Hackers Broke Open Twitter and Published Service’s Internal Interface Screenshots

Image for post
Image for post
Screenshots of Twitter Internal Interface. Source: MOTHERBOARD

Last night, Twitter was attacked globally. Hackers were able to gain access to the service management interface for a while. Many users were surprised that in many verified accounts, including Apple, Uber, Elon Musk, Bill Gates, Warren Buffett, Jeff Bezos, Mike Bloomberg, Barack Obama, Joe Biden, Kanye West, Kim Kardashian, PM Benjamin Netanyahu, Cash App published messages urging them to list bitcoins.

The executive director of the social network, Jack Dorsey, said that it was a terrible day for the company, now there is an investigation into the global incident.

What is already known about hacking Twitter. Unidentified hackers conducted a coordinated attack on company employees using social engineering. As a result of this attack, attackers were able to gain access to unnamed internal systems and service tools. They were able to use them for a while, including taking control of many verified accounts.

witter experts at the moment have not confirmed the fact of leakage of any information or access to certain proprietary information of the company during this attack.

Some of the information security experts are subjected to doubt this version of Twitter and suggest that this attack could plan and carry out employee self or he deliberately gave hackers access to the backend service.

TechCrunch Linking this attack with a hacker under the nickname Kirk (Kirk), since it was to him that the deceived users transferred part of the bitcoins. Also during the attack, changes were recorded in a special panel of the service interface, which is responsible for actions with so-called OG accounts that have a descriptor consisting of only one or two characters. The privacy and access settings for these accounts were also quickly changed by hackers during this attack. According to TechCrunch, Kirk not only gained access to them but also managed to sell several of these premium Twitter accounts for several thousand dollars per account.

Experts also explained that in addition to the personal benefit of transferring bitcoins to them, hackers could still have other plans during this attack. So, they published several screenshots of the internal interface for managing the service. Thus, they confirmed that it is possible to bypass the platform’s security systems and be there for some time as administrators, who, as it turned out, are allowed, if not all, then a lot. So, for example, for some time after the general blocking by Twitter experts of access to accounts, they could write new messages there.

Moreover, the fact that published information about this was quickly deleted by moderators from Twitter only confirmed the veracity of this information, which the attackers leaked about this attack.

It turned out that in the internal interface of the service, in addition to general information that the account is in the status of “suspended”, “locked forever” or “has a protected status”, there are additional fields, activation of which, for example, can reduce the issuance and citation of account messages.

The current attack was the largest incident for Twitter in the history of the social network. The first mass hacking of popular accounts occurred in 2009, then even the account of U.S. President Barack Obama was hacked. In 2019, hackers were able to access Jack Dorsey’s account and write messages there for a while. In February 2020, hackers hacked into the official Facebook Twitter account using the third-party Khoros platform.

Source: https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos

Written by

Bioinformatician at Oncobox Inc. (@oncobox). Research Associate at Moscow Institute of Physics and Technology (@mipt_eng).

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store