How a teenage hacker allegedly managed to break both Uber and Rockstar games

Top line

Rockstar Games – the developers of the popular Grand Theft Auto series of video games – was hacked just days after giant Uber’s servers were targeted in a similar breach, allegedly by the same hacker who used a process called social engineering, a highly effective method of attack that is dependent on deceiving employees of a targeted company and can be difficult to protect against.

Keywords

Decisive quote

Rachel Tobac, CEO of cybersecurity firm SocialProof Security and an expert in social engineering tweeted: “The hard truth is that most [organizations]

in the world could be hacked in exactly the same way that Uber was just hacked … Many [organizations] still not use [Multi Factor Authentication] internally … and don’t use password managers (which leads to storing credit in easily searchable places when an intruder gets in).”

Key background

Social engineering has been used to carry out several high-profile hacks in recent years, including the hijacking of more than 100 prominent Twitter accounts – among them Elon Musk, former President Barack Obama, Bill Gates and Kanye West – which were then used to promote a bitcoin scam. The hacks were carried out by teenagers who managed to gain access to Twitter’s internal network by targeting “a small number of employees” following the social media company. Last month, both Cloudflare and Twilio were also targeted in a type of social engineering attack called “phishing” in which employees were tricked into opening a message that was disguised to appear as legitimate corporate communication but included a malicious link. Twilio, which provides messaging and two-factor authentication services, revealed that the hackers had managed to breach the company’s internal databases and gained access to an undisclosed number of customer accounts. Cloudflare, an online content delivery network, noted that the hackers did not have access to its internal network.

Versus

Unlike Twilio, Uber and Rockstar, which had their internal systems breached, Cloudflare was able to avoid this fate due to the use of hardware-based security keys. Unlike other multifactor authentication methods such as text messages and one-time passwords, hardware security keys are much more secure against social engineering attacks. A targeted employee can be tricked into sharing the details in a text message or one-time password, but the hacker must gain physical possession of a hardware security key to gain access to an account. Hardware security keys come in various forms, including USB sticks or Bluetooth dongles, and they must be plugged or connected to a device trying to access a protected account. Hackers who gain access to employee credentials will not be able to access their accounts that use this form of security without physically gaining access to their keys. In 2018, Google announced that none of its 85,000 had been targeted through a phishing attack after it mandated the use of physical security keys a year earlier.

Big number

323,972. That’s the total number of complaints about social engineering attacks received by the FBI in 2021 — nearly three times what it was in 2019 — according to the agency’s annual Internet Crime Report. During this period, hackers managed to steal a total of $2.4 billion by compromising corporate email accounts through social engineering techniques.

What you should look for

Bloomberg’s Jason Schreier speculated that the recent hack may prompt Rockstar to do so set restrictions on remote work. Cyber ​​security experts have previously argued that telecommuting may require more precautions as it leaves employees more vulnerable to attacks by social engineers.

Further reading

Uber Says It’s Responding to ‘Cybersecurity Incident’ After Alleged Hack of Internal Databases (Forbes)

Uber Hacker Claims To Have Hacked Rockstar Games, Releases GTA 6 Videos (Forbes)

FBI Probes Uber, GTA 6 Hacks, Suspected UK Youth Extortion Leader (Forbes)