![]() In a statement, New York state governor Andrew Cuomo said: “The Twitter hack and widespread takeover of verified Twitter accounts is deeply troubling and raises concerns about the cyber security of our communications systems, which are critical as we approach the upcoming presidential election. In a similar disinformation campaign, nation-state actors may simply announce a military or nuclear incident and provoke national havoc or spread fake news about a rival business to ruin its stock price and then purchase it for pennies. Immuniweb founder Ilia Kolochenko added: “This incident highlights the extreme fragility of the modern information space. I think we’re going to see a large ripple effect from this breach for a while to come.” “Private message data can potentially have a huge impact on extorting those individuals or contain other highly personal or sensitive secrets. “We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter’s platform and assume that these impacted accounts also had their private direct messages stolen,” said Saleh. Tarek Saleh, senior security engineer at DomainTools, said it was sensible for investigators to assume the worst-case scenario. “We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter’s platform” They could have started tweeting weird things in the names of the US presidential candidates during the voting this November, for example,” he said. ![]() They could have done anything on Twitter. “The attack could have done far worse things than try to scam bitcoins out of people the attackers had access to everything. It is also a distinct possibility, though still unproven, that the perpetrators could have established persistence within Twitter’s systems, opening the door to further, more damaging cyber attacks, a point made by F-Secure’s Mikko Hypponen, who said that as things currently appear, Twitter seems to have got off lightly. ![]() However, even if this is true, a far greater source of concern lies in the fact that with access to multiple accounts via a compromised internal system, the perpetrators could have gained access to every single user of Twitter’s platform to wreak even more havoc than they appear to have managed. SIM swapping is a type of identity theft which involves convincing an employee at a mobile operator to switch the target’s phone number to a new device, giving criminals access to sensitive data. Many currently think it highly likely that the hacker or hackers behind the attack were seeking to do nothing more than scam victims out of their cash, a theory that appears to be corroborated by evidence published by security investigator Brian Krebs, which suggests it was perpetrated by a 21-year old British student currently in Spain, who is known as a so-called SIM swapper. It saw multiple prominent accounts hijacked to tweet out a cryptocurrency scam that appears to have netted the people behind it at least $100,000. As previously reported, the hack is suspected of being an insider breach via a compromised Twitter employee with access to internal tools. ![]()
0 Comments
Leave a Reply. |