Twitter hackers got access to accounts by posing as IT desk employees, report says

Twitter hackers got access to accounts by posing as IT desk employees, report says
Posted at 6:20 AM, Oct 15, 2020

Hackers who infiltrated the Twitter accounts of several high-profile politicians and industry titans over the summer posed as members of the Twitter IT department in order to steal the credentials of employees with high-security clearance, New York's Department of Financial Services says.

On July 15, dozens of high-profile Twitter accounts — including those belonging to Joe Biden, Barack Obama and Jeff Bezos — were hacked and posted messages directing followers to give away bitcoin in a targeted scam. According to the DFS, hackers made off with about $118,000 in bitcoin.

In the days following the hacking, Twitter said it believed that the scam was engineered by a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." In its report, published Thursday, DFS confirmed that was the case.

According to DFS, the scheme began on July 14, when at least one of the hackers called Twitter employees posing as members of Twitter's IT desk. Twitter employees have been working from home amid the COVID-19 pandemic, and the company has often experienced issues with its Virtual Private Network.

Seizing on that vulnerability, the hackers told the employees they needed to check on the VPN and directed employees to a phishing website that looked "identical" to Twitter's IT page.

When the employees with advanced access entered their username and password, that information was immediately sent to the hackers.

The next day, the hackers carried out their high-profile bitcoin scheme, which alerted Twitter to the hack and caused disruptions on the site for several hours. However, before carrying out the bitcoin scheme, the hackers also took control of so-called "OG" Twitter accounts — valuable account names designated by a single word, letter or number. If login credentials of those accounts are stolen, such they can be sold for thousands of dollars.

In all, DFS says 130 Twitter accounts were hacked, and the suspects sent tweets from 45 of those accounts.

The DFS said the hacking represented severe flaws in Twitter's security systems, which could have dire consequences.

"In the hands of a dangerous adversary, the same access obtained by the Hackers–the ability to take control of any Twitter users’ account–could cause even greater harm," the agency said.