CRYPTO SCAM 2020 Group 4 Smriti Thakur – 339/2021,Saurav Sharma-342/2021,Sahil Dhiman- 345/2021,Yashika Narula- 350/2021,Madhurta Uppal- 351/2021 What happened? • Between 20:00 and 22:00 UTC on July 15, 2020, reportedly 130 high-profile Twitter accounts were compromised by third parties to promote a bitcoin scam. • The scam tweets asked people to send bitcoin currency to a specific cryptocurrency wallet, with the Twitter user promising that the money would be doubled and returned as a charitable gesture. • Within minutes from the initial tweets, more than 320 transactions had already taken place on one of the wallet addresses, and bitcoin to a value of more than US$110,000 had been deposited in one account before the scam messages were removed by Twitter. How? The scammers gained access to a Twitter administrative tool, also known as a "agent tool," that allowed them to change various account-level settings of some of the compromised accounts, including confirmation emails for the account. This enabled them to configure email addresses from which any other user with access to that email account could initiate a password reset and post the tweets. According to Vice, the hackers paid insiders at Twitter to gain access to the administrative tool in order to pull this off. The scammer used Bitcoin wallet to remain untraceable. Twitter later confirmed that the scam used social engineering. Multifactor authentication got bypassed. • The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our twofactor protections. As of then, they knew that they accessed tools only available to our internal support teams. • Twitter had been able to further confirm by July 30 that the method used was what they called a "phone spear phishing attack“ • They initially used social engineering to breach the credentials of lower-level Twitter employees who did not have access to the admin tools, and then using those employee accounts, engaged in additional social engineering attacks to get the credentials to the admin tools from employees who did have authorization for their use. • 1500 Twitter employees and partners had access to the admin tools that would allow for the ability to reset accounts as had been done during the incident. • Former members of Twitter's security departments stated that since 2015, the company was alerted to the potential from an inside attack and other cybersecurity measures, but these were put aside in favor of more revenue-generating initiatives. Attack Technique Aftermath: Twitter had to fix gaps for company’s security awareness program . Twitter faced huge fines under European GDPR and US FTC. Twitter users lost USD 118K in two days. Locked accounts and secured internal access. Individually contacted victims to regain access. Provided update about the scam using blog posts.
