On the 15th of July, an unexpected Twitter hack saw the accounts of Elon Musk, Barack Obama, Joe Biden, Jeff Bezos, Bill Gates and more fall into the hands of hackers who used that access to push a bitcoin scam. The hackers, also, accessed 36 DM (direct message) inboxes, including one for an elected official in the Netherlands, as confirmed by Twitter. (DMs are similar to text messages and are presumed to be private.) It was a hack that netted them $121,000 but it could’ve been a Hell of a lot worse.
Indeed, this kind of scam has been seen before in a place you may or may not remember; Runescape. Runescape was originally released back in 2001 so this scam is hardly new. Here’s how the scam works:
The scammer will repeatedly say things like “doubling money!” until a victim comes up to them for a trade. The scammer will most likely ask the victim to “test” them and the victim will trade a small amount of money to the scammer. The scammer then trades them double the amount, claiming it’s a glitch. The victim’s greed then is manipulated and trades the scammer a larger amount of money. The scammer then logs out or attempts to manipulate the victim’s greed even more.
Hardly a new and innovative scam but these hackers made a mistake. Researchers from IBM recovered five hours of video of them recording themselves stealing data from hacked email accounts and offering other’s training tips on how to do so. Researchers, also, found a 17-year-old bug in Windows DNS that is ‘wormable’, meaning it can spread through a network without any human interference. Microsoft soon put out a patch to fix this issue.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter said in the blog post on Saturday. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”
Still, the hack is shrouded in mystery, with lawmakers, cybersecurity experts, the FBI and Twitter employees are still trying to piece together what exactly happened.