Could Twitter's home working policy have made it easier for hackers?
16 July 2020, 15:18
An ethical hacker has told LBC that Twitter's home working policies could have made it easier for hackers, and gave a stark security warning to all listeners.
Mike Godfrey - Head of Insinia Security and ethical hacker told LBC the twitter hack was "really interesting" adding it was "huge" to have access to so many "heavy hitters."
The warning comes in the wake of a Twitter breach where hackers targeted employees with access to the firm's internal systems and posted a Bitcoin scam to the accounts of high-profile figures in the US.
Mike revealed to LBC that these kind of hacks normally come out through previous "data breaches" where an accounts username and password is released on the open web.
He said an attacker can then use these details to gain access to the account.
"To hit this many accounts, to me it 100% indicates somebody with access to the back end system of Twitter," Mike said.
When Shelagh questioned Mike on what that meant, the cyber security expert said Twitter would have a "management portal" which would allow people to remote work.
The ethical hacker described this as being like "a red rag to a bull for hackers" who would then seek to exploit less secure home working solutions.
Mike said an unethical hacker would only need to target one "superuser" of the site before he was granted "keys to the kingdom".
When questioned why people working from home means easier access for hackers, Mike explained when you work from home, and have a remote connection, it can mean you're working in a less secure environment.
Former President Barack Obama, rapper Kanye West and current presidential candidate Joe Biden were among those hit by the breach, with identical messages promoting the cryptocurrency scam posted to their profiles.
Twitter has now confirmed the incident was a "co-ordinated social engineering attack" by hackers who had targeted Twitter employees with "access to internal systems and tools".
Questioning the LBC audience he asked how often people update their home router? "The answer, nine times out of ten is never."
But in an office environment, this tends to happen as a matter of course.
Shelagh asked if individuals should do that, and the hackers' reply was quickly "100%."
Mike suggested everyone should update their firmware, and check the best ways to work from home, especially during the coronavirus crisis.
When Shelagh asked how much money the Bitcoin fraudsters could have made, Mike said there was about £100,000 that had gone into it.
"It's been profitable, it's not retirement money, but it has definitely had an up side for the attacker."
Will the hacker be caught? Watch the video at the top of the page to find out Mike's reply.