Published 14:57 IST, July 16th 2020
Experts say Twitter breach troubling, undermines trust
A breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday.
Advertisement
A breach in Twitter’s security that allowed hackers to break into accounts of leers and techlogy moguls is one of worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with public, experts said Thursday.
ruse discovered Wednesday included bogus tweets from Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
Advertisement
Hackers used social engineering to target some of Twitter’s employees and n gained access to high-profile accounts. attackers sent out tweets from accounts of public figures, offering to send $2,000 for every $1,000 sent to an anymous Bitcoin dress.
Cybersecurity experts say such a breach could have dire consequences since attackers were tweeting from verified, globally influential accounts with millions of followers.
Advertisement
“If you receive a tweet from a verified account, belonging to a well-kwn and refore trusted person, you can longer assume it’s really from m,” said Michael Gazeley, managing director of cybersecurity firm Network Box.
Reacting to breach, Twitter swiftly deleted tweets and locked down accounts to investigate. In process it prevented verified users from sending out tweets for several hours.
Advertisement
company said Thursday it has taken “significant steps to limit access to internal systems and tools.”
Many celebrities, politicians and business leers often use Twitter as a public platform to make statements. U.S. President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts and governments around world.
Advertisement
Twitter faces an uphill battle in regaining people’s confidence, Gazeley said. For a start, it needs to figure out exactly accounts were hacked and show vulnerabilities have been fixed, he said.
“If key employees at Twitter were tricked, that’s actually a serious cybersecurity problem in itself,” he said. “How can one of world’s most used social media platforms have such weak security, from a human perspective?”
Advertisement
Rachel Tobac, CEO of Socialproof Security, said that breach appeared to be largely financially motivated. But such an attack could cause more serious consequences.
“Can you imagine if y h taken over a world leer’s account, and tweeted out a threat of violence to ar country’s leer?” asked Tobac, a social engineering hacker who specializes in providing training for companies to protect mselves from such breaches.
Social engineering attacks typically target human weaknesses to exploit networks and online platforms. Companies can guard mselves against such attacks by beefing up multi-factor auntication -– where users have to present multiple pieces of evidence as auntication before being allowed to log into a system, Tobac said.
Such a process could include having a physical token that an employee must have with m, on top of a password, before y can log into a corporate or or private system. Or methods include installing technical tools to monitor for suspicious insider activities and reducing number of people who have access to an ministrative panel, Tobac said.
U.S. Sen. Josh Hawley called on Twitter to co-operate with authorities including Department of Justice and FBI to secure site.
“I am concerned that this event may represent t merely a coordinated set of separate hacking incidents but rar a successful attack on security of Twitter itself,” he said.
He ded that millions of users relied on Twitter t just to send tweets but also communicate privately via direct messaging.
“A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security,” said Hawley.
14:57 IST, July 16th 2020