The accounts were a who’s who of the rich and famous: former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos, Joe Biden, Bill Gates, and Mike Bloomberg. Collectively, they all posted similar tweets asking for donations via Bitcoin. An example would be Mike Bloomberg’s situation, in which the hacker played up the con that the money was going to an organization called CryptoForHealth.
Inside job
The interesting thing about this hack is that all signs point to it starting from the inside with one of Twitter’s own employees. Purportedly, that employee gave the hacker(s) access to an admin tool which, in turn, gave them access to any Twitter account they wanted.
"We used a rep that literally done (sic) all the work for us," an anonymous source told Motherboard. Another source said they paid the Twitter insider to do the dirty deed.
“We are giving back to our community,” is how the tweets started off. “We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going on for the next 30 minutes.”
If there’s a sucker born every minute, you can imagine how many suckers the hacker found in that half-hour. In its reporting of the incident, TechCrunch tracked down someone in the underground hacking scene who said the hacker was able to make off with more than $100,000.
Once the hacker was happy with their haul, they used the same admin tool to reset the email addresses of the hacked accounts, making it darn near impossible for the account holders to reclaim control of their accounts.
Twitter is scratching its head
As of Thursday afternoon, Twitter was still trying definitively to find out what happened.
It tweeted that its internal investigation is continuing, but the platform says it’s taken “significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Update
Business Insider asked cybersecurity experts to take a deeper dive into the Twitter hack and those experts reported back with the possibility that the attack could have been a sign of a broader, more nefarious scheme.
"If you suddenly had access to some of the most prolific, powerful people, what would you do?" Kevin O'Brien, CEO of the cloud email security company GreatHorn, told Business Insider. "Would you say that you wanted to get some bitcoin? That's a bizarrely small use of this level of access."
In O’Brien’s estimation, taking the route of posting the cryptocurrency request tweets might have been the hackers’ way of testing the water to see how far into Twitter’s systems they could go. One of O’Brien’s peers, Ryan Olson, vice president of Unit 42 at Palo Alto Networks, agreed.
"Noisy attacks are a great way to distract security teams from other malicious activities," Olson said.