icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
16 Jul, 2020 16:41

Twitter employee COLLUDED with bitcoin scammers in takeover of high-profile accounts, hacker sources say

Twitter employee COLLUDED with bitcoin scammers in takeover of high-profile accounts, hacker sources say

A Twitter insider “literally did all the work” for the bitcoin scammers who hijacked dozens of celebrities’ accounts, sources claiming responsibility for the hack have claimed, saying the employee was paid to enable the takeover.

The massive attack on verified accounts belonging to high-profile figures was achieved using an internal Twitter tool, several sources claiming to be behind the hack told Motherboard on Wednesday. The sources supplied screenshots to back up the explosive claim that they were given access to the function by an insider. 

Also on rt.com Alleged screenshots of internal Twitter tools suggest platform maintains user ‘blacklists’ despite denying practice for years

We used a rep that literally done all the work for us,” one source explained, while another said the hackers paid off the Twitter employee to give them access to the tool. They allegedly used that function to simultaneously seize control of dozens of accounts belonging to media personalities, politicians, corporations, and other big names, using the popular accounts to solicit bitcoin donations in a scam that amounted to the largest attack in Twitter history. 

Twitter scrambled to delete tweets that included screenshots of the tool, which in addition to details about a given user’s account (whether they’re suspended, protected or “compromised,” among other information) also included buttons marked “trends blacklist” and “search blacklist.” 

In some cases, the platform even suspended the users who posted the screenshots. A company spokesperson claimed sharing the screenshots violated Twitter’s rules on sharing “private, personal information” in tweets.

It’s understandable why Twitter might not want the images circulating, however. The ‘blacklist’ functions appear to contradict the platform’s longstanding (if somewhat discredited) claim that it does not manually manipulate trends or shadow-ban users. 

The social media giant blamed a “coordinated social engineering attack” for Wednesday’s hack, explaining that the culprits had “successfully targeted some of our employees with access to internal systems and tools.” 

Twitter subsequently told Motherboard it has yet to determine whether the employee(s) gave hackers access to the tool or merely used it to hijack the accounts themselves. The company did not say whether any particular employees were being investigated for potential involvement, or even whether they knew how many insiders were involved.

Also on rt.com ‘Coordinated social engineering attack’: Twitter confirms employees with access to internal systems targeted in bitcoin scam hack

The mega-hack saw the scammers use the hijacked accounts – which included Democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Tesla tycoon Elon Musk, Microsoft founder Bill Gates, former President Barack Obama, and tech giant Apple – to tweet out calls for bitcoin donations, promising to return twice as much money to donors. 

The hackers managed to amass over $118,000 before Twitter removed the scam tweets and temporarily locked down all verified accounts as a precaution. Two sources claiming involvement with the hack also said the employee tool was used to change ownership of some early-adopter accounts with usernames just one or two letters long – so-called ‘OG accounts’. 

In the wake of the unprecedented catastrophe, Twitter has pledged it is taking “significant steps to limit access to internal systems and tools” and looking into what “other malicious activity” the hackers might have perpetrated onsite.

Like this story? Share it with a friend!