Examining the Twitter hack and cybersecurity failure

By now you’ve probably heard all about the Twitter hack from last week, when cyber criminals gained access to 130 Twitter accounts, including prominent names like Barack Obama and Bill Gates, and used them to run a Bitcoin scam.   Social engineering is the given explanation in this case.  Several employees with administrative access to internal systems were targeted in the scheme, which allowed the perpetrators to hijack the accounts.

Whether or not remote working played a role in this incident is still unknown, but it would hardly be shocking.  Everyone made the transition so quickly after COVID-19 hit.  Even a platform like Twitter could be in a weaker position as people’s attention might not be as focused as it normally is, even though it doesn’t appear their cybersecurity policies were slackened.  There remain all kinds of new complications from not being at the office, however.  Perhaps people are distracted by excess noise in the area.  Maybe they’ve been helping their kids with their school work.  Maybe those kids or other family members are sharing the very machine from which an employee is now working, if they’re not back in the office.

The Twitter employees who were targeted in the social engineering may have been dealing with such a scenario or other, assuming a lack of ill intention.  At the same time, they clearly retained privileged access to internal systems and data they perhaps they should not have.  A new Bloomberg report, in fact, reveals that 1,500 employees have broad access to internal account management, which includes email addresses and phone numbers for millions of people.  Some contractors have been caught spying on celebrity accounts, and who knows how many others there are?

Either way, what this this looks like is another case of insiders being the weak link in the chain.  Any company that expands beyond its original offices will meet greater security challenges as work is decentralized, especially if third-party partners are introduced.  A massive entity like Twitter can still encounter similar challenges when something like remote working takes sudden effect.  The company has indeed said it is considering a portion of its employees working remotely “forever,” essentially.

If that is to be the case, they will have to take measures to ensure something like this can’t so easily happen again.  Because easy it was, and once the employees were compromised, the fraudulent Bitcoin requests began.  I wonder how many people actually clicked on the links.  Twitter must minimize these chances by stepping up their security game; certainly more than they’ve been accused of lately.


By: Jonathan Weicher, post on July 29, 2020
Originally published at: http://www.netlibsecurity.com
Copyright: NetLib Security