Saturday, July 18, 2020

In the biggest and juiciest news this week J. Dorsey said his company had a particularly hard day when his social media “tweeting” site had a major catastrophic hack. As the hacker saying goes he’s been “pwned”. The site had major world leaders, election candidates, celebrities and other accounts with “verified checkmarks” next to their names severely compromised. The company had to do quick damage control by spinning around and locking down several accounts to prevent them from tweeting fake tweets during the account takeovers. According to various news sources the accounts had those accounts partnering with fake “Crypto For Health” sites for a giveaway of BTC. However savvy smart and aware crypto users already are aware of the sensitive nature of crypto and would have been keen and aware and skeptical of such schemes. Crypto users are the people that use cryptocurrency such as Ethereum, BTC, Litecoins and other digital currency media. The tweeters and social media influencers would have known you don’t give money to get money (aka, if you give me 1 dollar I give you 2). One would “lulz” if it wasn’t so sad that some people have fell victim to this phishing and fraudulent scheme. It doesn’t say anything bad about about the underlying technology but naysayers such as famous goldbugs and anti-crypto-ists are already out there bad mouthing the digital currency possibly due to ire or personal reasons to push their own agenda such as making the price fall or sell their own products (gold website). Ethics issue? Quite possibly.

Some of the biggest affected accounts include election candidates for 2020, prior prez, and also the former tech CEO of ‘Micro$0ft’. Even Elon Musk and Bezos were not immune to this hack as their accounts were tweeting out this fake tweet within a few minutes of the first few breaches.

The social media site was abuzz with various theories and comments ranging from:

• Could have run a better hack
• They could have extorted even more money
• Boy, this could have caused massive havoc or even panic or a war to happen

Luckily it didn’t do so, but it caught the eye of a senator / congressman who sent a formal letter to company on official letterhead to find the full extent of the damage, breach and steps to prevent this from happening and also possibly affecting the 2020 election. Can’t be too careful with fake memes, photoshop, deepfakes, misinformation, disinformation campaigns and other ransomware these days. And rightfully so the letter also touched on points on how much other accounts were affected and even on how 2FA or multifactor authentication could have been breached. For those living under a rock, 2FA and multifactor authentication is still currently the best and most secure tech option to prevent account takeovers.

Security experts, white hackers (a term for the good guy security teams) also weighed in and stated it couldn’t possibly have happened that 2FA was compromised and was most likely an inside job or phishing or employee facilitating the scam. Who knows? Our site did more research and found that there were news sites that suggested an employee with high level access to multiple backdoor access to accounts could have been used to do the tweeting and some accounts that posted the “tool” were quickly taken down (deplatformed?) or served a violation of TOS (terms of service) notice for posting the compromised accounts. Apparently you can’t really post account screenshots of another person’s stuff without permission, much less embarrassing inside knowledge tools of a company. Secret sauce company ingredients.

While this is left to be investigated, the fact that the breach was so massive and widely affected caused concern and the above mentioned senator stated that the social media CEO was to respond to the office and bureau for investigations and other relevant justice agencies since, now you have world leaders involved. No one wants it to affect the security nationally of course.

Yahoo suggested that the breach could have been from third-party app breachs, while also reiterating the company itself might have been breached, which would be one of the biggest breaches of social media in history.

A quick side note for all the readers. If you’re not yet using multifactor authentication then now is the best time to do so. Go look up “authenticator app” and “multifactor authentication” or “2FA hardware key”. Secure your accounts and remove extra account information, disable unused app permissions, and even phone numbers to prevent simjacking. You can’t afford to have your data compromised with how fast your data can be transmitted around the world these days. Also if you’re a company do phishing test runs or drills for your employees.

Back to what happened at the site. As Yahoo suggests there could have been 3rd party APIs compromised or OAuth issues and SMS issues. So somewhere there could have been an incidental leak too. But many believe it’s a leak “within the birdhouse” aka a internal security leak at the admin / administrator level.

