Twitter has confirmed hackers made use of tools that were supposed to have only been available to its own staff to carry off Wednesday’s hack attack.
The breach saw the accounts of Barack Obama, Elon Musk, Kanye West and Bill Gates among other celebrities used to tweet a Bitcoin scam.
Twitter also revealed the perpetrators had downloaded data from up to eight of the accounts involved.
It declined to reveal their identities but said none of them were “verified”.
Get breaking news on your Mobile as-it-happens. SMS ‘NEWS’ to 20153
This means they did not have a blue tick to confirm their ownership, and thus were not among the most high-profile hacked accounts.
However, the fact the attackers were able to make use of the Your Twitter Data download tool means they now potentially have access to affected users’:
- private direct messages, including photos and videos
- contacts, which Twitter’s app would have imported from their smartphone address books
- physical location history, logged at times they had used the service
- details about the accounts they had muted and blocked
- interest and demographic information Twitter had inferred about them via their use of its platform
In a further development, the New York Times has suggested that the social network became exposed after the hackers gained access to credentials that had been shared on Twitter’s internal Slack messaging channel – a service that some companies use as an alternative to email.
The newspaper also suggests that at least two of those involved are from England.
In total, Twitter said 130 accounts had been targeted, of which the hackers had managed to reset the passwords of 45, giving them control.
It added that it believed those responsible may have attempted to sell some of the pilfered usernames.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems,” it said in a statement.
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems.”
It added: “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry.”
How did the attack unfold?
Twitter said the attackers had targeted certain Twitter employees through a “social engineering scheme”.
“In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” it said.
A small number of staff had been successfully manipulated, it said.
Once inside Twitter’s internal systems, the hackers were not able to see users’ previous passwords but could access personal information including email addresses and phone numbers as these are visible to staff using internal support tools.
They may also have been able to view additional information, the company said. There has been speculation that this could include direct messages.
The private messages of Kanye West, Kim Kardashian West or Elon Musk could be worth money on dark web forums. Selling the private messages of presidential hopeful Joe Biden or former mayor of New York Michael Bloomberg could also have political consequences.
It is not clear why the hackers did not download all the data of these celebrity accounts but did so for others.
Twitter is “actively working on communicating directly” with the affected users, its statement said. It is also continuing to restore access for other users still locked out of their accounts as a result of the firm’s initial response to the hack.
What happened during the hack?
On 15 July, a number of Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community by doubling any Bitcoin sent to their address.
Then, the apparent scam spread to high-profile accounts such as Kim Kardashian West and Joe Biden, and those of corporations Apple and Uber.
Twitter scrambled to contain the unprecedented attack, temporarily preventing all verified users – those with a blue tick on their accounts – from tweeting.
However, US President Donald Trump, one of the most prominent Twitter users, was unaffected.
There has been speculation for some time that President Trump has extra protections in place after his account was deactivated by an employee on their last day of work in 2017.
The New York Times confirmed that was how Mr Trump’s account escaped the attack, citing an anonymous White House official and a separate Twitter employee.
Despite the fact that the scam was obvious to some, the attackers received hundreds of transfers, worth more than $100,000 (£80,000).
What do we know about the attackers?
Bitcoin is extremely hard to trace and the three separate crypto-currency wallets that the cyber-criminals used have already been emptied.
The digital money is likely to be split into smaller amounts and run through so-called “mixer” or “tumbler” services to make it even harder to trace back to the attackers.
Clues about those responsible have surfaced through bragging on social media – including on Twitter itself.
Earlier this week, researchers at cyber-crime intelligence firm Hudson Rock spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees. It appeared to allow full control of adding an email to an account or “detaching” existing ones.
This means that the attackers had access to the back end of Twitter at least 36-48 hours before the Bitcoin scams began appearing on Wednesday evening.
The researchers have also linked at least one Twitter account to the hack, which has now been suspended.
Public officers above 58 years and with pre-existing conditions told to work from home: The Standard
Head of Public Service Joseph Kinyua. [File, Standard]
In a document from Head of Public Service, Joseph Kinyua new measure have been outlined to curb the bulging spread of covid-19. Public officers with underlying health conditions and those who are over 58 years -a group that experts have classified as most vulnerable to the virus will be required to execute their duties from home.
However, the new rule excluded personnel in the security sector and other critical and essential services.
“All State and public officers with pre-existing medical conditions and/or aged 58 years and above serving in CSG5 (job group ‘S’) and below or their equivalents should forthwith work from home,” read the document,” read the document.
To ensure that those working from home deliver, the Public Service directs that there be clear assignments and targets tasked for the period designated and a clear reporting line to monitor and review work done.
SEE ALSO: Thinking inside the cardboard box for post-lockdown work stations
Others measures outlined in the document include the provision of personal protective equipment to staff, provision of sanitizers and access to washing facilities fitted with soap and water, temperature checks for all staff and clients entering public offices regular fumigation of office premises and vehicles and minimizing of visitors except by prior appointments.
Officers who contract the virus and come back to work after quarantine or isolation period will be required to follow specific directives such as obtaining clearance from the isolation facility certified by the designated persons indicating that the public officer is free and safe from Covid-19. The officer will also be required to stay away from duty station for a period of seven days after the date of medical certification.
“The period a public officer spends in quarantine or isolation due to Covid-19, shall be treated as sick leave and shall be subject to the Provisions of the Human Resource Policy and procedures Manual for the Public Service(May,2016),” read the document.
The service has also made discrimination and stigmatization an offence and has guaranteed those affected with the virus to receive adequate access to mental health and psychosocial supported offered by the government.
