Active Stocks
Fri Apr 19 2024 15:56:00
  1. Tata Steel share price
  2. 162.10 1.31%
  1. Tata Motors share price
  2. 963.20 -0.84%
  1. NTPC share price
  2. 350.90 -0.14%
  1. ITC share price
  2. 424.80 1.40%
  1. Power Grid Corporation Of India share price
  2. 281.70 0.54%
Business News/ News / World/  Twitter hack due to human intervention not security loopholes
BackBack

Twitter hack due to human intervention not security loopholes

On 15 July, multiple Twitter accounts of high profile users were hacked, including those of Bill Gates, and Warren Buffet
  • An investigation by technology website Motherboard found that a Twitter insider may have been involved
  • Twitter hackers pushed a Bitcoin scam through these accounts, asking users to transfer money to certain Bitcoin accounts. (Photo: Bloomberg)Premium
    Twitter hackers pushed a Bitcoin scam through these accounts, asking users to transfer money to certain Bitcoin accounts. (Photo: Bloomberg)

    NEW DELHI: The recent Twitter hack was a result of human error or intervention rather than security loopholes in the company’s systems. Unlike usual cyber attacks, which exploit vulnerabilities in a platform’s code, hackers targeted employees of the company to get the same level of access that the latter have to Twitter’s system.

    On 15 July, about Twitter accounts of 130 high-profile users were hacked, including those of Elon Musk, Bill Gates, and Warren Buffet. Attackers asked users to transfer money to certain Bitcoin accounts, saying that these celebrities would double the amount.

    An investigation by technology website Motherboard found that a Twitter insider may have been involved. The person had access to internal tools meant only for Twitter’s employees, and misused those to make posts from high profile accounts. However, other investigations haven’t been able to confirm whether an insider was involved, though it appears that insider accounts were definitely used.

    According to Indian security researcher, Karan Saini, these are likely the same tools Twitter uses for support requests. Saini explained that most leading platforms have similar tools built in on their backend, which lets them do a variety of things, including responding to government data requests and dealing with support requests from users.

    Such tools allow the platform to fix problems with a user’s account, look at their IP addresses, where the account was created and much more. By Twitter’s own admission, the hackers had access to personal data for many of these accounts, could initiate password reset requests on 45 of these and in eight of the cases, they even used the “Your Twitter data" tool to download user data. This is a tool that platforms like Twitter, Facebook etc. offer so the user can see what data a platform has on you, and download it.

    "Today we see how, along with new attack vectors, scams combine old and effective techniques," said Demitry Bestuzhev, cybersecurity expert at Kaspersky, a global cybersecurity firm.

    "We believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information," Twitter said in a blog post about the incident.

    A social engineering attack is where a user is targeted through phishing emails etc. in order to gain access to their accounts. Attackers usually send emails, text messages etc. meant to make the user click on a fake link and enter details of their accounts. Doing so gives the attackers sensitive information like user passwords and more, which they can then use to login to the accounts.

    Security experts have often said that the weakest link in any system are the humans involved, which seems to be what hackers exploited here. As an example, Indian hack-for-hire firm, Belltrox Infotech Services, which was recently outed for targeting organisations and people in the US, also used phishing attacks for its work.

    Neither Twitter, nor the United States’ (US) Federal Bureau of Investigation (FBI) have been able to find who the attackers exactly were.

    According to Saini, it seems that it was teenagers running a scam and not state-driven hackers or corporations.

    It’s unclear whether any Indian accounts were compromised in the attack. India’s nodal cybersecurity agency, CERT-In, has issued a notice to Twitter seeking details of the same. The company hasn’t issued a statement yet.

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    ABOUT THE AUTHOR
    Prasid Banerjee
    An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
    Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
    More Less
    Published: 19 Jul 2020, 03:30 PM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App