Home / Business / Shocking Twitter hack this summer started with tech support scam, New York regulators say

Shocking Twitter hack this summer started with tech support scam, New York regulators say

At the time of the July 15 attack, Twitter did not have an information security officer and suffered from poor internal security checks, the report concludes.

Officials behind the report called for further cybersecurity regulation of major technology platforms.

“In other areas considered critical infrastructure, such as telecommunications, utilities and finance, we have established regulators and regulations to ensure that the public interest is protected,” the report from the New York Department of Financial Services said. “When it comes to cybersecurity, this is what is needed for large, systemically important social media companies.”

In a statement, Twitter said it had taken steps to improve the security of its platform, cooperated with the Department̵

7;s investigation, and that multiple arrests were made in the wake of the attack.

“Protecting people’s privacy and safety is a top priority for Twitter and it’s not a responsibility we take lightly,” the statement said. “We have continually invested in improvements to our teams and to our technology that enable people to use Twitter safely. This work is constant and ever-changing.”

The high-profile hack saw several celebrity accounts detected by a bitcoin scam that promised victims a 100% return on their investments. In addition to Obama and Musk, the hackers were able to detect accounts belonging to Joe Biden, Kim Kardashian West, Uber and Apple, among others. As one of the nation’s leading virtual currency regulators, the Department began its investigation into the attack shortly after it came to light and is based on subpoenas, witness interviews and documentary documents.

Wednesday’s report states that an unnamed 17-year-old hacker and several accomplices began calling Twitter employees pretending to offer help with the company’s VPN problems. The attack compromised at least one employee who did not have direct access to celebrity accounts, but later expanded to include other employees who had access. Aspects of the scam were reported last month by Wired.

“Since moving into remote work, VPN problems have been common on Twitter,” the report said. “The hackers then tried to direct the employee to a phishing website that looked identical to Twitter’s legitimate VPN website and was hosted by a similarly named domain.”

The hackers used the fake website to steal the employee’s login credentials, the report said, then typed the stolen information into the real Twitter administrative website, resulting in a multi-factor authentication challenge, which the employee completed. ensuring access to the Twitter backend.

Eventually, the scheme led to a bitcoin scam that was widely spread to millions of users and resulted in a loot of $ 118,000 worth of bitcoin, the report said.

Source link