Unit 2: How the Attack took place
Stage 1
The hackers called twitter employees posing as Twitter IT support and told Twitters employees that Twitters Virtual Private Network (VPN) was facing issues.
As many Twitter employees were working from home, they required the use of the VPN. However, Twitter VPN often had problems. Hence, this made the hacker's story more believable.
A virtual private network is a encrypted connection which employees can use to access cooperate networks from home.
Whats Virtual Private
Network (VPN)?
Phishing account for the majority of reported security incidents of 2020 (Sobers, 2021). . Phishing is a type of Social engineering where hackers disguise themselves as someone who is trustworthy in order to trick individuals into giving confidential information like passwords.
What is phishing?
Stage 2
The hackers also created a phishing website. Through masquerading as Twitter IT support, they tricked Twitter employees into entering their credentials onto the phishing website.
Stage 3
Even though the first few targeted Twitter employees did not have access to twitters internal tools, the hackers were able to gain information from those twitter employees. They used this information to target employees with access to these internal tools. They used phishing tactics to get credentials from those targeted employees. This is a process known as spear phishing.
After they managed to trick those twitter employees, the hackers seized control of twitters internal tools using the stolen credentials
Spear phishing is a type of phishing attack done with usually a single person in mind. This attacks usually occur to employees or people that are in very important positions.
Spear phishing
Stage 4
Using Twitter internal tools, the hackers first seized control of the OG accounts and sold them for a high price.
Original Gangster (OG) accounts are accounts that have short usernames. They are particularly desired by hackers and can be sold for money.
What are OG accounts?
Stage 5
After selling the OG accounts, the hackers turned their sights onto verified accounts. The hackers seized these accounts and entice victims with bitcoin give-aways to scam victims.
Due to how many people trusted these verified accounts, many individuals fell to the scam. The hackers also used Twitter Your Twitter Data (YTD) tool to download data from 7 accounts.
Verified accounts are accounts that are confirm to be the real accounts of people. In Twitter, this confirmation is in the form of a blue tick to the side of the account name. This is usually given to influential Twitter users.
What are verified accounts?