Hackers 'paid Twitter employee' to take over high-profile accounts

Twitter was forced to cut off accounts for a period while it addressed the attack - Telegraph/Telegraph
Twitter was forced to cut off accounts for a period while it addressed the attack - Telegraph/Telegraph

A Twitter employee was paid by hackers to infiltrate top accounts of billionaires, politicians and celebrities as part of an alleged Bitcoin scam, according to a new report.

Posts trying to dupe people into sending hackers the virtual currency Bitcoin were tweeted by the official accounts of Elon Musk, Bill Gates, Barack Obama Kim Kardashian and many other on Wednesday.

Vice-owned site Motherboard reported that hackers had convinced an employee at the company to grant them access to an internal user administration tool.

Citing leaked screenshots and two unnamed sources, the site reported that the hackers used an employee that “literally done all the work for us”. A separate source suggested that the hackers paid the employee for access to the tool.

Twitter is still investigating whether or not an employee hacked the accounts themselves or gave the hackers direct access to the tool, Motherboard reported.

Hackers also used the tool to change the ownership of some accounts as well as pump out cryptocurrency scams.

In a tweet overnight, Twitter said: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

The company’s chief executive Jack Dorsey described it as “tough day” for Twitter and that everyone “felt terrible this happened”.

The attack caused high-profile accounts like Apple to tweet that it was “giving back to the community” and that other users should do the same using a bitcoin link.

Surrey University professor Alan Woodward was sceptical of suggestions that a Twitter employee could have been paid to hand over access.

"There was an allegation from Vice that the company had been bribed but you'd have to be the silliest Twitter employee because it's going to be traceable right back to you, it will be a one way trip out the door into court," he said.

"Everybody has their price, it might be that if somebody offered them enough cryptocurrency maybe they thought they could retire to the sun and that would be it so it's a possibility."

Amazon’s Jeff Bezos, former presidential candidate Mike Bloomberg, and musician Kanye West were also affected by the scam.

Records suggest that hackers may have made as much as $100,000 from donations through the link, however at least some of this is likely to from the cyber-criminals putting in their own money in a bid to portray legitimacy.

High-profile official accounts like Uber were compromised in the attack - Twitter
High-profile official accounts like Uber were compromised in the attack - Twitter

Investigators are likely to look at CryptoForHealth.com, which was referred to in the hack.

Research scientist at Sophos Paul Ducklin said that social media often gets crazy but “not often as crazy as this”.

“Until we know exactly how these scam tweets were sent, it’s difficult to suggest what actions you might take, particularly given that access to services such as password changes is restricted,” he said.

“These scammers only succeed if people fall for the tweets - which could happen if those reading it trust the person it’s coming from.”

Toni Vitale, head of data protection at JMW Solicitors said that employees should be the first place companies should look to in order to avoid becoming compromised.

“Most organisations will concentrate on ensuring their IT systems are regularly updated by deploying security patches and ensuring antivirus software is installed,” he said.

“Whilst this approach will prevent the majority of attempts to breach security, the first line of defence will always sit with your staff.”​