Spear Phishing Attacks & How One Led To Twitter’s Bitcoin Hack

Movies

Products You May Like

Twitter is again in the media spotlight due to a recent cyber attack which took place using an intrusion method called ‘spear phishing’, and included a number of big-name celebrity accounts being compromised to generate Bitcoin. Hacking enjoys a unique place in the media whether related to video games or as news in the business and tech world. However, what hacking is remains challenging to answer because of the broad range of activities which could be referred to as hacking.

As often as movies glorify hacking, the act of deliberate penetration into software or hardware systems and using them in such a way which wasn’t intended (and in some cases, unlawfully), is much more difficult to explain. Colorful on-screen lights and puzzles coupled with beeping noises with each push of a button on a keyboard provide a glamorous image to the hacking community which, more often than not, instead relies on hours spent reviewing technical documentation and many more spent engaged in security testing.

Related: Trump Calls Twitter’s Trending Feature Biased, Disgusting & Illegal

On July 30, Twitter informed users that an official update on the security breach was available and that it would detail findings as of that time. In replies to the initial Tweet by the same support account, Twitter described that this penetration happened through a human vector — human beings were used to gain access. Ultimately targeting 130 accounts, this attack, which led to some hijacked user accounts tweeting about bitcoin donation, relied on gaining credentials from staff members while continuously seeking additional employees from which to then gain a means of entry. Despite hard-working team members acting to prevent and respond to security threats, they remain common as the information age goes on.

Simple, But Effective Attack

Twitter Logo Under Magnifying Glass

Sometimes, knowing how to crack into an operating system, exploiting a login form, or being able to pull off a front hand-spring isn’t necessary. If one wants to own the keys to a castle, it could mean breaking through an entrance, scaling walls or opening a hole in them. However, human beings are a lot like castles and if someone isn’t familiar with social engineering then they might have a vulnerability and could be deceived into divulging where the key is left hanging. Some attacks are complex, causing system-wide outages where control is nearly or completely lost and recovery comes at a ransom. In contrast, with humans vulnerable in some way, this remains a simple but effective attack.

The attack proved to be bad news for Twitter, which was required to secure access and identify what went wrong, at the same time as earning exactly the kind of press it didn’t want. The intrusion was particularly costly because the breach involved many verified accounts which meant some of the well-known users had reason for mention in the news while providing a poor backlink to Twitter. Companies aren’t without hope, however, as although this problem is devastating, it isn’t a new phenomenon. As Twitter described through its support account, this was a wake-up call. The knowledge gained from the experience affords education on the problem as a case study, and the corporate world can use that same knowledge to help defend against similar cyber-attacks coming from a human vector, Twitter or otherwise.

More: Twitter Contractors Reportedly Created Fake Alerts To Spy On Celebrity Accounts

Source: Twitter

Superman Bloody Bruised Boxing Comic

Superman Was Beaten By A Marvel Hero… And it Wasn’t Close

Products You May Like

Articles You May Like

Audiobook review of How Does That Make You Feel, Magda Eklund?
Courteney Cox Returning as Gale Weathers in ‘Scream 7’
Senate NASA bill focuses on commercial space stations, science mission overruns
Mufasa Global Opening Projected At $125M
How Are Stars Formed, and How Do They Hold Together?