to Twitter's reputation will certainly not be free.
The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.