Twitter hack: Attackers could have conducted 'other malicious activity', as experts warn bitcoin scam could be cover for something more damaging

Company says investigations into what hackers were able to access are ongoing

Andrew Griffin
Thursday 16 July 2020 09:02 BST
Comments
The Twitter logo is seen on a phone in this photo illustration in Washington, DC, on July 10, 2019
The Twitter logo is seen on a phone in this photo illustration in Washington, DC, on July 10, 2019 (AFP/Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A hack that saw many of the world's most famous Twitter accounts taken over to launch a bitcoin scam could actually have been cover for something even more damaging.

Twitter has admitted that the hackers may have conducted "other malicious activity" while they had access to the accounts, or that they could have accessed other information the site while they briefly had access to the company's platform.

The hack emerged overnight as many Twitter accounts with large followings – everyone from Elon Musk to Barack Obama – posted tweets telling people to send bitcoin to a specific address. The tweets falsely claimed that any money sent to the accounts would be repaid twice-over, as part of what the messages claimed was an effort to give back to fans.

Such cryptocurrency scams have been popular on Twitter in recent years, with some users such as Elon Musk being targeted by criminals who create fake accounts in their name and post similar messages, indicating that users should send bitcoin to receive some in return. But they have never been executed on such a grand or embarrassing scale.

Despite the spectacular nature of the attack, and the fact the hackers seem to have had access not just to specific accounts but to underlying Twitter systems, the scam was relatively unsuccessful. Public records show that the account received less than 13 bitcoins, worth just over $100,000 at today's prices.

The fact that such a major hack was carried out for relatively little reward, despite having what appears to be wide-ranging access to the Twitter platform, has led to some speculation that the cryptocurrency scam could actually be masking another, perhaps more damaging, attack.

In a series of tweets outlining what happened during the attack, Twitter admitted that the hackers appeared to have access to internal systems that seemingly allowed them to tweet from almost any account. It also noted that they may have used that same access to conduct "other malicious activity" or to steal information.

That information could have theoretically included accessing private direct messages, for instance, or compromising other less immediately obvious accounts or systems.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company wrote.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."

Security experts sounded alarm about the fact the attack was able to happen and noted that the scam could be a "distraction" from more substantial access.

"If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," said Michael Borohovski, director of software engineering at security company Synopsys.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in