The new directives targeting the Public Services come at a time when Kenyans have increasingly shown lack of strict observance of the issued guidelines even as the number of positive Covid-19 cases skyrocket to 13,771 and leaving 238 dead as of today.
SEE ALSO: Working from home could be blessing in disguise for persons with disabilities
Principal Secretaries/ Accounting Officers will be personally responsible for effective enforcement and compliance of the current guidelines and any future directives issued to mitigate the spread of Covid-19.
Uhuru convenes summit to review rising Covid-19 cases: The Standard
President Uhuru Kenyatta (pictured) will on Friday, July 24, meet governors following the ballooning Covid-19 infections in recent days.
The session will among other things review the efficacy of the containment measures in place and review the impact of the phased easing of the restrictions, State House said in a statement.
This story is being updated.
SEE ALSO: Sakaja resigns from Covid-19 Senate committee, in court tomorrow
Drastic life changes affecting mental health
Kenya has been ranked 6th among African countries with the highest cases of depression, this has triggered anxiety by the World Health Organization (WHO), with 1.9 million people suffering from a form of mental conditions such as depression, substance abuse.
Globally, one in four people is affected by mental or neurological disorders at some point in their lives, this is according to the WHO.
Currently, around 450 million people suffer from such conditions, placing mental disorders among the leading causes of ill-health and disability worldwide.
The pandemic has also been known to cause significant distress, mostly affecting the state of one’s mental well-being.
Get breaking news on your Mobile as-it-happens. SMS ‘NEWS’ to 20153
With the spread of the COVID-19 pandemic attributed to the novel Coronavirus disease, millions have been affected globally with over 14 million infections and half a million deaths as to date. This has brought about uncertainty coupled with difficult situations, including job loss and the risk of contracting the deadly virus.
In Kenya the first Coronavirus case was reported in Nairobi by the Ministry of Health on the 12th March 2020. It was not until the government put in place precautionary measures including a curfew and lockdown (the latter having being lifted) due to an increase in the number of infections that people began feeling its effect both economically and socially.
A study by Dr. Habil Otanga, a Lecturer at the University of Nairobi, Department of Psychology says that such measures can in turn lead to surge in mental related illnesses including depression, feelings of confusion, anger and fear, and even substance abuse. It also brings with it a sense of boredom, loneliness, anger, isolation and frustration. In the post-quarantine/isolation period, loss of employment due to the depressed economy and the stigma around the disease are also likely to lead to mental health problems.
The Kenya National Bureau of Statistics (KNBS) states that at least 300,000 Kenyans have lost their jobs due to the Coronavirus pandemic between the period of January and March this year.
KNBC noted that the number of employed Kenyans plunged to 17.8 million as of March from 18.1 million people as compared to last year in December. The Report states that the unemployment rate in Kenya stands at 13.7 per cent as of March this year while it stood 12.4 per cent in December 2019.
Mama T (not her real name) is among millions of Kenyans who have been affected by containment measures put in place to curb the spread of the virus, either by losing their source of income or having to work under tough guidelines put in place by the MOH.
As young mother and an event organizer, she has found it hard to explain to her children why they cannot go to school or socialize freely with their peers as before.
“Sometimes it gets difficult as they do not understand what is happening due to their age, this at times becomes hard on me as they often think I am punishing them,”
Her contract was put on hold as no event or public gatherings can take place due to the pandemic. This has brought other challenges along with it, as she has to find means of fending for her family expenditures that including rent and food.
“I often wake up in the middle of the night with worries about my next move as the pandemic does not exhibit any signs of easing up,” she says. She adds that she has been forced to sort for manual jobs to keep her family afloat.
Ms. Mary Wahome, a Counseling Psychologist and Programs Director at ‘The Reason to Hope,’ in Karen, Nairobi says that such kind of drastic life changes have an adverse effect on one’s mental status including their family members and if not addressed early can lead to depression among other issues.
“We have had cases of people indulging in substance abuse to deal with the uncertainty and stress brought about by the pandemic, this in turn leads to dependence and also domestic abuse,”
Sam Njoroge , a waiter at a local hotel in Kiambu, has found himself indulging in substance abuse due to challenges he is facing after the hotel he was working in was closed down as it has not yet met the standards required by the MOH to open.
“My day starts at 6am where I go to a local pub, here I can get a drink for as little as Sh30, It makes me suppress the frustration I feel.” he says.
Sam is among the many who have found themselves in the same predicament and resulted to substance abuse finding ways to beat strict measures put in place by the government on the sale of alcohol so as to cope.
Mary says, situations like Sam’s are dangerous and if not addressed early can lead to serious complications, including addiction and dependency, violent behavior and also early death due to health complications.
She has, however, lauded the government for encouraging mental wellness and also launching the Psychological First Aid (PFA) guide in the wake of the virus putting emphasis on the three action principal of look, listen and link. “When we follow this it will be easy to identify an individual in distress and also offer assistance”.
Mary has urged anyone feeling the weight of the virus taking a toll on them not to hesitate but look for someone to talk to.
“You should not only seek help from a specialist but also talk to a friend, let them know what you are undergoing and how you feel, this will help ease their emotional stress and also find ways of dealing with the situation they are facing,” She added
Mary continued to stress on the need to perform frequent body exercises as a form of stress relief, reading and also taking advantage of this unfortunate COVID-19 period to engage in hobbies and talent development.
“Let people take this as an opportunity to kip fit, get in touch with one’s inner self and also engage in reading that would help expand their knowledge.