#PushKnowledge
Bhavik Jain .

Nobody is safe anymore!😔

Some days back we have discussed why the cyber attack is the most alarming security threat to any nation! Why securing privacy is one of the most important things in this Cyberworld!

YET WE SEE ANOTHER CYBER SCAM!😕

Forget about common people, even most powerful and prominent leaders such as Barack Obama, Elon Musk, Bill Gates, Warren Buffet are not safe!

Their Twitter accounts were hacked yesterday in an apparent effort to promote a Bitcoin scam.😳

The attacks were stunning in scope and almost certainly coordinated.

The fact that so many different users have been compromised at the same time implies two things;

Is there a problem with the Twitter Platform itself? or Are we missing any bigger picture behind these scams?

Are we protected enough?🤔

Originally Posted Here
27 Comments

Sri Ram

This is something which is been happening since ages.🙂and twitter said, this is a social engineering attack which allowed the attacker to access one of the employees admin level account.

Bhavik Jain

True account hacking is been happening since ages but nobody tried to mint money through this way. Also, can you share some light on social engineering attack?

Bhavik Jain

Noted will check your video. Can you share some points out of your video?

Sri Ram

sure! This video is all about how someone could manipulate you over online, collect informations with your Instagram and what someone could do with it etc. Social engineering is basically all about manipulating you, it could be over a phone call or a scamming mail you get!

Bhavik Jain

o it means they manipulate you to share some important credentials and then these hackers use it to hack?

Sri Ram

yeah. It could be credentials or asking you click a link or it could be anything. The possibilities are endless.

Bhavik Jain

Oh it means nowadays companies should try to keep their important information away from all the electronic devices used by the employees?

Maybe the employees should not log in into anything personal and keep those devices at the office after using it.

Sri Ram

yes! But due to WFH, it would be a very difficult for organisations like twitter to do that.

Let’s say I’m targeting twitter.

1. I’ll go check for the employees.
2. Assume, I found a HR.
3. HR usually opens all the docs, excel sheets when they receive it via mail.
*that doc isn’t a normal doc, it’s an exploit*
4. HR opens it, it would look like a normal doc but it’s not, it would infect ur pc completely and give access to the attacker.

This is one scenario but there are many.

Bhavik Jain

So twitter can do basic training for dummies and this might help them reduce the chances of the same.

Sri Ram

yeah yesh, they should. They should’ve done too. Also, we cannot blame these organisations too, this happened with sony too. These are sophisticated attacks. Well planned one though!😀

Bhavik Jain

Yes we can't blame them as they are well-planned attack but training helps in reducing the chances.

Sri Ram

true

Bhavik Jain

I think nowadays every company who uses tech should do this, hackers can do a DDOS attack just for fun also.

Sri Ram

Haha, true true! Back in those people do it for fun!😂but, every organisation’s employee should have a basic knowledge of what to do and what not to do. Especially at times like these.

Bhavik Jain

true employees should. A few years back, one of the startups for whom I was working, had kept the backdoor of the website open and some hacker for fun did mischief with it.

Sri Ram

😂

Bhavik Jain

It was a very small company, they had just started so it didn't make any huge difference but I have seen a website which was hacked and turned into a movie hosting website.

Sri Ram

lol. Nowadays, people started making money out of bug bounty. But yeah it happens.

Bhavik Jain

True it does

Anand Padmanabhan

Nice inputs Sri Ram and Bhavik Jain.

I have been promoting a smart contracts based Cryptocurrency investment product. Yesterday I had a pitch with a prospect and some time ago I received this Scam post snap shot from him like - look you said people can't hack into Blockchain based systems and look what's happening!

Bhavik Jain

Hey Anand so how did you respond to that?

Anything and everything created by a human is hackable, there is nothing such as hackproof. Not today but tomorrow somebody smarter then you will take birth and change the game.

Anand Padmanabhan

Hi Bhavik,

You have a point.

I told my prosoect that the Blockchain system cannot be hacked on the fly.

However, phishing attacks and scammers exist in every domain. You fall for it, it's your problem not the Technology at fault.

Since he checked with me I have told him what it is!

Even the CryptoWallet folks can't help you if you have done the transaction. The transaction is done by you! However, you can trace the rogue address and wallet through concerted efforts and perseverance. Then comes the legal action part - this is still a grey area.

Like Scammers and Hackers rise, the Counter Ops and plugs are also initiated. Part of Evolution!

Prevention is better than cure!

This is where creating the right awareness becomes the responsibility of the organization promoting such schemes.

Rajas S Pathak

Social Enginnering & spear-phishing are some of the probabilities of such type of an attack.

The teams who manage such prominent leaders & powerful individuals' social media handles might have been the victims of data breach due to which the credentials might have been exposed.

Looking at the pattern, what I think is that there is Zero-day Vulnerability in Twitter that let this happen. Such vulnerabilities do not surface on social media or in public notice. They are exploited only at the time of attacking.

Endpoint protection & awareness are the most the most powerful tools to defend yourself!

Bhavik Jain

I think the people who were used as pawn were the employees of Twitter.

I agree with the vulnerability part.

Yes awareness is one of the biggest tool to defend

Rajas S Pathak

Twitter handles & Instagram are most preferred & loved platforms these days so they are the favourite targets of hackers. Plus, some darknet websites provide Zero-day Vulnerability Information in exchange of some bitcoins.

The point is that becoming atarget to such attacks has become very easy. Even if there are layers of protection, the security of the account is not in our hands.

We should limit our preference to social media so that it doesn't become a pain point when it's targeted.

Sooraj Kumar R

Lemme sound massively ridiculous here and put out a conspiracy theory.

This was an orchestrated move with the "affected parties" being aware of it. Incidents like this is why the conventional banking system wants to prevent cryptocurrency from comingto life. In a world where news can be manufactured at will, what better than this to make global news at one go?

Why hasn't any of these "affected people" sued Twitter yet

Join India’s
most active community
and interact with 20k+
like-minded entrepreneurs