Cerca nel blog

2020/07/15

Violati moltissimi account Twitter: exchange di criptovalute, Elon Musk, Bill Gates, Uber, Apple e tanti altri

Ultimo aggiornamento: 2020/07/17 06:45.

Poco fa, intorno alle 21:30 italiane del 15 luglio 2020, è stata segnalata una raffica di tweet truffaldini pubblicati da numerosi exchange di criptovalute. Da allora è iniziata quella che vedo ormai definire una twitpocalypse: una violazione di un numero di account, anche di altissimo profilo.

Anche l’account Twitter di Elon Musk e quello di Bill Gates (entrambi verificati) hanno pubblicato lo stesso genere di tweet: un’offerta (falsa) di raddoppiare i bitcoin che vengono mandati alle coordinate indicate nel tweet. Non fatelo: non rivedrete mai più i vostri soldi, perché li avrete inviati ai truffatori.



È un bagno di sangue.







Anche Uber:





Prime congetture sulla causa:




Intanto i truffatori trovano le prime vittime che abboccano: hanno già incassato oltre 22.000 dollari.




A quanto pare Cryptoforhealth punto com, sito citato in molti dei tweet truffaldini, è stato creato oggi:




Anche Apple:



Intanto l’incasso è arrivato a 58.000 dollari:




Violati anche Jeff Bezos e Kanye West:



Ormai gli account violati non si contano più, come potete vedere facendo questa query o (meglio ancora) questa che seleziona solo gli account verificati:

bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh filter:verified



Violato Mike Bloomberg:


Mi arrivano segnalazioni di violazione anche degli account di Warren Buffett e Joe Biden, che però sono tornati subito a posto. Dalle prime informazioni non si tratterebbe di un hackeraggio vero e proprio (furto di password e credenziali) dei singoli account, ma sembra che qualcuno stia abusando del sistema di autorizzazione di Twitter o di un accesso di dipendenti di Twitter.

Barack Obama:



Prime reazioni di Twitter: “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”




Verso mezzanotte Twitter ha iniziato a bloccare qualunque mio tweet (anche di solo testo, anche i DM, anche solo immagini). Poco dopo Twitter ha postato questo: “You may be unable to Tweet or reset your password while we review and address this incident.”


2020/07/16 00:30. Gli account verificati sono stati tutti bloccati: niente DM, solo retweet. Gli account non verificati sono liberi di postare.


2020/07/16: 00:55. Mi sto arrangiando scrivendo i tweet su @AttivissimoLIVE e poi retweetandoli dal mio account principale (@disinformatico).


2020/07/16: 01:35. Twitter ha scritto “We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.”



Nel frattempo viene ricordato un altro brutto caso di insicurezza di Twitter: “A little over ten years ago: Twitter settled with the FTC as a result of an internal tools breach. Their internal tooling was available directly over the web and accessed through an employee account protected by the password "happiness"”




2020/07/16 09:00. Gli account verificati, compreso il mio, possono di nuovo postare e tutto sembra essere tornato alla normalità. @TwitterSupport ha postato un po’ di informazioni nelle scorse ore: sembra che si sia trattato di un attacco coordinato di social engineering ai danni dei dipendenti di Twitter, ottenendo accesso ai sistemi e agli strumenti dell’azienda.

Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.
Our investigation is still ongoing but here’s what we know so far:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.


2020/07/16 21:35. Twitter ha pubblicato un ulteriore aggiornamento informativo:

Here’s an update addressing questions we’ve heard around passwords and account access specifically:
We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary.
Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days.
As part of the additional security measures we’ve taken, you may not have been able to reset your password. Other than the accounts that are still locked, people should be able to reset their password now.
If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed. So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.
We're working to help people regain access to their accounts ASAP if they were proactively locked. This may take additional time since we’re taking extra steps to confirm that we’re granting access to the rightful owner.
We’ve been working around the clock and will continue to provide updates here.


2020/07/17 06:45. Altro aggiornamento da TwitterSupport:

We want to share some more specific updates coming out of the second day of our investigations.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.
For all accounts, downloading Your Twitter Data is still disabled while we continue this investigation.
We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.
Thank you for your continued patience and understanding while we investigate this incident. We’ll continue to provide updates when we have them.

Intanto l’incasso complessivo degli autori della truffa ammonta all’equivalente di circa 120.000 dollari. Per chi si sta chiedendo come faranno a convertire questa criptovaluta in soldi convenzionali senza farsi identificare, visto che ogni transazione fatta con criptovalute è solitamente pubblica e tracciabile, Engadget ha un articolo che spiega le tecniche di tracciamento e di elusione del tracciamento (tumbling, conversione in altra criptovaluta meno pubblica, come Monero, o gioco d’azzardo).

Nessun commento: