Biggest Twitter Hack Took for Attackers 24 Hours

The New York Department of Financial Services presented a report on the results of investigation of a Twitter hack that took place in July this year. According to the report, it took cybercriminals 24 hours to complete the hack.

As the investigation established, the attack began on July 14 and ended the next day, when it became obvious that the accounts of a number of public figures, including politicians and founders of large companies, had been hacked by hackers for fraudulent purposes.

The attackers, identified shortly after the incident, used access to the internal Twitter network to change the email addresses and credentials of users of interest and take control of their accounts.

“In total, hackers tried to attack 130 accounts and 45 of them had their passwords changed”, – says the NYDFS report.

A few weeks after the incident, the Twitter administration reported that during the attack, the attackers contacted company employees by phone and tricked them into gaining access to the necessary internal support tools. According to the NYS Department of Financial Services, it took almost a day from the time of the phone call to the hack.

The attack was allegedly carried out by 17-year-old Florida resident Graham Ivan Clark aka Kirk #5270, 19-year-old Briton Mason John Sheppard, aka Chaewon, and 22-year-old Florida resident Nima Fazeli, also known as Rolex.

After lunch on July 14, the attackers called several Twitter employees and, posing as IT employees, reported problems with the VPN (a very common problem, given the number of employees working remotely). They then asked employees to enter their credentials into a form on a phishing page.

“The investigation did not find any evidence that the employees deliberately helped the hackers. With the help of employees’ personal information, the attackers managed to convince them that they are really who they say they are”, – says the report.

While some employees did report a suspicious call to Twitter’s internal anti-fraud department, at least one victim fell for the bait.

Although the first victim did not have access to the internal systems of interest to the hackers, they used her credentials to navigate the network and search for employees who had such access. On July 15, attackers attacked these employees, including those responsible for handling delicate global legal requests.

Soon after the attackers gained control of Twitter accounts (including the “original gangster” OG accounts), they began discussing selling OG usernames and demonstrating that they had access to Twitter’s internal systems.

Cybercriminals then switched to verified accounts to lend credibility to their cryptocurrency fraudulent scheme.

“Within a few hours, they attacked the accounts of cryptocurrency trader AngeloBTC, cryptocurrency exchange Binance and ten other cryptocurrency-related accounts, including Coinbase, Gemini Trust Company and Square”, – reports NYDFS.

A few hours later, hackers began to post tweets from compromised accounts, including Apple, Uber, Bill Gates, Elon Musk, Kanye West, Floyd Mayweather, Kim Kardashian, etc. As a result, they managed to steal $118 thousand in bitcoins.

The NYS Financial Services Authority found that the incident had compromised the non-public data of some users, and Twitter did not update information about the incident in a timely manner.