The investigative report of the infamous Twitter hack of July 2020 has revealed that the attackers used social engineering skills and phishing links to dupe remote Twitter employees into providing their credentials.
On July 15, 2020, a 17-year old hacker and his accomplices seized control of dozens of high-profile users’ accounts, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and Bill Gates, stealing over $118,000 worth in bitcoin from unsuspecting users.
How did the culprits penetrate Twitter’s internal network?
According to a New York State Department of Financial Services report, the hackers posing as Twitter IT department workers deceived several employees working remotely to access a fake VPN login page.
“The Twitter Hack started on the afternoon of July 14, 2020, when one or more Hackers called several Twitter employees and claimed to be calling from the Help Desk in Twitter’s IT department,” the report said.
“The Hackers claimed they were responding to a reported problem the employee was having with Twitter’s Virtual Private Network (“VPN”). The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain.”
The report underlines that most employees entered their credentials on the fake webpage, allowing the cybercriminals to simultaneously log in on the legitimate Twitter website. Although these logins also required MFA authentication from Twitter employees, the cyber-thieves convinced them to authenticate, leaving Twitter’s internal network exposed.
“The Department found no evidence the Twitter employees knowingly aided the Hackers,” the financial services regulatory authority added. “Rather, the Hackers used personal information about the employees to convince them that the Hackers were legitimate and could, therefore, be trusted. While some employees reported the calls to Twitter’s internal fraud monitoring team, at least one employee believed the Hackers’ lies.”