High profile Twitter accounts hacked: Here's how the cyber attack unfolded

In an unprecedented series of events, cybercriminals took control of several high profiles Twitter users including the world's richest men, major corporate handles, and celebrities to fool people to send money to a dubious Bitcoin account.
The list includes Jeff Bezos, Bill Gates, Warren Buffet, Elon Musk, Mike Bloomberg, former US president Barack Obama, democrat Joe Bidden, tech major Apple, Uber, popular boxer Floyd Mayweather and Hollywood celebrity Kim Kardashian, her husband Kanye West, among others.

Cybercriminals also took control of financial corporate companies including those dealing with cryptocurrencies such as Gemini, Coinbase, Coindesk, Tron, Ripple and others.
Most of the compromised Twitter posted a similar message urging people to send $1,000 to the Bitcoin account and get back $2,000.

“Feeling greatful, doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes." -- reads the message followed by the Bitcoin account address (we have intentionally removed the link for security reasons).

Actually, this nefarious trick is an old one, usually received through SMSs on phones around the world, but what's unprecedented is that the hackers breached the Twitter's server and took over world's most influential people and also cryptocurrency firms so that it can come off as legitimate and hoodwink Twitter users to believe and send their money to the shady Bitcoin account.

It is widely reported that several people fell for the trick and lost money. Apparently, close to $100,000 was amassed by the perpetrators.

Here's how the hackers took control of high profile Twitter
Intelligent cyber criminals targeted official Twitter administrators with access to internal systems and tools.

Even though there is two-step authentication security is in place for Twitter users, it can only prevent hackers from breaching the former's account via email or phone.

But, this time, hackers gained entry directly from Twitter's servers.

After taking control, they managed to get into high profile Twitter users' accounts and posted the malicious message.

Once the word got out in the media, Twitter took down the compromised Twitter handles and removed the messages. However, some accounts including that of the Elon Musk, continued to show new messages even after Twitter deleting them indicating the bad actors may have changed the email address of the victim to change passwords and continue to post malicious messages.

As a safety measure, Twitter locked all the verified accounts. Later, it was finally able to track all the compromised handles. Initially, it disabled the Twitter activity for several hours and after screening the network of servers and weeding out loopholes, it has activated the Twitter handles and handed over the control back to most of the users. It still warns that Twitter will deactivate again if they deem the account is still vulnerable to attacks.

Why hackers couldn't access the Twitter handle of US President Donald Trump?

Well, we have come to understand that Twitter admins with a special security clearance will be given to access and monitor Twitter handles of the Very Very Important Persons (VVIP) such as Donald Trump and other world leaders. There is a reason behind it. In 2017, a Twitter employee serving the notice period, as a prank on his last day at the office, temporarily deactivated the Donald Trump account causing huge embarrassment to the social media company.

"Through our investigation, we have learned that this was done by a Twitter customer support employee who did this on the employee’s last day. We are conducting a full internal review. We have implemented safeguards to prevent this from happening again. We won’t be able to share all details about our internal investigation or updates to our security measures, but we take this seriously and our teams are on it," Twitter said after the 2017 incident.

Now, it looks like Twitter hasn't done enough to scale up the security for VIPs.

As per the latest official statement, Twitter is continuing the internal investigation and as a precautionary measure, it has limited the internal access to admins until further notice.

"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues," Twitter said.

There is a high possibility that US govt-run security agencies including the Federal Bureau of Investigation (FBI) may join the probe.

"We are aware of today's security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident," FBI San Francisco, where the Twitter office comes under its jurisdiction, said in a statement to the US media.

Stay tuned. Get the latest news on new launches, gadget reviews, apps, cyber security, and more on personal technology only on DH Tech.