The Twitter takedown: How a teen rocked the cybersecurity world and why this can never happen again

September 11, 2020

Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.

Changing methods of communication

Things are different now, that we can all agree. Compared to even five months ago, what we value has significantly shifted. Zoom and other video conferencing platforms are now our workplaces, classrooms for our children, and the digital equivalent of a social bar scene. In the last five years, social media companies are now inarguably a tool for primary communications by prominent people – world leaders, governments and those who speak directly to Twitter’s 330 million users. But, as trusted names post on social media, their messages become even more widespread when global media outlets report their words – reaching billions around the world.

It’s reminiscent of the 2013 breach when stocks tumbled briefly after cybercriminals hijacked the main Twitter feed of The Associated Press and sent out a false tweet about a terror attack at the White House. The Dow Jones plunged more than 130 points, or roughly 1 percent, demonstrating the power of Twitter.

Consequently, social media companies should have a duty to ensure they know who their authors are and that those authors are always authentic – as there are no middlemen or reporters to confirm validity. This is heightened by our recent susceptibility to misleading and false information, which can easily be transmitted and amplified by traditional media.

It’s time we start thinking of these platforms as critical infrastructure to ensure similar attacks don’t happen and don’t result in much more severe consequences. This was an issue of identity, access and security, and Twitter truly lucked out that this hack wasn’t more nefarious. Imagine if this was not an odd request for bitcoin but a fake, destructive conversation between world leaders?

Who should have access to what

Another glaring issue in this social engineering attack is the question of just how many Twitter employees have access to all accounts, along with the ability to post from them. Any solid security program implements the concept of least privilege, wherein authorized access is granted to only a small group of people. Further, a separation of duties is vital – an employee who needs to access an account for maintenance should not be able to post on other accounts or have the inroads to do so. Those two functions should require two different accounts, and high-level access like what was demonstrated in this incident should be logged, tracked and investigated immediately if it’s touching multiple accounts in quick succession.

Keeping sensitive data out of dangerous hands

Sensitive data can fall into the wrong hands at any organization. These kinds of cybercrimes rely on the fallibility of humans, which is an aspect of humanity that won’t change. Security teams can prevent this by investing in training, like simulated phishing attacks and gleaning actionable data from employee responses, identifying which departments are most susceptible and developing a continuous training process to combat attacks. Knowing weak spots is important, too as an analysis from Social-Engineer found that Friday is the most vulnerable day for social engineering attacks and HR open enrollment is the most successful pretext. More so, companies should institute the four pillars that make for successful security programs: endpoint protection, identity access management, multi-factor authentication and network segmentation. Organizations need to operate with the assumption that they are always under some level of attack.

A massive manipulation of data

Ultimately, there’s a larger need to take the security of social media and its distillation of information more seriously as we continue to use social media as a main source of communication. The Twitter hack was social engineering on steroids and a massive violation of trust – successful not by the exfiltration of data, which has been a historic cybersecurity concern, but by the manipulation of data through the words of trusted figures. When this happens, trust in both the organization and the source is lost completely. We may not always agree with what our leaders tweet, but that’s part of an open society. What we cannot accept is if that message is inauthentic. Just as we ensure the integrity of printed media, don’t we need to ensure the integrity of business leaders, politicians and the like on these platforms? This should not be any different.

Caleb Barlow is the President and Chief Executive Officer of CynergisTek, a top-ranked information security and privacy consulting firm focused on the healthcare IT industry. Prior to joining CynergisTek, Caleb led the IBM X-Force Threat Intelligence organization. In 2016, he built X-Force Command which is part of a $200M investment in a global incident response services, updated watch floors, the industry’s first immersive cyber range, and an incident command system for responding to major cyber incidents. In 2018, Caleb invented the Cyber Tactical Operations Center which is a first-of-its-kind training, simulation, and security operations center on wheels. Caleb has a broad background having led technical teams in product development, product management, strategy, marketing, and cloud service delivery. He has also led the integration efforts of on multiple IBM acquisitions. External to IBM, Caleb has been in leadership roles at two successful startups, including Syncra Systems, which is now part of Oracle, and Ascendant Technology, which was acquired by Avent. Caleb also holds multiple patents in the field of Unified Communication. Caleb Barlow LinkedIn. Caleb Barlow Twitter.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

The Twitter takedown: How a teen rocked the cybersecurity world and why this can never happen again

Changing methods of communication

Who should have access to what

Keeping sensitive data out of dangerous hands

A massive manipulation of data

Related Articles

Report Abusive Comment