The Twitter security breach that allowed hackers to hijack the accounts of billionaires, politicians, celebrities and companies has sparked fears they could have wreaked havoc on the stock market, meddled in elections or even potentially started a war.
Barack Obama, Joe Biden, Jeff Bezos and Elon Musk were among the victims of the four-hour attack on Wednesday that saw hackers infiltrate Twitter’s internal systems and post bogus tweets from the high profile accounts asking people to send Bitcoin.
Publicly available blockchain records show that the scammers received more than $116,000 worth of cryptocurrency, which equates to 12.8 bitcoin, from over 300 people over the four-hour stretch.
Twitter, whose stocks slumped 2.5 percent on Thursday following the embarrassing hack, has said the hackers targeted its staff amid claims that an employee was bribed to grant access to the internal systems.
The hack forced it to stop all verified accounts from posting for several hours. It is not clear if those affected lost full control of their accounts.
While the hack is thought to be one of the largest in history, experts said Twitter was ‘extremely lucky’ that the hackers were only after money, warning that it ‘could have been much worse’.
President Donald Trump’s account, which he has previously used to threaten North Korean leader Kim Jong-un with nuclear war, was untouched in the breach.
Former President Barack Obama, the most popular account on Twitter with more than 120 million followers, was targeted by hackers who posted a bitcoin scam to his account
One intelligence official who spoke to the New York Times said the thought of anyone getting access to the accounts of world leaders was ‘scary’.
Other officials said that an ‘amatuerish’ individual was likely behind the attack rather than a state, but warned North Korea, Russia, and China – all of which have state-level hacking operations – could exploit the flaws it exposed.
Had the breach been carried out by a foreign state, the officials said, then the stock market would have been a prime target.
Elon Musk managed to cause ‘significant disruption’ to markets himself back in 2018 when he tweeted that he was thinking of making Tesla a private company.
That caused Tesla’s stock price to jump by six per cent – meaning hackers with control over his account could have easily used it to influence markets again.
The accounts of Bill Gates and Jeff Bezos could have been used in a similar way.
Meanwhile Adam Conner, vice president for technology policy at the Center for American Progress, warned that seizing control of the accounts of politicians such as Biden could have serious consequences for the upcoming US elections.
‘This is bad on July 15 but would be infinitely worse on November 3rd,’ he tweeted.
Twitter has already admitted that it does not know the full extent of the hack, or how much information the attackers accessed before they were kicked out.
Screenshots posted online after the attack suggest they may have gained access to private messages stored on the accounts.
Kevin Mitnick, a hacker turned security consultant, warn BBC Radio 4 that those messages could open the victims up to blackmail – threatening national security.
‘You can imagine if those messages were released or if these hackers threatened to release them,’ he said.
At least one Senator, Josh Hawley of Missouri, has since written to Twitter CEO Jack Dorsey demanding to know the extent of the breach and calling for an FBI probe.
‘Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,’ he wrote.
‘A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.
‘Please reach out immediately to the Department of Justice and the Federal Bureau of Investigation and take any necessary measures to secure the site before this breach expands.’
Hawley also demanded to know whether the hack had threatened the security of President Trump’s account.
The FBI’s San Francisco office confirmed it is aware of the attack, but would not say if it is investigating.
Twitter CEO Jack Dorsey said he felt ‘terrible’ following the massive security breach
Twitter has confirmed that hackers targeted its employees in a ‘coordinated social engineering attack’, but did not give details about what that involved.
Social engineering attacks usually involve users being duped into giving out security information, or pressured into complying with a hacker.
Two people who took credit for the breach told Motherboard that they had paid a Twitter insider to carry out the attack for them.
Screenshots of what appeared to be internal Twitter systems were also circulated online after the attack, with users who posted it suspended and the image taken down by Twitter for ‘breaching its rules’.
The image appeared to show functions available to high-level Twitter administrators, including the ability to suspend, permanently suspend, or ‘protect’ user accounts.
Other tools included a ‘trends blacklist’ and ‘search blacklist’, suggesting that Twitter is able to limit how easily an account’s tweets appear across the site.
The company said that its investigation into the breach is ongoing.
Jack Dorsey wrote: ‘Tough day for us at Twitter. We all feel terrible this happened.
‘We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
‘Love to our teammates working hard to make this right.’
Meanwhile Twitter’s support page added: ‘We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
‘We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.
‘We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
‘Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
‘We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
‘This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
‘We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
‘Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.’
It is not the first time a Twitter employee has been implicated in malicious actions.
In 2017, a Twitter worker went rogue and briefly deleted President Donald Trump’s account before it was quickly reinstated.
According to the Justice Department, two other former Twitter employees previously abused their access to spy on users for the Saudi regime.
Other political figures impacted in Wednesday’s attack included Rep. Alexandria Ocasio-Cortez and former Democratic presidential candidate Mike Bloomberg.
Of the politicians affected by the breach, all appeared to be Democrats.
President Donald Trump’s account, a high-profile target, was not affected.
It is possible that Twitter has additional restrictions on the accounts of world leaders that make it impossible for most of its own employees to access them.
Trump has been embroiled in a feud with Twitter in recent months, after the social media site began slapping warning and fact-checking labels on some of the president’s tweets.
Following Wednesday’s breach, Biden’s campaign was ‘in touch’ with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat’s account ‘immediately following the breach and removed the related tweet.’
Trump’s re-election campaign seized on the breach, with campaign spokesman Tim Murtaugh mocking the scam message as similar to Biden’s policy proposals.
‘I’ve seen creative ways to disguise a tax increase, but this takes the cake,’ Murtaugh tweeted. ‘Hacked account or not, this is a perfect metaphor for Biden’s pitch to taxpayers: ‘Give me your money!”
More than an hour after the first wave of hacks, Twitter prevented at least some verified accounts from publishing messages altogether.
According to UN Cybercrime Chief Neil Walsh, the ban extended to all verified accounts worldwide, an unprecedented step that shut down a critical platform for rapid communication.
Verified users include celebrities and journalists, but also governments, politicians and heads of state.
For several hours on Wednesday, Twitter users with verified accounts saw this message when they tried to post a tweet, as the site shut down all checkmarks as a precaution
Twitter shares fell nearly 4% in after-hours trading as the company froze verified accounts
Although individual Twitter accounts have been briefly breached in the past using stolen passwords, the scale of Wednesday’s attack was unprecedented.
‘This appears to be the worst hack of a major social media platform yet,’ said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
The fraudulent tweets all followed a similar formula, and directed potential victims to send bitcoin to the same anonymous wallet.
‘I am giving back to my community due to COVID-19!’ read the scam tweet posted to Obama’s account.
‘All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!’ the fake message continued.
The message shared on Bezos’ account stated he is ‘only doing a maximum of $50,000,000.’
One scam tweet surfaced on Elon Musk’s Twitter account around 4:30pm ET Wednesday
Amazon CEO Jeff Bezos was also among the victims targeted in the bitcoin scam
Most of the fraudulent tweets disappeared within minutes of first being posted, suggesting that Twitter administrators were playing whack-a-mole with the attacker.
Although many users knew the gesture was the working of a cybercriminal, others replied they sent money to the listed account.
Many Twitter users posted screenshots of bitcoin transfer receipts to the wallet listed in the scam, claiming they had been duped before realizing the scam.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency, with the amount still growing.
Several Twitter users claimed that they had fallen for the scam and sent bitcoin
Some experts said the incident has raised questions about Twitter’s cybersecurity.
‘It’s clear the company is not doing enough to protect itself,’ said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
‘We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,’ he said.