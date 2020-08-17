James Martin/CNET



Twitter is removing images from the social network that could point out how hackers they carried out a large wave of account hijackings on the platform. On Wednesday July 15, Hackers seized prominent users’ Twitter accounts, including Barack Obama, Bill Gates, Elon Musk, Kanye West, and Jeff Bezos, to promote a Bitcoin scam.

While the hacks on Twitter they are nothing new (the social network experiences frequent violations of this type), the repeated and singular theme of the hack Wednesday’s accounts suggest an effort beyond the SIM hijacking-type attack that was Twitter boss Jack Dorsey himself victimized last August.

“Given that numerous high-profile Twitter accounts were compromised as part of this attack (accounts that would presumably be protected by multi-factor authentication and strong passwords), it is highly likely that the attackers could hack the back-end or the Twitter application service layer, “explained Michael Borohovski, director of software engineering for cybersecurity company Synopsys.

Twitter said the attack came from hackers who compromised one of its employees’ accounts.

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. — Twitter Support (@TwitterSupport) July 16, 2020

The company said it is investigating what other access the attackers had after getting their hands on internal Twitter tools.

Users of a hacking forum where the desired Twitter users are sold showed screenshots of the Twitter administrative panel, showing internal details such as the email addresses registered in the accounts, when the account was last accessed and what phone numbers were linked to her. You could also see the number of attacks logged on each account.

The screenshots were first reported by Motherboard and later shared with CNET by a forum user.

“They forced me to delete the tweet and banned me from tweeting or interacting for 12 hours with anyone on the website,” said the person who shared the screenshots.

The images are being removed from Twitter for violating the site’s rules, as they display personal information, including contact information for accounts.

The thread showing Twitter’s internal tools has since been removed, according to the user. It is unclear how the hackers were able to obtain screenshots of Twitter’s internal tools.

“We don’t know how long the attackers had access or the motives, but they caused great mistrust in the security of the platforms,” ​​said Dave Kennedy, founder of cybersecurity company TrustedSec. “We do not know who was responsible or if this attack was the only part of it. We hope that Twitter will be transparent in its investigation and say who was behind the attacks.”

Lawmakers are already demanding responses from the social network. Sen. Josh Hawley, a Republican from Missouri, sent a letter to Twitter requesting that he contact the Department of Justice and the FBI for help in the investigation.

The letter requests that Twitter reveal whether the hacking campaign was a violation of users or of Twitter’s own internal systems.

“I am concerned that this event may represent not just a coordinated set of separate hacking incidents, but rather a successful attack on Twitter security,” Hawley said. “As you know, millions of your users rely on your service not only to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to the privacy and security of data of all its users “.