Twitter cyberattack was likely 'facilitated by an insider threat': Cybersecurity expert

Yahoo Finance Video

July 16, 2020 at 10:33 AM

joins The First Trade with Alexis Christoforous and Brian Sozzi to discuss the recent cyberattack on Twitter that hit high profile accounts like Joe Biden, Warren Buffett, Elon Musk, Uber, and Apple. He also discusses the implications of this attack, what this means for the 2020 election and much more.

Video Transcript

ALEXIS CHRISTOFOROUS: Shares of Twitter on our radar this morning. They are down more than 4% here in the premarket after one of the most brazen online attacks in recent memory. The Twitter accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates, and other high-profile politicians and business leaders were hacked yesterday in what Twitter calls a "coordinated social engineering attack." So they all posted similar messages on Twitter, sending-- send bitcoin, they said, and that these famous people would then send back double your money. It was a scam, of course.

Joining us now is Karim Hijazi. He is CEO of the intelligence company Prevailion. Karim, good to have you with us. We also have with us our Yahoo Finance's Editor in Chief Andy Serwer. Good morning to you, Andy.

ANDY SERWER: Hi.

ALEXIS CHRISTOFOROUS: Karim, I want to start with you. What-- what does Twitter mean, exactly, when it says they believe this was a "coordinated social engineering attack?"

KARIM HIJAZI: Good morning, Alexis. Yeah, that's a interesting terminology. It suggests that they've confirmed that an employee or someone close to Twitter allegedly worked or was worked by the adversary to allow access to back-end systems, which is what corroborates with a lot of what we were surmising yesterday, where there was no way this could've been something that purely happened from the outside in with no sort of influence from the inside.

So the social engineering suggests that someone was convinced to do certain things or, in other alleged articles that I've seen, it looks like there was possibly some payoffs that were happening from the inside. So it's an insider threat that facilitated this attack. But in either case, there was some sort of influence impressed upon an individual that allowed them to escalate their access within Twitter.

ANDY SERWER: Karim, what do you make of the fact that it appears that the politicians who were targeted were only Democrats, number one? And number two, at what point does the government step in here? I mean, imagine if our telephone network were hacked and people started jumping in and were able to make calls and impersonate and say they were calling from Barack Obama or Jeff Bezos' line. The government would certainly step in there. When does the government step in here?

KARIM HIJAZI: It's a great question, Andy. I think the same thing that you're suggesting rattled all of us in the community, from the intelligence community and the cyber community, where the implications were dramatic here. The fact that they're able to get in and have such a dramatic effect for as long as they did, even though that was relatively short of time, the amount of damage they could have done could have been dramatic.

And I think one of the theories here is that, you know, this was a test. This was not the attack. This was a test to see if this is something that could actually be done at a later date. Testing the integrity of an organization like Twitter to see if they can get an insider to actually do their bidding is-- is quite menacing. The scenario here is pretty bad.

So the question regarding, you know, who was-- who was sort of impacted and who wasn't, very good question. Not quite sure what the motivations are. I think this does drive back to who might be behind this. Is there a grander puppet master, so to speak, behind maybe these actors? Or were these actors working on their own? A lot of questions there.

BRIAN SOZZI: Karim, what would a-- what would a far worse attack on Twitter look like?

KARIM HIJAZI: Well, I think it really has to do with the content that was being delivered out. You know, as Alexis put it, this was something where they were saying give us X amount of bitcoin, we're feeling generous-- a lot of these tweets were fairly similar. They look like they were canned tweets-- and then we'll send you back double the amount you give us.

You know, that's juvenile. It doesn't seem like anything that was-- they probably didn't even expect, in many cases, a huge amount of return on their investment there. Unfortunately, it seems like they did. One of the Bitcoin wallets that was investigated seems like it only came online on Wednesday of this week. So it does seem like there's quite the coordination at play prior to the actual execution of the attack.

I think the greater scenario is what else they could have conceivably done. They could have, you know, put out a huge disinformation campaign about organizations, companies, public sector organizations that could have taken a huge tumble. A lot of folks rely on Twitter as a means of understanding where things are at any given moment. And so people make choices on a moment by moment basis with what they see on Twitter. So even one tweet could do huge amounts of damage in that regard.

ALEXIS CHRISTOFOROUS: Karim, do you think that this maybe is a precursor to what we might be in for come the 2020 election, which is just four months away? You know, there's been a lot of talk about are we going to see a repeat of 2016, but on a greater scale? And will we see a big cyber attack with misinformation as we get closer to the election?

