Elon Musk and Bill Gates 'hacked' in apparent Bitcoin scam

[MenInG]

Billionaires Elon Musk, Jeff Bezos and Bill Gates are among several high-profile individuals targeted by hackers on Twitter in an apparent Bitcoin scam.

The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency.

"Everyone is asking me to give back, and now is the time," a tweet from Mr Gates's account said. "You send $1,000, I send you back $2,000."

The tweets were deleted just minutes after they first were posted.

On the official account of Mr Musk, the Tesla and SpaceX chief appeared to offer to double any Bitcoin payment sent to the address of his digital wallet "for the next hour".

"I'm feeling generous because of Covid-19," the tweet added, along with a Bitcoin link address.

As well as rapper Kanye West, former US President Barack Obama and Democratic presidential candidate Joe Biden, major companies Uber and the Apple Corporation were targeted.

An unprecedented 'smash and grab' operation
By Joe Tidy, Cyber-security reporter

These "double your Bitcoin" scams have been a persistent pest on Twitter for years but this is unprecedented with the actual accounts of public figures hijacked and on a large scale.

The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter's platform itself.

Early suggestions are that someone has managed to get hold of some sort of administration privileges and bypassed the passwords of pretty much any account they want.

With so much power at their fingertips the attackers could have done a lot more damage with more sophisticated tweets that could have harmed an individual or organisation's reputation.

But the motive seems to be clear - make as much money as quickly as they can. The hackers would have known that the tweets wouldn't stay up for long so this was the equivalent of a "smash and grab" operation.

There are conflicting accounts of how much money the hackers have made and even when a figure is settled upon, it's important to remember that cyber criminals are known to add their own funds into their Bitcoin wallets to make the scam seem more legitimate.

Either way, it's going to be very hard to catch the criminals by following the money and law enforcement, as well as many angry users, will have some strong questions for Twitter about how this could have happened.

Cameron Winklevoss, who along with his brother Tyler was declared the world's first Bitcoin billionaires in 2017, tweeted a message on Wednesday warning people not to participate in the "scam".

In the short time it was online, the address displayed in the tweets received hundreds of contributions totalling more than $100,000 (£80,000).

The Twitter accounts targeted all have millions of followers.

Twitter later said it was looking into the incident and would issue a statement soon.

https://www.bbc.co.uk/news/technology-53425822

 

[MenInG]

Billionaires Elon Musk, Jeff Bezos and Bill Gates are among many prominent US figures targeted by hackers on Twitter in an apparent Bitcoin scam.

The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency.

"Everyone is asking me to give back," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000."

Twitter said it was a "co-ordinated" attack targeting its employees "with access to internal systems and tools".

"We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the company said in a series of tweets.

It added that "significant steps" were taken to limit access to such internal systems and tools while the company's investigation was ongoing.

Meanwhile, Twitter CEO Jack Dorsey tweeted: "Tough day for us at Twitter. We all feel terrible this happened."

Emergency response
Twitter earlier had to take the extraordinary step of stopping many verified accounts marked with blue ticks from tweeting altogether.

Password reset requests were also being denied and some other "account functions" disabled.

By 20:30 EDT (00:30 GMT Thursday) users with verified account started to be able to send tweets again, but Twitter said it was still working on a fix.

Dmitri Alperovitch, who co-founded cyber-security company CrowdStrike, told Reuters news agency: "This appears to be the worst hack of a major social media platform yet."

On the official account of Mr Musk, the Tesla and SpaceX chief appeared to offer to double any Bitcoin payment sent to the address of his digital wallet "for the next 30 minutes".

"I'm feeling generous because of Covid-19," the tweet added, along with a Bitcoin link address.

The tweets were deleted just minutes after they were first posted.

But as the first such tweet from Musk's account was removed, another one appeared, then a third.

Others targeted included:

the rapper Kanye West
reality TV star Kim Kardashian
former US President Obama
former US Vice-President Joe Biden, who is the current Democratic presidential candidate
media billionaire Mike Bloomberg
the ride-sharing app Uber
the iPhone-maker Apple

The Biden campaign said Twitter had "locked down the account within a few minutes of the breach and removed the related tweet".

