searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
July 31, 2020
Share

Twitter employees were spear-phished over the phone

Twitter has finally shared more details about how the perpetrators of the recent hijacking of high-profile accounts to push a Bitcoin scam managed to pull it off.

Twitter employees spear-phished

The way in

To pull off the attack, attackers had to obtain access to Twitter’s internal network AND specific employee credentials that granted them access to internal support tools.

“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” Twitter explained.

“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.”

Effectively, the attackers exploited human nature/vulnerabilities. “This was a striking reminder of how important each person on our team is in protecting our service,” the company noted.

Twitter says that access to its internal account support tools is “strictly limited” and “only granted for valid business reasons”, but apparently the attackers had a sizeable number of possible targets to try their luck with, as over a thousand Twitter employees and contractors had access to internal tools.

What’s Twitter doing to prevent similar attacks in the future?

While Twitter has controls and processes in place to prevent and detect misuse, the company is working on making them better.

For the moment, they’ve “significantly limited” access to the internal tools and systems, and are accelerating several of their pre-existing security workstreams and improvements to their tools.

“We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams. We will continue to organize ongoing company-wide phishing exercises throughout the year,” they added.

“Our investigation is ongoing, and we are working with the appropriate authorities to ensure that the people responsible for this attack are identified.

The attacker targeted 130 Twitter accounts in all, tweeted from 45 of them, accessed the DMs of 36, and downloaded Twitter data of 7 users.

The company has promised to publish a more detailed technical report on what occurred once the investigation is over.

UPDATE (July 31, 2020, 1:00 a.m. PT):

US authorities have arrested a 17-year-old teen from Tampa, Florida, who they believe is the mastermind behind the account hijacking/Bitcoin scam.

He will be charged with multiple counts of communication fraud, fraudulent use of personal information, organised fraud and access to computers or electronic devices without authority.

UPDATE (July 31, 2020, 9:35 a.m. PT):

Two additional individuals are being accused of having participated in the attack: Mason Sheppard, aka “Chaewon,” a 19-year-old from the UK, and Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida.

More about
  • account hijacking
  • spear-phishing
  • Twitter
Share this

Featured news

  • Google extends passkeys to Google Workspace accounts
  • MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
  • Surveilling your employees? You could be putting your company at risk of attack
Spin Up A CIS Hardened Image

Sponsored

The best defense against cyber threats for lean security teams

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

Don't miss

Google extends passkeys to Google Workspace accounts

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

Surveilling your employees? You could be putting your company at risk of attack

9 free cybersecurity whitepapers you should read

How fraudsters undermine text passcodes

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us