Tennessee Tech Cyber Security Education Assistant Director Eric Brown said social engineering was the method used to hack high profile Twitter accounts.
On Wednesday, false messages soliciting Bitcoin appeared on accounts like former President Barack Obama, Amazon CEO Jeff Bezos, and Microsoft co-founder Bill Gates. Brown said this was remarkable not because of the type of attack, but the powerful platform used that was so public.
“As they have evidence of already, there was already a significant amount of funds in just the short amount of time the attack was in play that went in, which shows that people still believe that you can get something for nothing,” Brown said.
Brown said hackers were able to get enough information from Twitter employees to gain privileged access to internal Twitter systems, then use a public means to broadcast the financial scam.
Social engineering is finding a way to extract information from someone else, either through electronic or in person means. Brown said this method is nothing new.
“It’s a very common thing,” Brown said. “In the old days we would have used the term ‘con artist.’ If you can make the con sound good enough and get somebody to believe it, you can either get information or money from somebody. That’s really all social engineering is, it’s trying to falsely exploit someone to get information or whatever you need.”
Although social engineering is an easy technique, it can also just as easily be defeated. Brown said it starts with effective employee education.
“This is true of any sized company, it’s not just a company the size of Twitter,” Brown said. “The smallest of smallest of companies needs to make sure that their employees are trained in just basic cyber security awareness.”
Brown said be aware of what you post on any social media platform, be cautious of your online actions and communications. He said whatever information you choose to give for your platform, be comfortable with it being public.