The Limited Times

Now you can see non-English news...

Twitter identified the cause of the hack to Bill Gates, Barak Obama and Elon Musk

2020-07-31T18:40:16.333Z


The Internet platform gave new details about the cyber attack that violated the privacy of more than 130 user profiles. How is a phishing attack of telephone distribution.


07/31/2020 - 14:52

  • Clarín.com
  • Technology

The social network Twitter continues with the internal investigation to reveal the cause of the massive hacking that it suffered in mid-July. According to the latest data, the hackers carried out a phishing campaign of telephone distribution to attack the platform, with which they managed to obtain the credentials to access the internal tools with which they carried out the massive hacking of users.

The technology company shared new advances in the internal investigation into the hack to the social network, which occurred on July 15 and affected 130 accounts , including verified accounts of recognized personalities such as Microsoft co-founder Bill Gates, former US President Barack Obama. Obama or Tesla CEO Elon Musk.

In its report, Twitter indicated that cyber attackers had to first obtain the credentials with which to access the platform's internal tools. This is achieved by attack phishing ( phishing )  telephone distribution, one commonly used resource for this kind of hacking.

"A successful attack required attackers to gain access to both our internal network and specific worker credentials to give them access to our internal support tools, " the company explains on its official blog.

The former president of the United States, Barak Obama, was one of the victims of the Twitter hack. (Photo: REUTERS / Lim Huey Teng)

Not all employees affected by the attack had the necessary permissions, "but the attackers used their internal network access credentials to obtain information about the processes," allowing them to direct their attack at employees with access credentials to the networks. support tools.

As a result of the cyberattack, Twitter revealed that hackers attacked 130 user accounts, posted from 45 of them, accessed 36 private message inbox, and downloaded data from seven of the accounts.

"This attack was based on a significant and coordinated attempt to trick certain employees and exploit human vulnerabilities to gain access to our internal systems," says Twitter, which identifies it as a "reminder" of the importance of each person in a equipment to maintain security.

Since the attack, the company "significantly" limited access to both the system and internal tools, to ensure security while the investigation continues. This decision can affect users , he explains, because it can delay the response to requests for help or to report tweets.

How a Phishing or Spear Phishing Attack Is Performed

Hacking and phishing. (Bloomberg)

As Clarín consulted with specialists from the computer security company ESET Latin America, hackers who violated the privacy of hundreds of accounts did so through a social engineering technique called Spear Phishing .

Social engineering has many techniques and phishing or phishing is generally associated with crimes via email. Since the purpose of this type of attack is to steal information from the victim , this means that it can be done through different means.

When it comes to a phone call or voicemail, specialists categorized this technique as Voice Phishing or Vishing . In this type of attack, the hacker, instead of sending an email, contacts the victim by phone.

However, there are cases where the attack is directed , that is, you have accurate information about the employee or the victim and they are not massive: these are called Spear Phishing .

The Twitter hack affected 130 accounts, including verified accounts of recognized personalities. (Photo: Olivier DOULIERY / AFP)

What happened with Twitter, says Cecilia Pastorino, was just a Spear Vishing attack   on a particular person through phone calls or voice messages.

Hackers often contact a group of employees posing as Technical Support personnel or a client, in some way impersonate their identity on many occasions, with the aim of deceiving the person and thus collecting information and credentials of the employees through of phone calls.

If they do not succeed, for example the credentials do not have sufficient privileges, they use the information they collected to prepare for a second attack, with data on names, surnames and hours to capture the trust (Spear Vishing) of the person receiving the call, according to explained from ESET. 

"That is why it is so important in social engineering campaigns not only to educate in what has to do with emails or messages that we may receive in various electronic media, but also what information we disclose through a chat or email if we do not know who is behind a cell phone or a computer, "said Cecilia Pastorino.

Source: clarin

All tech articles on 2020-07-31

You may like

News/Politics 2024-03-09T00:37:18.550Z
News/Politics 2024-02-15T17:12:47.444Z

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.