A spokesman for Bill Gates told AP news agency: "This appears to be part of a larger issue that Twitter is facing."

Instagram message

The BBC can report from a security source that a web address - cryptoforhealth.com - to which some hacked tweets directed users was registered by a cyber-attacker using the email address mkeyworth5@gmail.com.

The name "Anthony Elias" was used to register the website, but may be a pseudonym - it appears to be a play on "an alias".

Cryptoforhealth is also a registered user name on Instagram, apparently set up contemporaneously to the hack.

The description of the profile read "It was us", alongside a slightly smiling face emoticon.

The Instagram profile also posted a message that said: "It was a charity attack. Your money will find its way to the right place."

In any case, the real identities of the perpetrators are as yet unknown.

https://www.bbc.co.uk/news/technology-53425822

 

[sweep_shot]

Shocking!

This is why I feel like ditching social media. Not safe at all.

 

[MenInG]

The FBI's San Francisco office said on Thursday it has launched an investigation after hackers accessed Twitter's internal systems to hijack accounts of high-profile people such as US presidential candidate Joe Biden, reality TV star Kim Kardashian, former US President Barack Obama and billionaire Elon Musk and used them to solicit digital currency.

"At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud," the FBI said in a statement. "We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident. As this investigation is ongoing, we will not be making further comment at this time."

A day after the breach, it was not clear if the hackers were able to see private messages sent by the account holders.

US legislators worried about future attacks.

"While this scheme appears financially motivated...imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market, or upset our international relations," US Senator Ed Markey, a Democrat, said in a statement.

Echoing a similar sentiment, Representative Jim Jordan, the top Republican on the House Judiciary Committee, asked what would happen if Twitter allowed a similar incident to occur on November 2, a day before the US presidential election.

Jordan said he remained locked out of his Twitter account as of Thursday morning and said his confidence in how the company operates has been deteriorating.

The chairman of the Senate Commerce Committee, Republican Roger Wicker, expressed similar concerns and asked Twitter Inc to brief committee staff by next week.

In a letter to Twitter Chief Executive Officer Jack Dorsey on Thursday, Wicker said it "cannot be overstated how troubling this incident is, both in its effects and in the apparent failure of Twitter's internal controls to prevent it". Wicker added it is "not difficult to imagine future attacks being used to spread disinformation or otherwise sow discord through high-profile accounts, particularly through those of world leaders".

Twitter Inc said hackers had targeted employees with access to its internal systems and "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf".

Other high-profile accounts that were hacked included rapper Kanye West, Amazon.com Inc founder Jeff Bezos, investor Warren Buffett, Microsoft Corp co-founder Bill Gates, and the corporate accounts for Uber Technologies Inc and Apple Inc.

In an extraordinary step, it temporarily prevented many verified accounts from publishing messages as it investigated the breach.

The hijacked accounts tweeted out messages telling users to send bitcoin and their money would be doubled. Publicly available blockchain records show that the apparent scammers received more than $100,000 worth of cryptocurrency.

Twitter's shares fell a little more than 1 percent on Thursday afternoon.

CEO Dorsey said in a tweet on Wednesday it was a "tough day" for everyone at Twitter and pledged to share "everything we can when we have a more complete understanding of exactly what happened".

Dorsey's assurances did not assuage Washington's concerns about social media companies, whose policies have come under scrutiny by critics on both the left and the right.

Democratic Senator Mark Warner called on Twitter and law enforcement to investigate the matter while the US House Intelligence Committee said it was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.

Republican Senator Josh Hawley wrote a letter to Dorsey within minutes of the hack and asked about potential data theft and whether the breach affected select users or the security of the platform overall.

Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee that oversees a sizeable portion of US tech policy, said in a tweet the company "needs to explain how all of these prominent accounts were hacked".

The New York State Department of Financial Services also weighed in, saying it will investigate the hack.

https://www.aljazeera.com/news/2020...ijacked-eminent-accounts-200716184339323.html

 

[The Viper]

Senate Republican asks Twitter for urgent briefing on hacking incident

The chairman of the Senate Commerce Committee asked Twitter Inc (TWTR.N) to brief committee staff by next week on the hacking of high-profile accounts on Wednesday.

