Hackers used social engineering to target some of Twitter’s employees and then gained access to the high-profile accounts, in a July 16, 2020 story. (Photo by THE ASSOCIATED PRESS)

Hackers used social engineering to target some of Twitter’s employees and then gained access to the high-profile accounts, in a July 16, 2020 story. (Photo by THE ASSOCIATED PRESS)

Experts say Twitter breach troubling, undermines trust

Twitter swiftly locked down accounts to investigate

HONG KONG — A breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday.

The ruse discovered Wednesday included bogus tweets from Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

Hackers used social engineering to target some of Twitter’s employees and then gained access to the high-profile accounts. The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

Cybersecurity experts say such a breach could have dire consequences since the attackers were tweeting from verified, globally influential accounts with millions of followers.

“If you receive a tweet from a verified account, belonging to a well-known and therefore trusted person, you can no longer assume it’s really from them,” said Michael Gazeley, managing director of cybersecurity firm Network Box.

Reacting to the breach, Twitter swiftly deleted the tweets and locked down the accounts to investigate. In the process it prevented verified users from sending out tweets for several hours.

The company said Thursday it has taken “significant steps to limit access to internal systems and tools.”

Many celebrities, politicians and business leaders often use Twitter as a public platform to make statements. U.S. President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts and governments around the world.

Twitter faces an uphill battle in regaining people’s confidence, Gazeley said. For a start, it needs to figure out exactly the accounts were hacked and show the vulnerabilities have been fixed, he said.

“If key employees at Twitter were tricked, that’s actually a serious cybersecurity problem in itself,” he said. “How can one of the world’s most used social media platforms have such weak security, from a human perspective?”

Rachel Tobac, CEO of Socialproof Security, said that the breach appeared to be largely financially motivated. But such an attack could cause more serious consequences.

“Can you imagine if they had taken over a world leader’s account, and tweeted out a threat of violence to another country’s leader?” asked Tobac, a social engineering hacker who specializes in providing training for companies to protect themselves from such breaches.

Social engineering attacks typically target human weaknesses to exploit networks and online platforms. Companies can guard themselves against such attacks by beefing up multi-factor authentication -– where users have to present multiple pieces of evidence as authentication before being allowed to log into a system, Tobac said.

Such a process could include having a physical token that an employee must have with them, on top of a password, before they can log into a corporate or other private system. Other methods include installing technical tools to monitor for suspicious insider activities and reducing the number of people who have access to an administrative panel, Tobac said.

U.S. Sen. Josh Hawley called on Twitter to co-operate with authorities including the Department of Justice and the FBI to secure the site.

“I am concerned that this event may represent not merely a co-ordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he said.

He added that millions of users relied on Twitter not just to send tweets but also communicate privately via direct messaging.

“A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security,” said Hawley.

By The Associated Press

Business

Just Posted

Police officers and their dogs undergo training at the RCMP Police Dog Services training centre in Innisfail, Alta., on Wednesday, July 15, 2015. Mounties say they are searching for an armed and dangerous man near a provincial park in northern Alberta who is believed to have shot and killed a service dog during a police chase. THE CANADIAN PRESS/Jeff McIntosh
RCMP search for armed man in northern Alberta after police dog shot and killed

Cpl. Deanna Fontaine says a police service dog named Jago was shot during the pursuit

Alberta now has 2,336 active cases of COVID-19, with 237 people in hospital, including 58 in intensive care. (Black Press file photo)
Red Deer down to 73 active cases of COVID-19, lowest since early November

The Central zone has 253 active cases of the virus

People line up to get their COVID-19 vaccine at a vaccination centre, Thursday, June 10, 2021 in Montreal. THE CANADIAN PRESS/Ryan Remiorz
Vaccines, low COVID case counts increase Father’s Day hope, but risk is still there

Expert says people will have to do their own risk calculus before popping in on Papa

Canadian Prime Minister Justin Trudeau is seen during a joint news conference following the EU-Canada Summit, in Brussels, Belgium, Tuesday June 15, 2021. Trudeau says Canada is on track now to have 68 million doses delivered by the end of July, which is more than enough to fully vaccinate all 33.2 million Canadians over the age of 12. THE CANADIAN PRESS/Adrian Wyld
Vaccine deliveries enough to fully vaccinate all eligible Canadians by end of July

Three in four eligible Canadians now have their first dose, nearly one in five fully vaccinated.

Chief Public Health Officer Theresa Tam listens to a question during a news conference, in Ottawa, Tuesday, Jan. 12, 2021. The number of confirmed COVID-19 cases attributed to the highly contagious Delta variant grew in Canada this week. THE CANADIAN PRESS/Adrian Wyld
Canada’s public health agency reports spike in confirmed cases of Delta variant

More than 2,000 cases of the variant confirmed across all 10 provinces and in one territory

The federal government says it wants to ban most flavoured vaping products in a bid to reduce their appeal to youth. THE CANADIAN PRESS/AP-Craig Mitchelldyer
Health Canada proposes ban on most vaping flavours it says appeal to youth

If implemented, the regulations would restrict all e-cigarette flavours except tobacco, mint and menthol

The Montreal Police logo is seen in Montreal on Wednesday, July 8, 2020. Some Quebec politicians are calling for an investigation after a video was released that appears to show a Montreal police officer with his leg on a young Black man’s neck during an arrest. THE CANADIAN PRESS/Paul Chiasson
Probe called for after video appearing to show Montreal officer’s knee on Black youth’s neck

Politicians call for investigation after clip evokes memories of George Floyd incident

Thousands of protesters make their way through the downtown core during a Black Lives Matter protest in Ottawa, Friday June 5, 2020. THE CANADIAN PRESS/Adrian Wyld
MPs’ study of systemic racism in policing concludes RCMP needs new model

Chair of the House public safety committee says it’s time for a reckoning on ‘quasi-military’ structure

A case filled with packages of boneless chicken breasts is shown in a grocery store Sunday, May 10, 2020, in southeast Denver. THE CANADIAN PRESS/AP-David Zalubowski
One million chickens euthanized during labour dispute at Quebec slaughterhouse

Premier says waste amounts to 13 per cent of the province’s chicken production thrown in the garbage

A section of the eastern slopes of the Canadian Rockies is seen west of Cochrane, Alta., Thursday, June 17, 2021. A joint federal-provincial review has denied an application for an open-pit coal mine in Alberta’s Rocky Mountains, saying its impacts on the environment and Indigenous rights aren’t worth the economic benefits it would bring. THE CANADIAN PRESS/Jeff McIntosh
Panel says Grassy Mountain coal mine in Alberta Rockies not in public interest

Public hearings on the project in southern Alberta’s Crowsnest Pass region were held last fall

Most Read