- 18 Sep 2020
In a major embarrassment to twitter, several accounts and big names big names like Bill Gates, Obama, Jeff Bezos, Elon Musk etc. were hacked by a bitcoin duping scam. But is it the first time twitter had such a security breach? The online privacy was a myth, they said. Online security is a myth too, they never said.
Major high profile twitter accounts like those of Jeff Bezos, Bill Gates, Former US President Barack Obama and few others were the target of a widespread hack to offer fake Bitcoin deals in one of the most prominent breaches on a social media site on July 15, 2020. All of the big personalities had similar tweets instructing people to send crypto currencies to the same bitcoin address.
The fake tweets were then removed throughout the afternoon shortly after being posted to the accounts.
This news broke out when fake tweets went viral offering $2,000 for every $1,000 sent to a bitcoin address. The scale of the cyber-attack can be easily determined by the fact that hackers even got access to the Official Twitter Support Handle and posted similar tweets from twitter's own verified handle as well. The tweets were something like- “ Giving back to my community. All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000! bc1qxy2kgdygjrsqtzq2n0yrf2493p8 Only doing this for the next 30 minutes! Enjoy.”
The bitcoin details to which money was transferred in the duping scam The tweet contained a bitcoin address which was unique and common in all such tweets, presumably one related to the hacker’s crypto wallet. The process continued with a similar posting of tweets from the handle of 25+ celebrities, tech giants, and companies. By the end of the day, it appears to be earning its creator quite a bit of money in a particular BitCoin account as it had received almost 12.86503618 bitcoins in 374 transactions, an amount currently valued at slightly more than INR 89 Lakhs.
A snapshot of the number of twitter accounts hacked at once by the Hacker Crypto for Health
Twitter has no face left to save
Twitter addressed the situation on its support account saying, “We are aware of a security incident impacting accounts on Twitter. We believe that it was a coordinated social engineering attack which targeted some of our employees’ access to internal systems and admin tools. We are investigating and taking steps to fix it. We will update everyone shortly.” Twitter has confirmed that the hacking had used employee tools, but is maintaining pindrop silence on how hackers might have gotten access to those secured tools. Twitter also advised users to reset their passwords while they review and address the incident, the first-time twitter has ever done this in the company’s history.
Twitter Support handle also hacked, doing bidding for the hackers
The extent to which widespread the operation is in unclear, but it seems to affect number of companies and high-profile corporate giants. But it would be stupid to think this has happened for the first time in twitter.
Twitter didn’t learn even after its CEO had his account hacked.
In a major embarrassment to Twitter, the account of Twitter CEO Jack Dorsey was hacked in 2019. The hackers tweeted series of racist and vulgar comments from the handle of twitter CEO. So, Twitter doesn’t have much left to save face anyways. A mistake repeated is not a mistake, it’s a blunder.
After the attack, Twitter CEO Jack Dorsey wrote, “Tough day for us at Twitter. We all feel terrible that this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” Product chief Kayvon Beykpour also released a statement saying, “Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime, I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers.”
The hacker was shameless and proud for what he did
Some of the people who were hacked specified that they had turned on two-factor authentication and strong passwords which typically make any account tough to break into. It was discovered that the attackers had fully taken over the victims’ accounts. They also changed the email address associated with the Twitter account to make it harder for the real user to regain access.
The investigation claims that, the scammer’s website CRYPTOFORHEALTH was quickly pulled offline by Namesilo, the domain registrar used by the scammer. The domain registration information for the website was found to be publicly available, with CryptoForHealth.com claiming to have been registered by ‘Anthony Elias’ of California using the email address email@example.com. However, the street address provided does not exist according to Google Maps, while the phone number does not connect.
Appallingly, the hacker’s instagram account (@cryptoforhealth) was still active for 24 hrs after the incident whose bio says “It was us :)”. Also, few pictures were posted on the instagram after the attack by the hacker stating, “It was a charity attack. Your money will find its way to the right place.” And, “the upcoming weeks are going to be mind-blowing. Follow us and get notified”.
Hackers mocking social media security in the world openly
Keeping in mind the 2016 campaign, intelligence agencies of the United States established that through coordinated attempts Russia had tried to meddle in U.S. elections through social media tampering hacks, which included targeting the various campaigns and organizations of major parties. Twitter says it won’t restore access to their owners until they are certain that they can do so securely. The hack might also be a simple demonstration of Twitter's weak security controls.
Twitter had a huge loss due to the scam
Furthermore, Twitter's shares fell by 3% in extended trading after news of the hack broke. This cyber-attack not only damaged twitter revenue by billions but also exposed the security loopholes and admin-tools management in the world's biggest micro blogging and social networking service as it’s still unclear how much information were the hackers able to cull from the respective accounts.
The question however remains is that If they were able to break into the direct messages of the accounts, they could leak the classified information that can create chaos during the major events of 2020. Hence, this is a very serious matter warning us extent of the sham that the internet security has become. The online privacy was a myth, they said. Online security is a myth too, they never said.