On Wednesday, scammers launched one of the most audacious attacks in recent memory, posting messages from the Twitter accounts of Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk that if people sent Bitcoin, the famous person would send back double the money. The first attack targeted high-profile cryptocurrency leaders and companies, but soon broadened to include a list of prominent U.S. politicians and entertainment and tech executives. It appears that an internal Twitter account was involved in the attacks, but it has yet to be determined whether an employee was willfully complicit.
The New York Times reports that Twitter quickly removed the messages, but attackers managed to send similar tweets, “suggesting that Twitter was powerless to regain control.”
Twitter “eventually disabled broad swaths of its service, including the ability of verified users to tweet, for a couple of hours.” It also tweeted that it was looking for a fix, stating that users “may be unable to Tweet or reset your password while we review and address this incident.” Service was restored later that night, but security experts noted that, “the hackers could have easily caused much more havoc.”
An investigation into the attack led U.S. intelligence agencies “to an initial assessment that this was most likely the work of an individual hacker, not a state,” since a state would “probably focused on trying to trigger stock market havoc, or perhaps the issuance of political pronouncements in the name of Biden or other targets.” The breach didn’t impact President Trump’s account, which is “under a special kind of lock-and-key after past incidents.”
Stanford Internet Observatory director Alex Stamos reported that, “one of the leading theories among researchers was that the hacker, or hackers, had obtained the encryption keys to the system, which enabled them to essentially imitate or steal the ‘tokens’ that grant access to individual accounts.”
By Wednesday evening, the Bitcoin wallets promoted in the tweets had received over 300 transactions and Bitcoin worth over $100,000.” As Twitter locked down accounts, news-related tweets — such as warnings about a tornado in Illinois — could not be sent.
Vice reports that Motherboard spoke to the hackers, granting them anonymity. One of them stated, “we used a rep that literally done all the work for us,” and a second source “added they paid the Twitter insider.” They stated that they “used an internal tool at Twitter” to take over the accounts. Motherboard looked at screenshots that suggested that “at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.”
Two sources “said the Twitter panel was also used to change ownership of some so-called OG accounts — accounts that have a handle consisting of only one or two characters — as well as facilitating the tweeting of the cryptocurrency scams from the high-profile accounts.” It notes that, “whereas in other cases hackers have bribed workers to leverage tools over individual users, in this case the access has led to takeovers of some of the biggest accounts on the social media platform and tweeted Bitcoin-related scams in an effort to generate income.”
“The hack, and the company’s inability to quickly figure out what happened, is a major embarrassment for Twitter,” suggests The New York Times. “The hack of high-profile accounts to share a scam” indicates the platform is “unprepared for the security threats it faces. The attack also raised questions about election security, especially since political leaders were among those attacked.”
Twitter Says Hackers Targeted Just 130 People in Cyber-Attack, Bloomberg, 7/16/20
FBI Investigates Twitter Hack Amid Broader Concerns About Platform’s Security, The Wall Street Journal, 7/17/20