Following July’s hack-turned-Bitcoin-scam, Twitter has implemented new policies and training to prevent a shutdown of their worldwide service.
On July 15, 2020, Parag Agrawal, Twitter chief technology officer, began hearing about phishing scams around the company’s offices. Someone was calling up engineers, pretending to be IT, and getting them to reset their passwords.
In fact, they were hackers phishing credentials to get into Twitter’s corporate network. The coveted OG username handles @drug, @xx, @vampire, were being hacked, and Twitter’s rapid response team was handling it, at first.
That was until Binance’s account tweeted that they were giving back $52 million dollars to the community, and Elon Musk’s account was tweeting an old Bitcoin scam. Agrawal told Wired that by around 4 pm ET, every device he had was buzzing.
Soon, Bill Gates, Uber, and even Jeff Bezos proved to be compromised as well. Agrawal had a decision to make: would he shut down all of Twitter or just these accounts? There was also the issue, Wired noted, of being unable to inform the public of Twitter’s hack when news accounts themselves might be compromised or locked.
These questions all led to an overhaul of Twitter’s security policies and activities.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
Training for Specific Types of Security Breaches
Since July’s attack, Twitter has been planning for the upcoming US General Election, a day when a media hack could be detrimental to the public. On Sept. 24, Twitter revealed new security protocols, mandatory employee training, and policy shifts.
According to Twitter’s blog post, higher scrutiny will be given to company individuals getting higher security clearances. The security team has also implemented more rigorous software to automatically detect unlawful or suspicious activity.
Though the post does not discuss the details of the mechanism, it still urges users to provide higher security to their own accounts, such as two-factor authentication. It also suggests that some high profile accounts now have tighter security.
The new protocols also include better testing and education. New employees will undergo more rigorous security training, the security team has updated passwords and keys, and a special “penetration testing” occurred during March until August of 2020. This task force trained for specific types of security breaches.
The July attack required some evasive maneuvers to patch up. The security team felt they could not shut down Twitter all together. At the time, they did not have a mechanism in place to identify compromised accounts. Damien Kieran, Twitter’s global data protection officer, told Wired this put him in a tough position. He said:
“We had to assume everyone was untrustworthy.”
So, Twitter decided to shut down all verified accounts. This included many news services that could communicate about the hack.
Twitter said it took them over a month to get back to a baseline, though not all employees received their formerly high levels of security clearance. Users with 10,000 followers or more, a former Twitter security engineer said, would likely see more stringent scrutiny. Likewise, some high-level approvals now require two sign-offs. The idea is that it would be much harder to coordinate a takeover of two seemingly unrelated internal accounts.
Following the July breach, Twitter quietly blocked Bitcoin addresses from tweets. The company has not said exactly what other automatic filters it has implemented.