On July 15th, Twitter was hacked. The way it happened showcased what industry professionals already know: Employees are every businesses weakest link. People are far easier to hack than machines. In that article, we also stated that it was likely an amateur hacker who perpetuated the attack because a lot more damage could have been done. Instead, the hacker simply requested Bitcoin after gaining access to high profile accounts like President Barack Obama, Joe Biden, Bill Gates, Apple and Elon Musk.
Turns out, we were right. The alleged mastermind behind this scheme is 17-year Graham Clark from Tampa, FL. According to The Verge, “Apparently, he wasn’t alone: shortly after the Tampa arrest was revealed … two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ. The FBI says that two individuals in total are in custody. An unidentified minor in California also admitted to federal agents that they’d helped Chaewon sell access to Twitter accounts.”
According to the affidavit, Clark received “approximately $117,000 during the commission of his scheme to defraud.”
How did he get in? He tricked an employee into thinking he worked as part of the Twitter IT team. He used social engineering to convince that employee that he was a co-worker and had the employee provide their credentials to access the customer service portal. Once he had those credentials, he was in. Once he was in, he gained control of VIP accounts and posted tweets stating that if people sent Bitcoin, they would be repaid double what they sent. Of course, no one was sent anything and he immediately moved the bitcoin to a separate account.
Clark is being charged as an adult on over 30 felony counts, including organized fraud, communications fraud, identity theft and hacking. Aside from the bitcoin scam, the hackers were able to access private direct messages of 36 Twitter users and may have downloaded even larger caches of data for seven other users. Twitter says that none of the 36 users who had messages accessed were verified users, so even though tweets were posted on those accounts, their private messages appear to be safe.
This is a prime example of why every employee in every company needs extensive cybersecurity training. They need to be able to recognize phishing schemes and social engineering attacks like this one. Had the employee who gave up his/her credentials asked more questions, this attack may never have gone any further. It shows just how easy people are to hack. A machine is not capable of just giving up that information, which is why hackers often target people. Once they gain entrance to the network, they can ravage the entire system very quickly if they know what they are doing.
Twitter is extremely lucky that this was an amateur attack. Had this been a nation state or some other professional attack group, the damage would have been far, far worse. Twitter could have been shut down for days, or longer. Their millions of users could have all been exposed, as opposed to less than 50. Servers could have been riddled with ransomware, malware, viruses, worms, you name it. Because this was an amateur attack, Twitter was able to isolate and handle it and stay in business. Had it been anything else, we could have lost Twitter forever.
Be proactive in your cybersecurity training. Twitter is a multi-billion dollar company, capable of handling this attack with ease. Your business may not be quite so capable, so make sure you do your due diligence. Be on alert, train your employees, have protections in place. And if you’re unsure how to do any of the above, hire an expert!