Senator Roger Wicker, a Republican, in a letter to Twitter Chief Executive Jack Dorsey Thursday said it “cannot be overstated how troubling this incident is, both in its effects and in the apparent failure of Twitter’s internal controls to prevent it.” Wicker added it is “not difficult to imagine future attacks being used to spread disinformation or otherwise sow discord through high-profile accounts, particularly through those of world leaders.”

https://uk.reuters.com/article/us-t...iefing-on-hacking-incident-idUKKCN24H2YZ?il=0

 

[MenInG]

Twitter says hackers "manipulated" some of its employees to access accounts in a high-profile attack on the social media company, including those of Democratic presidential candidate Joe Biden and tech entrepreneur Elon Musk.

Posts trying to dupe people into sending the hackers Bitcoin were tweeted by the official accounts of Apple, Uber, Bill Gates and many others on Wednesday, forcing Twitter to lock a large number of accounts in a damage control move.

More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.

"We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts," said a statement posted on Twitter's blog on Saturday.

For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.

Twitter locked down affected accounts and removed the fraudulent tweets. It also shut down accounts not affected by the hack as a precaution. Most of those have now been restored, the company said on Saturday.

Trump 'will remain on Twitter'
The attack was carried out by a group of young friends with no links to state or organised crime, The New York Times reported on Friday.

The paper said it interviewed four people who participated in the hacking, who shared logs and screenshots backing up their accounts of what happened.

The young hackers said a mysterious user who went by the name "Kirk" initiated the scheme with a message and was the one with access to various Twitter accounts.

They added they were only involved in taking control of lesser-known but desirable Twitter accounts, such as an "@" sign and single letters or numbers that could easily be sold, according to the report.

The hackers maintained they stopped serving as middlemen for "Kirk" when high-profile users became targets.

President Donald Trump's account, which has 83.5 million followers, was not targeted.

"The president will remain on Twitter," White House Press Secretary Kayleigh McEnany said. "His account was secure and not jeopardized during these attacks."

The hack has raised questions about Twitter's security as it serves as a megaphone for US politicians ahead of November's presidential election.

Twitter said it is limiting the information it makes public about the attack while it carries out "remediation steps" to secure the site, as well as training employees to guard against future hacking attempts.

The FBI's San Francisco division is leading an inquiry into the hacking, with many Washington legislators also calling for an account of how it happened.

https://www.aljazeera.com/news/2020...mployees-access-accounts-200718123732426.html

 

[The Viper]

Exclusive: More than 1,000 people at Twitter had ability to aid hack of accounts

More than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others, two former employees said, making it hard to defend against the hacking that occurred last week.

Twitter Inc (TWTR.N) and the FBI are investigating the breach that allowed hackers to repeatedly tweet from verified accounts of the likes of Democratic presidential candidate Joe Biden, billionaire philanthropist Bill Gates, Tesla Chief Executive Elon Musk and former New York Mayor Mike Bloomberg.

Twitter said on Saturday that the perpetrators "manipulated a small number of employees and used their credentials" to log into tools and turn over access to 45 accounts. here On Wednesday, it said that the hackers could have read direct messages to and from 36 accounts but did not identify the affected users.

The former employees familiar with Twitter security practices said that too many people could have done the same thing, more than 1,000 as of earlier in 2020, including some at contractors like Cognizant.

Twitter declined to comment on that figure and would not say whether the number declined before the hack or since. The company was looking for a new security head, working to better secure its systems and training employees on resisting tricks from outsiders, Twitter said. Cognizant did not respond to a request for comment.

“That sounds like there are too many people with access,” said Edward Amoroso, former chief security officer at AT&T. Responsibilities among the staff should have been split up, with access rights limited to those responsibilities and more than one person required to agree to make the most sensitive account changes. “In order to do cyber security right, you can’t forget the boring stuff.”

Threats from insiders, especially lower-paid outside support staff, are a constant worry for companies serving large numbers of users, cyber security experts said. They said that the greater the number of people who can change key settings, the stronger oversight must be.

