Twitter: Hackers used phone to fool staff, gain access

The hackers targeted 130 Twitter accounts including that of high-profile users Elon Musk, Kanye West and his wife Kim Kardashian. (AP)
Short Url
Updated 31 July 2020

Twitter: Hackers used phone to fool staff, gain access

  • Embarrassing July 15 attack compromised the accounts of some of its most high-profile users

LONDON: Twitter says the hackers responsible for a recent high-profile breach used the phone to fool the social media company’s employees into giving them access.
The company revealed a few more details late Thursday about the hack earlier this month, which it said targeted “a small number of employees through a phone spear-phishing attack.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
The embarrassing July 15 attack compromised the accounts of some of its most high-profile users, including Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an apparent attempt to lure their followers into sending money to an anonymous Bitcoin account.
After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
Twitter said it would provide a more detailed report later “given the ongoing law enforcement investigation.”
The company has previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal systems and tools. It didn’t provide any more information about how the attack was carried out, but the details released so far suggest the hackers started by using the old-fashioned method of talking their way past security.
British cybersecurity analyst Graham Cluley said his guess was that a targeted Twitter employee or contractor received a message by phone asking them to call a number.
“When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,” Clulely wrote Friday on his blog.
It’s also possible the hackers pretended to call from the company’s legitimate help line by spoofing the number, he said.


Lebanese news agency boycotts politicians’ press conferences, including Hezbollah’s Nasrallah

Updated 07 August 2020

Lebanese news agency boycotts politicians’ press conferences, including Hezbollah’s Nasrallah

  • The Lebanese news agency LBCI has said it will no longer provide coverage of any politician’s press conference, including Hezbollah’s Secretary-General Hassan Nasrallah
  • “Let your accomplishments speak for you and don’t distract people with storytelling,” an LBCI presenter said

LONDON: The Lebanese news agency LBCI has said it will no longer provide coverage of any politician’s press conference, including Hezbollah’s Secretary-General Hassan Nasrallah, following Tuesday’s massive explosions.

“The Lebanese Broadcasting Corporation International decided that what comes after Aug. 4 is not like what came before,” a presenter announced on live television on Friday.

“Because after the earthquake is not the same as before, because your (Lebanese government) neglect and failure is one of the main reasons for what we have come to ... because after Aug. 4, we need actions and not words, achievements and not speeches.

“Let your accomplishments speak for you and don’t distract people with storytelling,” she said.

“Finally, we tell people: While you are waiting for the speeches of your leaders, there are mothers who are waiting for the return of their children from the rubble — the priority is for them, not for you.”

Many Lebanese welcomed LBCI’s announcement, with several taking to social media to praise the move — especially given that Nasrallah spoke at a press conference at 5:30 p.m. local time, his first address since the blasts.

“Not only Nasrallah, but all speeches, by all parties. They are nothing more than propaganda. They own their own propaganda bullhorns, so let them use those to address their sheep, rather than block the airwaves for the rest of us,” Raghda Azad, a policy adviser, told Arab News.

“Not that LBC is a model or anything, but all television outlets should stop unquestioning and uncritical reports of so-called leaders,” she added.

However, some doubt the move will not be followed by other stations.

“I think it would be great if they all do. But I think because many people care what he says, stations feel like they should oblige,” Aya Chamseddine, a Beirut-based researcher, told Arab News.

“Generally, people tend to — even if they loathe him — root themselves in front of TVs to watch and listen. His speeches are theatrics above all,” she said. “His narrative will be predictable. He will say they know more than anyone what it means to lose people. He’ll be insulting.”

A Lebanese media expert, who did not want to be named due to the sensitivity of the issue, disagrees with the move.

“CNN, even when it hates (US President) Trump, carries his speeches. Nasrallah is the biggest political player in the region; when he speaks people would want to listen because of his effect on politics and our daily lives,” he said.

“The issue is analyzing what he says later, and tearing it apart when it is false or stupid, like CNN does after every Trump speech or statement.”

The boycott comes three days after Beirut was rocked by two blasts when 2,700 tons of ammonium nitrate confiscated six years ago and left in a port storage hangar exploded.

The massive explosions left at least 140 people dead, over 5,000 injured and more than 300,000 homeless. Many say that government corruption and negligence are behind the explosion.