Twitter has confirmed hackers made use of tools that were supposed to have only been available to its own staff to carry off Wednesday’s hack attack.
The breach saw the accounts of Barack Obama, Elon Musk, Kanye West and Bill Gates among other celebrities used to tweet a Bitcoin scam.
Twitter also revealed the perpetrators had downloaded data from up to eight of the accounts involved.
It declined to reveal their identities but said none of them were “verified”.
Get breaking news on your Mobile as-it-happens. SMS ‘NEWS’ to 20153
This means they did not have a blue tick to confirm their ownership, and thus were not among the most high-profile hacked accounts.
However, the fact the attackers were able to make use of the Your Twitter Data download tool means they now potentially have access to affected users’:
- private direct messages, including photos and videos
- contacts, which Twitter’s app would have imported from their smartphone address books
- physical location history, logged at times they had used the service
- details about the accounts they had muted and blocked
- interest and demographic information Twitter had inferred about them via their use of its platform
In a further development, the New York Times has suggested that the social network became exposed after the hackers gained access to credentials that had been shared on Twitter’s internal Slack messaging channel – a service that some companies use as an alternative to email.
The newspaper also suggests that at least two of those involved are from England.
In total, Twitter said 130 accounts had been targeted, of which the hackers had managed to reset the passwords of 45, giving them control.
It added that it believed those responsible may have attempted to sell some of the pilfered usernames.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems,” it said in a statement.
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems.”
It added: “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry.”
How did the attack unfold?
Twitter said the attackers had targeted certain Twitter employees through a “social engineering scheme”.
“In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” it said.
A small number of staff had been successfully manipulated, it said.
Once inside Twitter’s internal systems, the hackers were not able to see users’ previous passwords but could access personal information including email addresses and phone numbers as these are visible to staff using internal support tools.
They may also have been able to view additional information, the company said. There has been speculation that this could include direct messages.
The private messages of Kanye West, Kim Kardashian West or Elon Musk could be worth money on dark web forums. Selling the private messages of presidential hopeful Joe Biden or former mayor of New York Michael Bloomberg could also have political consequences.
It is not clear why the hackers did not download all the data of these celebrity accounts but did so for others.
Twitter is “actively working on communicating directly” with the affected users, its statement said. It is also continuing to restore access for other users still locked out of their accounts as a result of the firm’s initial response to the hack.
What happened during the hack?
On 15 July, a number of Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community by doubling any Bitcoin sent to their address.
Then, the apparent scam spread to high-profile accounts such as Kim Kardashian West and Joe Biden, and those of corporations Apple and Uber.
Twitter scrambled to contain the unprecedented attack, temporarily preventing all verified users – those with a blue tick on their accounts – from tweeting.
However, US President Donald Trump, one of the most prominent Twitter users, was unaffected.
There has been speculation for some time that President Trump has extra protections in place after his account was deactivated by an employee on their last day of work in 2017.
The New York Times confirmed that was how Mr Trump’s account escaped the attack, citing an anonymous White House official and a separate Twitter employee.
Despite the fact that the scam was obvious to some, the attackers received hundreds of transfers, worth more than $100,000 (£80,000).
What do we know about the attackers?
Bitcoin is extremely hard to trace and the three separate crypto-currency wallets that the cyber-criminals used have already been emptied.
The digital money is likely to be split into smaller amounts and run through so-called “mixer” or “tumbler” services to make it even harder to trace back to the attackers.
Clues about those responsible have surfaced through bragging on social media – including on Twitter itself.
Earlier this week, researchers at cyber-crime intelligence firm Hudson Rock spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees. It appeared to allow full control of adding an email to an account or “detaching” existing ones.
This means that the attackers had access to the back end of Twitter at least 36-48 hours before the Bitcoin scams began appearing on Wednesday evening.
The researchers have also linked at least one Twitter account to the hack, which has now been suspended.
Europe beckons for South African rugby after Kiwi snub
JOHANNESBURG, South Africa, Jul 20 – World Cup-winning Springbok Schalk Brits believes the future of South African rugby lies in Europe after New Zealand said there was no room for sides from the republic in Super Rugby.