STUMBLES
The former employees said that Twitter had gotten better about logging the activity of its people in the wake of previous stumbles, including searches of records by an employee accused last November of spying for the government of Saudi Arabia.

But while logging helps with investigations, only alarms or constant reviews can turn logs into something that can prevent breaches.

Former Cisco Systems Chief Security Officer John Stewart said companies with broad access need to adopt a long series of mitigations and “ultimately ensuring that the most powerful authorized people are only doing what they are supposed to be doing.”

Who exactly pulled off the hacking spree isn’t clear, but outside researchers such as Allison Nixon of Unit 221B say the incident appears linked to a cluster of cybercriminals who regularly traded in novelty handles – especially rare one-or-two character account names – that are treated a bit like the vanity license plates of the online world.

Although the public evidence tying the hacking to those was circumstantial, ultra-short Twitter handles were among the first to be hijacked.

In addition, the forums where those hackers were active have long been replete with boasts about having access to Twitter insiders, according to Nixon and Nick Bax, an analyst with StopSIMCrime, a group that lobbies for greater protection against “SIM swapping” – a phone number hijacking technique often used by these kinds of hackers.

Bax said he had seen reference on forums to “Twitter plugs” or “Twitter reps” – the terms used to describe cooperative Twitter employees – since as far back as 2017.

The potential involvement of low-level cybercriminals has particularly alarmed professionals because of the implication that a hostile government might be able to cause even greater havoc.

Access to accounts for national leaders was limited to a much smaller number of people after a rogue employee briefly deleted President Donald Trump’s account two years ago. That could explain why Biden’s account was hijacked but not Trump’s.

Twitter should expand the number of protected accounts, said former Twitter security engineer John Adams. Among other things, accounts with more than 10,000 followers should at least need two people to change key settings.

Security experts said they were worried that Twitter has too much work to do and too little time before the campaign for the Nov. 3 U.S. election intensifies, with potential inference domestically and from other countries.

Said Ron Gula, a cybersecurity investor who co-founded network security company Tenable, “The question really is: Does Twitter do enough to prevent account takeovers for our presidential candidates and news outlets when faced with sophisticated threats that leverage whole-of-nation approaches?”

On a call to discuss company earnings on Thursday, Twitter Chief Executive Jack Dorsey acknowledged past missteps.

“We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” Dorsey told investors.

https://uk.reuters.com/article/us-t...ty-to-aid-hack-of-accounts-idUKKCN24O34E?il=0

 

[MenInG]

Twitter has revealed how accounts belonging to celebrities including Barack Obama, Jeff Bezos and Kim Kardashian were hijacked by Bitcoin scammers two weeks ago.

At the time the company confirmed that a "co-ordinated social engineering attack" had allowed criminals to post tweets from celebs' accounts offering to send $2,000 for every $1,000 sent to a Bitcoin address.

The company has now confirmed that 130 accounts were targeted by the criminals, with 45 being used to send tweets. The criminals also accessed the DM inboxes of 36 users and downloaded the Twitter data of seven.

Now the company has provided details about the social engineering attack - a way of describing a security breach based on convincing someone to provide access, rather than finding flaws in the software.

Twitter said it "targeted a small number of employees" who were called over the phone and tricked into providing their log-in credentials.

"A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools," the company said.

"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.

"This knowledge then enabled them to target additional employees who did have access to our account support tools," the company explained.

The Bitcoin scam posted from the 45 affected accounts appears to have earned the criminals about £95,000 after around 400 payments were sent to three addresses.

However, that would not have been the best way to monetise the criminals' access to the platform, suggesting the hackers were either very inexperienced or that the Bitcoin scam was a distraction from the account data which they truly wanted to steal.

"Since the attack, we've significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation," said Twitter.

"We're sorry for any delays this causes, but we believe it's a necessary precaution as we make durable changes to our processes and tooling as a result of this incident."

The company said it would provide a more detailed technical report on the incident at a later date, but was unable to do so immediately due to the "ongoing law enforcement investigation".

https://news.sky.com/story/twitter-...ammers-hijacked-celebrities-accounts-12039674