social the media company The wave of hacking against Twitter, which began on July 15, initially targeted a few Twitter employees through their phones, the company says in its updated blog on Thursday.
The successful attack required the attackers to gain access to both Twitter’s internal network and specific employee IDs that gave hackers access to the company’s internal support tools.
Not all employees originally attacked were allowed to use account management tools, but attackers used logins to better understand Twitter’s internal systems and gain information about the process.
With this information, they were able to advance within the organization and target the next employees.
Eventually, cyber-attackers used the IDs of employees who received these tools to hack 130 Twitter accounts. In total, they tweeted from 45 accounts, accessed 36 profile private inboxes, and uploaded seven profile Twitter data.
The former president, among others, was the target of a hacking wave Barack Obama, former Vice President and Democratic presidential candidate Joe Biden, technology company Apple, founder of Microsoft Bill Gates, CEO of Tesla Elon Musk and artist Kanye West.
The scam hacked accounts were asked to send money to a specific cryptocurrency account and promised to get back double the amount of bitcoins.
A 17-year-old Florida teenager is accused of planning the attack. He was arrested in Tampa, Florida on Friday and he is charged with 30 offenses.
Aalto University Professor of Cyber Security At Jarno Liml says that in the case of Twitter, the attackers managed to manipulate the right people within the organization.
“In addition to technical expertise, the ability to manipulate the right people in the target organization was key. The importance of the individual employee in terms of information security is great, ”says Limnekl.
Limnekl finds it positive that Twitter has openly reported on the course of hacking.
“Through this, other organizations are also able to learn from data breaches and leaks and thus improve their own security. Information security is not a project but a process that is constantly evolving and improving. ”
According to Limnekl, Twitter will certainly learn from the case and one of the reasons behind the progress of the attack is that too many people have had access to certain systems.
“All organizations can prevent these cases by training staff. Hacking methods are constantly evolving and at times very innovative, and an advocate must be innovative. Organizations must be prepared for the possibility of third-party access to confidential information, which emphasizes the organisation’s ability to act in the event of a problem. ”
Twitter hacking is reminiscent of the importance of source criticality, Limnagl says.
“Even messages and some updates from well-known and trusted people should be treated with appropriate skepticism.”
technology Company Reactor Safety Unit Safety Director Miso Korkiakoski says that the Twitter case – type phishing is unfortunately common.
“It’s a surprising amount that happens that the phones of individual employees are spying on. But there is a lot of variation in how targeted spying is. In the case of Twitter, it has been really targeted. The common thing is to collect individual data and try to gain more foothold within the company. For example, the names of colleagues are often asked, ”says Korkiakoski.
In the case of Twitter, information has been gathered and then targeted to specific individuals.
“There may also be cases where, for example, the name of a supervisor is called and it is said that the point is to call a colleague who should be helped. This builds credibility for spying. ”
The organists are interested in the company’s processes, organizational structure and personal names, Korkiakoski says.
“They give credibility to the next round as the spy continues.”
According to Korkiakoski, the problem with online phishing is that people basically want to help their colleagues.
“In the case of Twitter, the first people haven’t gone wrong, but their names have been used to try to understand how the system works.”
attacks can protect themselves by increasing people’s awareness in the organization.
“Certainly there are trainings and exercises within Twitter, but the information security team must start from the fact that not everyone has a good level of knowledge,” says Korkiakoski.
“Of course, every employee needs to be careful. But such attacks are also difficult to prevent. In the case of Twitter, several employees have certainly also realized that this was a special request and has not gone through it. ”
Limnekl says that the right attitude towards information security affects everyone.
“Every company today is a digital company, and that’s when security issues also affect every employee. At its best, man is the strongest link in information security. Successful hacking is becoming more and more expensive for companies and organizations today. ”