KARIM HIJAZI: Definitely, Alexis. This is one of the first times I've seen something that's a true merger between a true cyber attack coupling pretty much all the hallmarks of a classic sophisticated actor. You've got social engineering involved. You've got certain amounts of payoffs. And you have a disinformation campaign, which is the greater scenario here.

So you're literally watching something where a technical resource was-- was exploited. And then the information that was conveyed out to the patrons of this product were-- was disinformation. So it is definitely a concern of ours that now these are, as I said, an early test to see if something like this could be leveraged at a much later date with much worse consequences.

ANDY SERWER: Karim, is this the worst attack on social media that you've seen? And/or does it remind you of anything else?

KARIM HIJAZI: I think this probably tops it. This is pretty big, because the nature of what they were able to do, which is to get to these what they would consider authentic accounts, the little icon next to the name of the individuals, and the fact that it was sustained, that they couldn't actually get in and take any action on their own accounts.

They had to sort of stop and come back, and say, look, just-- you can't reset your password. You can't tweet. Just have to shut you down for a little bit. There was also a few folks that attempted to warn others about that this was fraudulent, and their tweets were actually deleted by what looks like the adversary and then taken offline. So yes, the fact that there seemed to be such an immense amount of control behind the scenes is the part that makes this most concerning.

ALEXIS CHRISTOFOROUS: All right, Karim Hijazi, CEO of Prevailion. Thanks for being with us this morning.

KARIM HIJAZI: My pleasure.

