The Great @twitter hack- Vulnerable social media

The overnight hack of @twitter accounts of big names like Barack Obama, Bill Gates, Elon Musk, Joe Biden. Other major names in the list include Kanye West, Mike Bloomberg, and Warren Buffet. Interesting to note is none of the Republican senators or politicians' accounts were hacked even as three of the democrat leaders were hacked by the scammers. US President Donald Trump's account escaped hacking and so was the head of @twitter Jack Dorsey. Also, Twitter accounts of Apple, Uber, Square’s CashApp, and Coinbase were also hacked with the intent to post similar messages which contained a bitcoin wallet address that directed to the hackers.

This large scale hack also exposes the work from home (#WFH) concept which is prevalent largely in all countries due to the pandemic. How this is vulnerable is that when all those #WFM employees have access to the lead server and they are working under no direct supervision or on camera work. Now these employees are lured for some benefits at a cost and they fall prey to it. Now when you forget or miss your password you connect with @twiiter this is where the hack happens and hence when you reset the password you can post what you want. In this case target was clear, to reach out to maximum audience and hence big names were chosen its reach was estimated at be over 30 million. Now this too was strategically planned to reach out to US, UK, Europe audiences where BITCOIN is increasing its footprints. Their target was met and per reports, the bitcoin wallet has amassed over $100,000 within a few hours after hackers spammed the verified accounts.

It is a strange case of media falling prey to its own systems and norms. But what surprises is that the President handle and even that of @twitter CEO was unharmed. Even the messaging was very tactically played using the current pandemic as an excuse to pay back and the time given was merely 30 minutes which was enough for them to make a bounty.

All of the tweets were deleted shortly after being posted, but, given the size of the accounts, they were widely viewed. While individual accounts are often hacked, especially ones that do not use security measures such as two-factor authentication, the scope of this effort suggest a deeper security failure.

In case of Twitter, through an unwitting or may be a willing Twitter employee, the hackers got access to the site’s admin panel and then did their work. A hacker, reportedly part of the Twitter hack last night, told Motherboard that they “used a rep that literally did all the work” and others claimed they paid the Twitter insider. One cannot fail to notice the ease with which tens of accounts of prominent personalities were hacked in one night.

In the guise of social engineering

Social engineering is a method hackers use to get confidential information. You may have heard that in the IT system the weakest link is the user. For example, a company may use great security on its machines but if a user sets the password to 1234abc, well you can’t do much about it and all that security is useless. Similarly, hackers often find it easy to get login details and or get into some machine or system with the help of users instead of breaking the security protocol.

Social engineering is the art of manipulating people so that they give out confidential information that can be used to cause harm to that person or an organization. Confidential information can include passwords, ATM pins, or access to the main control panel in Twitter’s recent case. So, when you get a call asking for credit card details or an email that seems authentic which requires you to log in your credentials somewhere, that is some scammers trying to use social engineering.