With all the political commentary about censorship debates this could have caused embarrassment for the platform. Or there could be a political agenda as some of the targets seem to be people that are on the opposite spectrum of a “rising tide of people prone ride the wave of conspiracy theories”.

The news also has stated that several opposing nations could want the country to fail or fall into chaos and mentioned several nations competing to get the first claim to fame for snagging the prized viral vaccine first. Some have resorted to spying or hacking supposedly.

Daily Mail has stated that an estimated $116,000 worth of cryptocurrency or 12.8 BTC were scammed during the breach. And the company has yet to explain how it all happened saying it was a social engineering hack. This type of hack for the those not in cybersecurity basically means “impersonating another person or making another person think you’re an authorized individual to receive access to information.” This can be done by taking advantage of human nature and the propensity for most of us to trust and think someone else has good intentions. Often there may be aggregation of information over time aka (piecing together of several tidbits information over a long period of time). Sometimes this can also involve phishing which can seem urgent or time sensitive.

At this time it appears to be on the surface a crypto scam, but some say that that’s just covering up for something deeper and something else was being looked for in this scam. Others say that these bad actors were simply “script kiddies” trying to flex their muscle and show off.

Was there a bribe involved? What was the scope of this breach and could it ripple down and affect other people’s accounts in the long run. There seems to be a period where the “verified checkmark” accounts couldn’t tweet to prevent further fake messages from happening on the account. For those that don’t use the platform tweets are just the short messages equivalent to sending a text on a phone. And those with verified checkmarks are people that are considered to be the real person with that name and username aka “user handle”. It helps to show which accounts are real and not bots. A lot of fake accounts have popped up over time with either extra numbers or extra characters that look similar to the real user.
For example John Celebrity could look like:
@johncelebrity

But a fake user might have variants such as:
@johncelebrity_
@johnce1ebrity
@j0hncelectrity
@joncelebrity
@johncelbrity
@johncelebr1ty
@johncelebrity_____11

You get the idea. And you might not see the latter part of the name because the numbers might get truncated. This is a big issue with a lot of fake memes, bots, fake accounts and trollers or parody accounts showing up on there. Sometimes for laughs, sometimes with a political agenda, sometimes to make fun of people.

After a few hours the verified accounts were able to message again but not before being locked out for several hours.

Law enforcement may use tracing tools to try to track and follow the money. The blockchain is a public ledger that shows where transactions flow. And using the decentralized digital currency is pseudo-nonymous meaning it’s somewhat anonymous but not fully. This is especially true at exit points. Such as trying to convert back to fiat money or physical assets. For those that use the digital versions they consider the safest route to anonymity by staying within the digital asset. Some have tried to tumble and hide assets but often end up getting leaked and exposed in the process through tools like Chainalysis tools which is used for forensic analysis and often partners with law enforcement in the US. Some of these have gov contracts and other up and coming companies include Cipher trace and Elliptic. While the digital asset has gotten a lot of bad rap and PR via the news, many acknowledge the digital currency equivalent is quite possibly the wave of the future. Many advocates point to the innocence and lack of understanding of email and the Internet as examples.

Was this a state actor level breach? It certainly got everyone’s attention. One particular account not touched was the current world leader in the same country as the social media company. The individual is a known regular user of the platform. And the politicians affected all seem to be connected to a political party as well. Perhaps there were some restrictions to help prevent high level access which helped save the company from an even bigger fiasco.

The company as stated was in caught in a fact-checking feud in the last few months and removed several fake tweets and also slapped labels on certain tweets deemed to be untruthful. This has drawn the ire of some that caused them to label the platform as now being a “publisher” and less an advocate of free speech.

Users took to the platform with some gifs and videos mocking the security on Twitter, understandably upset.

If we learn of any new significant information we will update this.

This piece was updated 11:21am 7/18/2020.