“All of this jet lag and flying across different time zones just does not work,” said the hooker who retired after the triumphant 2019 World Cup campaign.
“We have got so many South Africans playing in Europe and it would be awesome to see them in action here for European clubs.”
With New Zealand favouring a trans-Tasman Super Rugby competition, South Africa Rugby chief executive Jurie Roux will address the media Tuesday about the way forward.
There has been no rugby in South Africa since mid-March due to the coronavirus pandemic, which claimed 5,033 lives by late Sunday, the most in an African country.
Here, AFP Sport looks at the possibilities for the world champions Springboks and Super Rugby teams the Bulls, Lions, Sharks and Stormers.
There has been speculation that the six-round annual tournament will be cut to four matches with New Zealand and Australia playing in South Africa only every second year.
That would be a huge blow for SA Rugby coffers as the century-old rivalry with the All Blacks makes them a huge drawcard.
South Africa might consider abandoning the Championship and pursuing a suggestion by former All Blacks Justin Marshall and Jeff Wilson for three-Test tours between the great rivals.
“British and Irish Lions tours are so successful because we look forward to them,” noted another ex-All Black, John Kirwan. The same could be said of an All Blacks-Springboks series.
Should South African franchises move north, would the Springboks follow suit and apply to join England, France, Ireland, Italy, Scotland and Wales in a ‘Seven Nations’ championship?
Having the world champions on board would surely excite the organisers and costs would be greatly reduced if the Springboks played their three away matches on consecutive weekends.
England, Ireland, France and Wales, in particular, would bring freshness for rugby followers, who have not rushed to the turnstiles for Championship visits by Australia and Argentina.
Ask the SA Rugby treasurer for his ‘dream’ line-up and he would surely say a multi-Test tour by the All Blacks and participation in the ‘Seven Nations’.
Although not official yet, the reality is that New Zealand want to play some Australian sides and the Pacific Islands in a new competition while excluding South Africa and Argentina.
The original version, a Super 10 between 1993 and 1995, was a superb competition, but constant tinkering and expansion has led to waning interest in a difficult-to-follow event.
Even those supporting the Golden Lions of South Africa could not have derived too much satisfaction from a 94-7 thrashing of Japanese visitors the Sunwolves three years ago.
South Africa sides often battled with time differences in Australasia — New Zealand is 11 hours ahead of the republic — and were weary after four-match tours.
Pro14 chief executive Martin Anayi says he would welcome Super Rugby ‘rejects’ the Bulls, Lions, Sharks and Stormers into an expanded edition.
“The tournament works well but could be even better if we added some South African teams,” he said, referring to a competition that also includes Irish, Italian, Scottish and Welsh teams.
But there may be no room for the two current South African Pro14 participants, the Cheetahs and Kings, who have experienced very different fortunes.
While the Cheetahs have been competitive, the Kings won just four of 55 matches in three seasons with some of the losing margins embarrassing.
The domestic competition has survived constant format changes to remain the vital ‘nursery’ from which Springboks emerge.
First staged in 1892, it was the bedrock of South African rugby until the dawn of professionalism after the 1995 Rugby World Cup.
As Test and Super Rugby fixtures took up an increasing amount of the season, the Currie Cup often battled for calendar space.
But it survived and this year could feature the four Super Rugby sides plus the Cheetahs, Kings, Griquas and Pumas, if play is possible amid the coronavirus.
Kenya records highest number of deaths from Covid-19
Kenya’s coronavirus cases rise to 13,771 after 418 more infections
Kenya on Monday reported 418 more Covid-19 infections, raising the country’s tally to 13,771 since the virus was first confirmed on March 13.
Health Chief Administrative Secretary (CAS) Rashid Aman also reported four more deaths, raising the toll to 238. He rectified an earlier report about 19 deaths in a single day, which would have been the highest number ever recorded in Kenya.
The 418 new patients were found following the testing of 2,474 samples in the last 24 hours.
Four hundred and eight of them were Kenyans and 10 foreigners while male patients numbered 263 and female patients 155.
Dr Aman also announced that 494 patients had been discharged, raising the country’s total number of recoveries to 5,616.
Of the recovered patients, 465 were under home care and the rest in hospitals.
More to follow