Skip to main content

This professional hacker says the Twitter attack was a 'big wake-up call.' Here's the advice she gives other tech companies to avoid a similar fate. (TWTR)

* Twitter just experienced an unprecedented hack. On Wednesday, several high-profile accounts were hijacked and tweeted out bitcoin scams. * Twitter has confirmed the hackers gained access to its internal systems by coordinating a social engineering attack on an employee. * One hacker who's often hired by companies to find weaknesses in their systems explains why she saw this coming, and what companies like Twitter can do to better avoid these types of hacks. * Visit Business Insider's homepage for more stories. On Wednesday, Twitter experienced an extraordinary coordinated attack in which several high-profile accounts including those of Kanye West, Elon Musk, and Barack Obama were hijacked. The attack was so colossal that the Federal Bureau of Investigation is now looking into it. And while many of the details are still unknown,  Twitter has confirmed that the hackers gained access to its internal systems by coordinating a social engineering attack on an employee. According to reports from Motherboard and TechCrunch, the hackers accessed an internal dashboard that would have allowed them to reset the passwords on select accounts and take control. Early into the attack, some people started theorizing that this was exactly what was happening. Rachel Tobac, CEO of SocialProof Security, is a hacker hired by companies to break into their security systems and expose their vulnerabilities. As the attack was starting to unfold, Tobac tweeted out a theory: the attackers had likely gained access to Twitter's employee admin panel. "It's one of those moments where a lot of the things I've been recommending for years have come to a head," she told Business Insider. The types of admin privileges the hackers may have accessed is common among tech firms, said Tobac. "It's very common, and a lot of people are shocked that admin access or 'God mode' exist," she said. "Many organizations have a lot of admin access and it's pretty unchecked. It's pretty rare that I get stopped when I'm doing an attack and can't get admin access. Oftentimes, I can get that within 5 minutes." Tobac, whose company has worked with Facebook, Uber, and PayPal, suggested a few things that all companies with these sorts of admin systems should be enforcing, including a requirement for multiple employees to sign off on certain decisions. "Have at least two sets of eyes when you need to make a really big decision, like changing the email on former President Obama's account," she said. Tobac also recommends "multi-factor authentication, hopefully tokenized, for even logging in with those credentials at work." "You can also have threat detection, so if you have an insider threat, and you mark a couple of high value behaviors as possible threat actions, when you see them going off multiple times in an hour that will alerts you that something strange is happening," she added. "And then, making sure there's multi-factor authentication and, of course, training for folks. Employees will inevitably make mistakes so they need technical tools in addition to their training to protect them." Experts have warned that the Twitter attack could be part of something much larger than bitcoin scams. "Noisy attacks are a great way to distract security teams from other malicious activities," one cybersecurity expert told Business Insider. Some experts even believe the bitcoin scam could have been a way for the hackers to show off. Whatever the truth may be, Twitter is under fire to deliver answers explain to lawmakers how an attack like this could happen. Experts believe this could be a wake-up call for Twitter and others who have watched the events unfolding thankful it wasn't happening to them. "To be really frank with you, I think this is an issue that many companies do not take seriously," said Tobac. "Twitter is not alone in this. It's terrible to see it happen to Twitter, but this is hopefully a big wake-up call for companies all over the world to limit their admin access, to consider the implications of who can make those changes, train their employees, and back them up with technical tools." Join the conversation about this story » NOW WATCH: Pathologists debunk 13 coronavirus myths
https://bit.ly/2DRYFJj

Popular posts from this blog

TikTok confirms it will sue the US government, alleging Trump failed to provide 'due process' before issuing ban

* TikTok confirmed Saturday that the company planned to sue the US government over President Donald Trump's executive orders targeting the popular app. * A company spokesperson said TikTok experienced "a lack of due process as the administration paid no attention to facts and tried to insert itself into negotiations between private businesses." * TikTok, which has surged in popularity over the past year, was known as Musical.ly until it was purchased by the Chinese company ByteDance in 2017 and renamed. * The president on August 6 and August 14 signed executive orders targeting TikTok.  * Visit Business Insider's homepage for more stories. TikTok on Saturday announced it plans to sue the US government over President Donald Trump's executive orders pertaining to its ownership, arguing the company was deprived of its due process rights. The president, who began targeting TikTok in July, issued an executive order August 6 making it illegal for American compani...
Read more

A full breakdown of what channels you get with every Sling TV package, plus all the add-ons

  * Sling is one of the most affordable cord-cutting services on the market, offering two packages —  Orange and Blue — with 30+ channels starting at $30 a month or combined for $45 a month. * Orange offers the Disney Channel and ESPN, while Blue offers a slate of Fox channels, NBC, Bravo, and Discovery. Both Orange and Blue offer CNN, TBS, Food Network, and BBC America. * You can also add on multi-channel packages, like Sports Extras, Kids Extras, or News Extras, starting at $5 a month. Premium add-ons, like Showtime, Starz, and Epix, are also available for an additional monthly charge.  * If you're new to Sling TV, you can receive a free 14-day trial for a limited time. * Here's a complete breakdown of the channels offered on each Sling package.    If you're hoping to get the most bang for your buck once you cut the cord with your cable subscription, Sling is one of the most affordable live streaming services on the market.  The service has two packages with ...
Read more

The $136,000 Maserati Levante GTS is a drool-worthy preview of what Ferrari's SUV could be like (FCAU)

* I tested a 2020 Maserati Levante GTS SUV that with thousands in options stickered at approximately $136,000. * The Maserati Levante GTS has a 550-horsepower, twin-turbocharged V8 engine, plus a gorgeous red interior. * The Levante GTS is beautiful, powerful, and fast. That puts it near the top of the luxury, high-performance SUV segment. * But competition is coming — and the Levante is a great preview of what Ferrari may put on the road in the next few years. * Visit Business Insider's homepage for more stories. Let's say you want a Ferrari, but you hail from a strange region where nobody is taught the lore of Maranello sports cars. An SUV is just your style, you decide. So you swing by your friendly neighborhood prancing horse dealership one day and ask if you can look at a couple of utes.  The dealer would thank you for your interest and slip you the business card of a colleague who represents Maserati, which since 2016 has been selling the Ferrari of SUVS, right dow...
Read more