Twitter hack: Security experts sound alarm over platform's 'astonishing' response to scam that hit Elon Musk, Obama and others

Andrew Griffin
Thursday 16 July 2020 08:28 BST
Comments
In this photo illustration, the logo for the Twitter social media network is projected onto a man on August 09, 2017 in London, England
In this photo illustration, the logo for the Twitter social media network is projected onto a man on August 09, 2017 in London, England (Leon Neal/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Security experts have questioned Twitter's "astonishing" response to one of the most remarkable cyber attacks ever.

The hack allowed attackers to take over some of the world's biggest Twitter accounts, posting messages that encouraged anyone reading to send bitcoin to a specific address and falsely promising that they would receive yet more cryptocurrency in return.

The posts came from the official accounts of people including tech billionaire and Tesla founder Elon Musk, former president Barack Obama, Democratic presidential candidate Joe Biden and reality television star Kim Kardashian.

It prompted a long and sometimes confusing response from Twitter, which included temporarily blocking all posts from verified accounts, and which took hours to decisively stop the posts and take them down.

It explained its actions in a series of tweets, writing: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

The hackers then "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf."

The company statements confirmed the fears of security experts that the service itself - rather than users - had been compromised.

Twitter's role as a critical communications platform for political candidates and public officials, including President Donald Trump, has led to fears that hackers could wreak havoc with the Nov. 3 presidential election or otherwise compromise national security.

Adam Conner, vice president for technology policy at the Center for American Progress, a liberal think-tank, said on Twitter: "This is bad on July 15 but would be infinitely worse on November 3rd."

Posing as celebrities and the wealthy, the hackers asked followers to send the digital currency bitcoin to a series of addresses. By evening, 400 bitcoin transfers were made worth a combined $120,000. Half of the victims had funds in U.S. bitcoin exchanges, a quarter in Europe and a quarter in Asia, according to forensics company Elliptic.

Those transfers left history that could help investigators identify the perpetrators of the hack. The financial damage may be limited because multiple exchanges blocked other payments after their own Twitter accounts were targeted.

The damage to Twitter's reputation may be more serious. Most troubling to some was how long the company took to stop the bad tweets.

"Twitter's response to this hack was astonishing. It's the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident," said Dan Guido, CEO of security company Trail of Bits.

An even worse scenario was that the bitcoin fraud was a distraction for more serious hacking, such as harvesting the direct messages of the account holders.

Twitter said it was not yet certain what the hackers may have done beyond sending the bitcoin messages.

"We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it," the company said.

Mass compromises of Twitter accounts via theft of employee credentials or problems with third-party applications that many users employ have occurred before.

Wednesday's hack was the worst to date. Several users with two-factor authentication - a security procedure that helps prevent break-in attempts - said they were powerless to stop it.

"If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," said Michael Borohovski, director of software engineering at security company Synopsys.

Additional reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in