Twitter said late Wednesday that hackers used social-engineering to access internal company tools and exploit a number of high-profile accounts earlier in the day. CEO Jack Dorsey also tweeted a public apology for the chaos this has caused. A number of prominent Democrats, including U.S. Presidential hopeful Joe Biden and former President Barack Obama, were targeted. Also attacked were the Twitter accounts of Bill Gates, Elon Musk, Kanye West and New York City Mayor Mike Bloomberg, as well as the corporate accounts of Silicon Valley giants Apple and Uber. In a statement, Twitter said that it had “detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.” Twitter said that it first became aware of the incident late afternoon Pacific Standard Time. It moved to remove the tweets and disable the affected accounts. Likewise, as a precautionary measure, it also temporarily disabled the ability for verified twitter accounts — with a blue checkmark — to tweet.  “This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do,” Twitter wrote. The company said it is now looking into any other “malicious activity” the attackers may have conducted. Online security experts speculated that if attackers were able to compromise Twitter accounts in such a form, they might also have access to the direct messages those accounts had received. 

What is social engineering?

In the context of cyber security, “social engineering” is the act of tricking employees, rather than brute hacking of code, to gain access to buildings, systems or data. Often it involves impersonating another person, such as a senior-level executive at a company.  In the crypto community, a popular social engineering attack is SIM-swapping. In this case, the attacker impersonates the target and asks a customer service representative at a telecom for a new SIM card, allowing the attacker to receive second-factor authentication texts sent to the target’s phone number. 

Was the Twitter hack an inside job?

The social engineering explanation is seemingly at odds with other theories of how the hack was executed. According to a report from Motherboard, which cited sources supposedly involved in the attack, a Twitter insider was paid to compromise the social platform. “We used a rep that literally done all the work for us,” Motherboard quoted a source as saying. Motherboard showed screenshots from the purported hackers that supposedly show the “God mode” tool used to provide root access. The screenshots depict numerous high-profile Twitter accounts being manipulated, including that of Binance.
twitter panel motherboard

A tool that was reportedly used to manipulate accounts (source: Motherboard)

twitter panel motherboard binance

Another screenshot of the tool used by a Twitter insider to manipulate the account (source: Motherboard)

Hours after news of the attack broke, Sen. Josh Hawley of Missouri wrote to Twitter and Dorsey imploring them to cooperate with federal officials in investigating the attack.  “I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” Hawley wrote to the company. “As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,” he wrote. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security. Twitter has a history of bad actors inside the company. Last year, the Department of Justice charged two former Twitter employees with spying on Saudi dissidents. Ahmad Abouammo and Ali Alzabarah alleged used their system access to collect phone numbers and IP addresses of Saudi dissidents and pass them back to Saudi law enforcement. Court documents state that the process of collecting this sensitive information was “trivial” for the two employees, showing the susceptibility of social media companies to insider attacks.  Twitter said that all verified accounts were able to resume tweeting, but password reset functions were locked down until further notice This story originally appeared in Decrypt, a media company covering crypto and the decentralized web, and appears here with additional updates by Forkast.News.