CBS News
Book excerpt: "The Demon of Unrest" by Erik Larson
The latest by the New York Times bestselling author is a riveting account of the months leading up to the Confederate forces' attack on Fort Sumter, the first shots fired in the Civil War.
7m ago
Associated Press
140,000 people did their taxes with the free IRS direct file pilot. But program's future is unclear
The IRS said Friday that more than 140,000 taxpayers filed their taxes through its new direct file pilot program and participants saved roughly $5.6 million in fees they would have otherwise spent with commercial tax preparation companies. The government pilot program, rolled out this tax season in 12 states, allows people with very simple W-2s to calculate and submit their returns directly to the IRS for free. “We will take time to analyze the data and collect feedback from a wide variety of stakeholders before making a decision about direct file's future,” IRS Commissioner Daniel Werfel said on a call with reporters.
9m ago
Yahoo Finance
Hermès eludes luxury slowdown, could overtake Louis Vuitton as top brand, analyst says
A Citi analyst contends Hermès is set to surpass its biggest competitor in the next few years and become the largest luxury fashion brand.
13m ago
Associated Press
New leaders take on Haiti's chaos as those living in fear demand swift solutions to gang violence
PORT-AU-PRINCE, Haiti (AP) — It has been only a day since the transitional presidential council was installed in Haiti, and the list of demands on the Caribbean nation's new leaders is rapidly growing. The members of the council, tasked with with bringing political stability to Haiti, are under immense pressure to produce quick results, despite a deep-seated crisis that has been years in the making. Making Haiti safer is a priority.
24m ago
Associated Press
Maine govenor signs off on new gun laws, mental health supports in wake of Lewiston shootings
The governor told lawmakers during her State of the State address that doing nothing was not an option after an Army reservist with an assault rifle killed 18 people and injured 13 others in Lewiston on Oct. 25. The bills drew opposition from Republicans who accused Democrats, who control both legislative chambers, of using the tragedy to advance proposals, some of which had been previously defeated.
25m ago
AFP
Despite climate crisis, US Green Party struggling for traction
Climate change is a major issue on the US political agenda, yet the country's Green Party and its candidate Jill Stein are next to invisible in the presidential race.And she rejects assertions that the Green Party doesn't have any influence on the US political agenda.
34m ago
Politico
‘March or April’: How Zelenskyy gave Johnson a deadline for military aid
A December meeting between the speaker and Ukrainian president influenced Johnson’s decision to approve military aid for Ukraine.
38m ago
Reuters
Kyiv evacuates two hospitals after Belarus KGB chief sparks airstrike fears
The Ukrainian capital Kyiv evacuated two civilian hospitals on Friday after the head of the Belarusian KGB security service said they were housing soldiers, sparking fears of an airstrike. The Kyiv city administration said a video widely circulated online, which it did not identify, contained a threat to attack the two facilities, including a children's hospital, on the false grounds that soldiers were located there. Ivan Tertel, the head of the Belarusian KGB, provided the addresses of the two Kyiv hospitals where he said fighters were "hiding behind the backs of children".
41m ago
AFP
US stocks rebound on tech earnings, London hits new record
Buoyant big tech earnings lifted US stocks on Friday while London scaled another peak as investors tracked a series of takeover bids for UK companies."The bidding bonanza for UK-listed firms goes on, and this is acting as a constant reminder to global investors that, even with the FTSE 100 at a record high, UK stocks look cheap compared to their US cousins," said IG chief market analyst Chris Beauchamp.
46m ago
NBC News
Severe spring storms put 21 million under threat of possible tornadoes and hail
Severe spring storms will bring heavy rain and thunder to the Plains into the Mississippi Valley this weekend — including possible powerful tornadoes, large hail and flooding.
48m ago
AFP
At least 10 people killed in Brazil fire: officials
At least 10 people were killed Friday in a fire that broke out in a defunct hotel being used as a makeshift homeless shelter in the city of Porto Alegre in southern Brazil, officials said.The fire broke out around 2:00 am (0500 GMT), officials said.
48m ago
Popular Science
Bird flu virus traces detected in 1 in 5 pasteurized cow milk samples
H5N1 has been detected in 33 herds in six states.
50m ago
CNN
Kenya floods leave 70 dead as truck is swept away in deluge
At least 70 people have died from country-wide flooding in Kenya, a government spokesperson said Friday as authorities ordered more evacuations of people from at-risk areas due to ongoing heavy rainfall.
53m ago
Associated Press
Private security firm says missile fire seen off the Yemen coast in the Red Sea near crucial strait
Missiles suspected to have been fired by Yemen's Houthi rebels landed a distance away from a ship traveling through the Red Sea on Friday, a private security firm said. The attack follows an uptick in assaults launched by the Houthis in recent days after a relative lull in their monthslong campaign over Israel's war on Hamas in the Gaza Strip. The Houthis did not immediately claim the missile fire, though it typically takes the rebels several hours to acknowledge their attacks.
55m ago
Associated Press
Minneapolis approves $150K settlement for witness to George Floyd's murder
The Minneapolis City Council has agreed to pay a $150,000 settlement to an eyewitness who tried to intervene to prevent George Floyd’s murder and who says he suffers from post-traumatic stress disorder as a result. Donald Williams, a mixed martial arts fighter who testified against former Officer Derek Chauvin in his 2021 murder trial, sued the city last spring, alleging he was assaulted by police while trying to prevent Floyd's death on May 25, 2020. The lawsuit alleged that Chauvin looked directly at Williams, grabbed a canister of chemical spray and began shaking it toward him and other bystanders expressing concern for Floyd’s welfare.
1h ago
The Conversation
College administrators are falling into a tried and true trap laid by the right
Throughout the 1960s and 1970s, conservative activists led a counterattack against campus antiwar and civil rights demonstrators by demanding action from college presidents, the courts and the police.
1h ago
Associated Press
JPMorgan's Dimon hopes for soft landing for US economy but says stagflation is a possible scenario
JPMorgan Chase CEO Jamie Dimon says he’s hopeful the Federal Reserve can bring down inflation without causing a recession but wouldn’t rule out more troubling possibilities, such as stagflation. In an interview with The Associated Press at a Chase branch opening in The Bronx, Dimon said he remained “cautious” about the U.S. economy and said inflation may be stickier for longer and that “stagflation is on the list of possible things” that could happen to the U.S. economy.
1h ago
CNN
Federal Student Aid head will step down. His office has been roiled by FAFSA problems
The head of the Federal Student Aid office, which has faced criticism for the botched rollout of this year’s college financial aid form, will be stepping down.
1h ago
NBC News
Teacher arrested, accused of using AI to falsely paint boss as racist and antisemitic
Dazhon Darien, a Maryland high school teacher, allegedly fabricated a recording of the principal making hateful remarks.
1h ago
AFP
Kenya flood death toll since March climbs to 70
The number of people killed in floods in Kenya due to heavier than usual rainfall since the monsoon began in March has risen to 70, with nearly half the deaths in Nairobi, the government said Friday."The official tally of fellow Kenyans who regrettably have lost their lives due to the flooding situation now stands at 70 lives," government spokesman Isaac Mwaura said on X, after torrential rains killed 32 people in the capital Nairobi this week.
1h ago

Video Transcript

Latest Stories