Week 2 Discussion – Twitter Breach
On July 15th, 2020, several Twitter accounts
Week 2 Discussion – Twitter Breach
On July 15th, 2020, several Twitter accounts associated with prominent figures were hijacked and sent out a bitcoin scam.
Describe the breach, including the type of attack and its ramifications.
How did human nature factor into the breach?
What type of access controls could be implemented to mitigate or minimize the effects of this type of breach?
After reading a few of your classmate’s postings, reply to those from which you learned something new or to which you have something constructive to add. For example:
Discuss what you learned.
Ask probing questions or seek clarification.
Explain why you agree or disagree with your classmate’s main points, assertions, assumptions, or conclusions.
Suggest research strategies or specific resources on the topic.
Then Respond to: Kynnady Mack
On July 15, 2020, several high-profile Twitter accounts were hijacked and used to send out a bitcoin scam message. The affected accounts belonged to prominent figures and organizations, including Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Apple, and Uber. The messages posted from these accounts falsely promised to double any Bitcoin sent to a specific wallet address, effectively attempting to scam people out of their cryptocurrency.
Type of Attack
The attack was a form of social engineering known as a “spear-phishing” attack. The attackers gained access to Twitter’s internal systems by targeting Twitter employees with administrative access. By deceiving these employees, the attackers were able to gain the credentials necessary to access and control the accounts of high-profile users.
Ramifications
Financial Losses: People who fell for the scam sent Bitcoin to the provided wallet address, resulting in financial losses. Reports indicate that the attackers received over $100,000 worth of Bitcoin.
Reputation Damage: The breach damaged the reputation of Twitter as a secure platform. Trust in the security and reliability of the platform was undermined, which can have long-term effects on user engagement and business relationships.
Security Overhaul: Twitter had to conduct a thorough investigation and overhaul its security protocols, which likely involved significant time and resources.
Potential Data Breach: Although the primary goal appeared to be the Bitcoin scam, the attackers also had the potential to access direct messages and other private information, posing further risks.
Human Nature and the Breach
Human nature played a significant role in this breach. Social engineering attacks exploit human psychology, such as the tendency to trust and the desire to be helpful. The attackers targeted Twitter employees, possibly with convincing pretexts or urgent-sounding requests, to gain access to internal systems. Once they had the credentials, they could bypass technical security measures.
Access Controls to Mitigate or Minimize the Effects
Multi-Factor Authentication (MFA): Implementing MFA for all administrative access would require an additional verification step, making it more difficult for attackers to gain access using stolen credentials alone.
Least Privilege Principle: Ensuring that employees have the minimum level of access necessary for their job functions can limit the potential damage from compromised accounts.
Role-Based Access Control (RBAC): Using RBAC to assign permissions based on job roles can help to ensure that only authorized personnel have access to sensitive systems and data.
Regular Security Training: Conducting regular training sessions to educate employees about the latest social engineering tactics and how to recognize and respond to suspicious activity.
Behavioral Analytics: Implementing systems that monitor and analyze user behavior to detect unusual activity, such as accessing accounts or systems outside of normal patterns.
Incident Response Plan: Having a robust incident response plan in place to quickly identify, contain, and mitigate breaches can help minimize their impact.
By understanding the human element in security breaches and implementing strong access controls, organizations can better protect themselves against similar attacks in the future.
References
Twitter investigation report (2020) Department of Financial Services. Available at: https://www.dfs.ny.gov/Twitter_Report Links to an external site.(Accessed: 01 July 2024).