Twitter

On Facing an
Ethical Issue

P R E S E N T E D B Y:

Z A I N A B S AT T A R

S H A WA I Z A B B A S

AHMED ALI SHAH

1
 What was happened

On the afternoon of July 15, 2020

It was about 4 in the afternoon on Wednesday on the East Coast

when chaos struck online. Dozens of the biggest names in America
including Barack Obama, Kanye West, Bill Gates and Elon Musk
posted similar messages on Twitter: Send Bitcoin and the famous
people would send back double your money.

2
3
Why biggest names?

Barack Obama Elon Musk Bill Gates Kim Kardashian

4
By Wednesday evening, the Bitcoin wallets promoted in the tweets had received over 300
transactions and Bitcoin worth over $100,000, according to websites that track Bitcoin’s public
ledger of transactions.

5
Facts of the Hack
The Attackers Used Fraudulent Means to Access Twitter’s Network and Internal Applications .
On July 14 and 15, 2020, the Hackers attacked Twitter. The Twitter Hack happened in three
phases:
(1) Social engineering attacks to gain access to Twitter’s network
(2) Taking over accounts with desirable usernames (or “handles”) and selling access to them
(3) Taking over dozens of high-profile Twitter accounts and trying to trick people into sending
the Hackers bitcoin.

6
 What is social engineering?
In the context of information security the use
of deception to manipulate individuals into divulging confidential or
personal information that may be used for fraudulent purposes.

7
How many people get effected

Exactly 374 transactions

has done on this bitcoin
address within one hour.

8
Twitter response
Twitter quickly removed many of the
messages, but in some cases similar
tweets were sent again from the same
accounts, suggesting that Twitter was
powerless to regain control.
The company eventually disabled broad
swaths of its service, including the
ability of verified users to tweet, for a
couple of hours as it scrambled to
prevent the scam from spreading further.
The company sent a tweet saying that it
was investigating the problem and
looking for a fix.

9
 Response from the Department’s Cryptocurrency
Companies

• In response to the Twitter Hack, the Department instructed the Cryptocurrency Companies at
6:59 p.m. on July 15, 2020, to block the bitcoin addresses the Hackers used, if they had not
done so already.
• The survey data below illustrates the swift efforts taken to block transfers to the fraudsters’
bitcoin addresses and safeguard customer funds.
• From the survey, each of the three Cryptocurrency Companies blocked the Hackers’
addresses within 40 minutes of their Twitter accounts being hacked.

10
Through its survey, the Department additionally learned:
• Fifteen Cryptocurrency Companies blocked transfers to the addresses the Hackers posted on
Twitter and seven did not.
• Four Cryptocurrency Companies actively blocked their customers’ attempts to send bitcoin to
the Hackers’ bitcoin addresses:
• Coinbase blocked approximately 5,670 transfers, valued at approximately $1,294,000.

• Square blocked 358 transfers, valued at approximately $51,000.

• Gemini blocked two transfers, valued at approximately $1,800.

• Bitstamp blocked one transfer, valued at approximately $250.

11
Twitter’s
investigation
Twitter subsequently confirmed that the scam
involved social engineering, stating "We
detected what we believe to be a coordinated
social engineering attack by people who
successfully targeted some of our employees
with access to internal systems and tools. "In
addition to taking further steps to lock down the
verified accounts affected, Twitter said they have
also begun an internal investigation and have
limited employee access to their system
administrative tools as they evaluate the
situation, as well as if any additional data was
compromised by the malicious users.

12
The Department’s Investigation

On July 16, Governor Cuomo asked the Department to investigate the Twitter Hack in light of
concerns about the cybersecurity of our communications systems, and their importance to
elections. The next day, the Department issued subpoenas, and later interviewed witnesses and
reviewed documents. The Department also surveyed our cryptocurrency entities to study the
Twitter Hack’s impact on their operations and cybersecurity protocols.

13
 perpetrators

The United States Department of Justice announced

the arrest and charges of three individuals tied to the
scam on July 31, 2020. A 19-year-old from the United
Kingdom was charged with multiple counts of
conspiracy to commit wire fraud, conspiracy to commit
money laundering, and the intentional access of a
protected computer, and a 22-year-old from Florida
was charged with aiding and abetting the international
access.
14
 Mastermind behind the scam

• Graham Ivan Clark was 17 when he co-ordinated the scam.

• He would spend three years in prison as part of his plea deal, a Florida
court filing said.
• Clark was able to access the accounts after convincing an employee at
Twitter he worked in the company’s information technology
department, according to the Tampa Bay Times.
• The Florida Department of Law Enforcement found that he accessed
Twitter’s systems by convincing an employee he worked in the
company’s information technology department. He then managed to
access the company’s customer service portal.
• The money had been handed to the authorities to be returned to the
victims, Clark's lawyer said.
15
16
 How Did the Hackers Do It?

Hackers orchestrated a series of social engineering attacks against Twitter staff that had access to
the internal administrative tools that Twitter can use to recover and reset accounts.
• Coordinated Social Engineering Attack
• Target Employees with internal System
• Malicious Activity
• Vulnerability by Twitter System

17
18
Most of the security control failures will
turn out to be as follows
• Due to the coronavirus, some Twitter employees were allowed to run internal administrative
functions remotely (working from home).
• It may also have been the case that some or all of these employees were permitted to run these
functions on their own devices .
• Social engineering scams work best when they can leverage a real event

19
WHY BITCOINS?

EASY TRANSFER OF NO PAPERWORK OR NO LIMITATIONS ON AUDIT TRAIL ISN’T EASY

MONEY CENTRAL BANK TRANSFER OF CRYPTO- IN BITCOINS
PERMISSION REQUIRES CURRENCY

20
Reaction
Affected users could only retweet content, leading NBC News to set up a temporary
non-verified account so that they could continue to tweet, retweeting "significant
updates" on their main account.
Some National Weather Service forecast offices were unable to tweet severe weather
warnings, with the National Weather Service in Lincoln, Illinois initially unable to tweet a
tornado warning.
Joe Biden's campaign stated to CNN that they were "in touch with Twitter on the
matter", and that his account had been "locked down“.
Google temporarily disabled its Twitter carousel in its search feature as a result of
these security issues.

21
Twitter, Inc.'s stock
During the incident, Twitter, Inc.'s stock price fell by 4% after the markets closed.

By the end of the next day, Twitter, Inc.'s stock price ended at $36.40, down 38 cents, or 0.87%.

22
 Aftermath

By September, Twitter stated they had put new protocols in place

to prevent similar social engineering attacks, including
heightening background checks for employees that would have
access to the key user data, implementing phishing-resistant
security keys to use this day, and having all employees involved
in customer support participate in training to be aware of future
social engineering scams.

23
THANK YOU

24