NYDFS reveals How Twitter’s Poor Cyberspace led to the Biggest Bitcoin Scam of the Year
Although some news related to Cyber-Attack attempts is seen now and then on Social Media, but one cyber attack incident which had shocked the whole World was the exploitation of Twitter accounts on July 15, through which exploiters were able to get access to big celebrities’ and personalities’ Twitter accounts and tweeted for bitcoin giveaway transfers from those accounts.
For a summary of this Twitter exploitation, a report from the New York State Department of Financial Services has come out just last week, in which it has been revealed how hackers executed this hi-profile hack.
The New York State Department of Financial Services has reported that the plot of the hack was hatched on Twitter’s VPN problems.
Yes, actually when the Covid-19 pandemic started in March, the Twitter company advised its employees to work remotely from their homes and had its Company-operated remotely, this led to a kind of bad effect on the servers of remotely operating infrastructure of Twitter and the employees reported frequent problems in Twitter’s Virtual Private Network (VPN).
Hackers took advantage of this very thing. On July 15, they called Twitter’s employees and said that they are speaking from the IT department of Twitter and have come to solve the problems of VPN connections happening in the company. After this, the hackers sent twitter’s employees to a fake Twitter VPN website that looked exactly like the original Twitter VPN website and asked the employees to login with their credentials.
Falling into the trap, the Twitter employees entered their Login Credentials into the Phishing website, and the very moment they entered their details there, the hackers also acquired access to Twitter’s internal account management system using these login credentials and carried out their further adventures.
Let me tell you that when the hackers called twitter’s employees to get their login credentials, not all the employees got entangled in them, only 7 employees got caught in the hoax, the rest of the employees informed about the incident to twitter’s fraud monitoring team. Twitter’s Anti-Fraud Team, however, took too long to address the issue.
After gaining access to Twitter’s Account Management System, hackers started targeting Twitter’s big accounts, such as accounts of big personalities and celebrities like Elon Musk, Bill Gates, Kanye West, Kim Kardashian, Warren Buffet, and Floyd Mayweather, etc. And accounts of big companies like Uber, Apple were also compromised.
Then the hackers played their biggest trick, the hackers posted alluring tweets from all these hijacked accounts in which the hackers wrote that they are ‘doing a huge giveaway,’ ‘giving back twice of the bitcoins that you will send in our bitcoin address.’.
What was back then, many people got caught in this fraud and started sending bitcoins to the bitcoin address given by the hackers, thus the hackers were successful in stealing at least $117,000 in bitcoins.
According to the NYDFS report, after the news of Twitter Accounts Hack went viral, a bitcoin company named Coinbase stopped a total of about $1,294,000 coming into the hackers’ bitcoin account, another financial company, Square, stopped a total of about $51,000 from landing into the hackers’ account, while Gemini and Bitstamp prevented a total of $1,800 and $250 in bitcoins from entering into the account of hackers.
This whole incident was perpetrated by hackers on July 15.
When Twitter’s employees talked to Twitter’s Fraud Investigation Team about the calls coming from the Guys pretending to be from the IT department, Twitter took too long to act on it as they did not have a senior-level executive for information and security at that time. It took Twitter many hours to boot the hackers out of their system.
This hacking attack on Twitter shows the weak internal security of the company, the attack is also a red signal to other social media giants and alerts them to keep their cyberspace strong and protected.