Twitter Hack Lessons: Employees Often Help Hackers Succeed.
There was huge hack of Twitter in Summer of 2020. with all kinds of surprises. Here’s what made it newsworthy: The mastermind of the attack was a 17-year-old from Florida. He didn’t act alone: He recruited for his attack 19- and 22-year old guys from overseas.
The leader of the Twitter hack managed to achieve an amazing feat., going as fart to steal a number of Twitter accounts from very high-profile people…and a company called Apple.
He got a lot of help along the way from others who weren’t part of team. That including employees at Twitter, who weren’t paying attention to what they were doing.
That same thing could happen to YOU at your place of work, or even at home. And maybe that’s the key takeaway from the Twitter hack. It is often ordinary people—just like you or your coworker—that are the weakest link in a company’s, or family’s security. Here’s a recap of the Twitter hack.
Hacker fun and games.
How can a 17-year-old “kid” be at the head of a hack that attracted the attention of the FBI and law authorities worldwide? Let’s just say it’s almost a game to thousands of others like him.
This breed of hackers are also online gamers who take their gaming serioulsy.
However, there is problem: They also engage in a lot of non-game “fun.”
Fact is, some gamers also like to steal passwords and hack into other gamers’ accounts.
Sometimes it’s harmless. Sometimes it gets serious.
The head of the Twitter hack was a skilled hacker and prankster. He probably spend hours and hours online, learning all types of devious tricks. Here’s what he managed to do in the Twitter hack:
Big name victims.
He managed to take over about 130 accounts, some of the accounts belonged to a some very famous people known worldwide.
- Bill Gates
- Elon Musk, Tesla CEO
- Joe Biden
- Kanye West
- Michael Bloomberg
The hacker’s scheme incorporated a secondary play—an illegal scheme, that netted around $120,000 in ill-gotten Bitcoin money. By taking over and controlling the accounts, the hacker “impersonated” the account holders. He wasn’t done. Next, he lured their followers in with promise of easy bitcoin profits. And in the end, he simply swindled them out of money.
The main culprit had all the characteristics of successful cybercrooks:
- He had a broad array of computer and computer-networking skills
- It gave insights into a hacker’s mentality
- The culprit no trouble doing a handful of illegal things
- He used tricks from a scammers bag of tricks to gain access
Hackers aren’t playing games.
The Twitter Hack looked like “kids stuff,” but it was a actually a serious crime.
It quickly shook the entire cybersecurity world because of the profile of the accounts that were taken over.
And yet, it could have been worse.
They hackers could have “bad actors” from other places or organizations. Worse yet, they could have spread some disastrous fake news, disrupted business or economies, or caused civil unrest.
Everyone knows it could have been much worse, and that’s frightening to many. As the Wall Street Journal reported, the cybercrooks could have done major damage with “access to such high-profile accounts.”
They got Twitter: Are you next?
Okay. Maybe you don’t own a business or work for a company as large as Twitter. And perhaps you don’t have clients as well-known as Jeff Bezos and Bill Gates. It doesn’t matter.
They could worm into they the network and steal money to start, and that’s just the start. Indeed, they could also have spread falsehoods, disrupt business, and stolen customers’ personal data. It was in their hands to do long-term damage.
The Twitter hack is a lesson for managers, bosses and IT department heads.
These are the tricks, scams and deceit the Twitter hacker used to pull off a major newsworthy hack on a social media platform. A hack of a business isn’t all about computers and servers and brilliant teams of hackers all working together.
It’s about hackers, a huge social media platform, and victims. It’s about people that hackers use, fool or recruit along their journey. In the end, they gain access to the network and reach their objective (whatever that may be.
How a hacker sneaks into a network.
Here are the elements of the Twitter hacker used that could turned against you or your employer.
Social engineering. The FBI and others weren’t sure if the hacker had someone on the inside, someone at Twitter, who helped him out. He probably didn’t… but then again, he didn’t need to. That’s because initial reports said he managed to get some the phone number of an employee or two and call them, pretending to be a Twitter employee. Here’s what Twitter said. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools… “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
Phishing. The prime hacking suspect also set up several fake phishing pages that he either used in contacting Twitter employees or employees of vendors that worked with Twitter. Supposedly he gained more information (using deception) that he used in his attack. The hacker asked for, and got, either access codes or other information that allowed him to change account passwords and gain access to Twitter accounts…and take them over!
Asking for, and getting, sensitive data. Gaining that highly sensitive and non-public information was the byproduct of calling employees and pretending to be their Twitter colleague. Had the employees been well trained (or if there were other protocol in place), the hacker would not have been give the information needed to access the network. With access to the highly confidential and restricted network tools and resources, the hacker was able to go deep into the network, where he wasn’t supposed to be.
“Gaining control of accounts.” Almost all Twitter employees have been working remotely since the pandemic first started, but Twitter says their security systems hadn’t been affected. That’s not good news. It means that they had a flaw in their process that allowed someone other than account holders (major account holders!) to access their own accounts for hours and hours. Twitter admits there is a problem with that, and realizes there are some serious gaps in their security processes.
Be prepared, and stay alert for hacks.
The Twitter hack story is shocking and alarming. All of us need to realize how easy it is to simple yet costly mistake at work or home.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
VoIP (Voice over Internet Protocol) exists to help people with their voice-based communication using the Internet –…[Read More]
A Ponzi scheme in investment fraud characterized by using money from new "investors" to pay off original...[Read More]
In today’s age of disinformation and fake news, conspiracy theories are running rampant. Some are small and…[Read More]
Your mobile phone…is it a life-changing invention or the end of all privacy? Our cell phones give…[Read More]
A recent study from Check Point Research revealed hackers can gain access to smart lightbulbs.[Read More]