Twitter has come under fire for a security breach which allowed hackers to hijack the accounts of billionaires and powerful politicians; amid fears they could have played havoc with the stock market; messed with elections, or even tried to start a war.
Barack Obama, Joe Biden, Jeff Bezos and Elon Musk were all among victims of the four-hour attack; one which saw hackers infiltrate Twitter’s systems and post messages to their accounts asking for Bitcoin.
Twitter said the breach targeted its staff amid claims that workers were bribed to grant access. The hack forced it to stop all verified accounts from posting for several hours. It is not clear if those affected lost full control of their accounts.
While the hack is thought to be one of the largest in history, experts said Twitter was ‘extremely lucky’; that the hackers were only after money; warning that it ‘could have been much worse’.
Donald Trump’s account, which he has previously used to threaten North Korean leader Kim Jong-un with nuclear war, was thankfully untouched in the breach.
One intelligence official who spoke to the New York Times said the thought of anyone getting access to the accounts of world leaders was ‘scary’.
Other officials said that an ‘amatuerish’ individual was likely behind the attack rather than a state; but warned North Korea; Russia; and China – all of which have state-level hacking operations – could exploit the flaws it exposed.
Had the breach been carried out by a foreign state; the officials said, then the stock market would have been a prime target.
Elon Musk managed to cause ‘significant disruption’ to markets himself; back in 2018 when he tweeted that he was thinking of making Tesla a private company.
That caused Tesla’s stock price to jump by six per cent; meaning hackers with control over his account could have easily used it to influence markets again.
The accounts of Bill Gates and Jeff Bezos could have been used in a similar way.
Meanwhile Adam Conner, vice president for technology policy at the Center for American Progress warned that seizing control of the accounts of politicians such as Biden could have serious consequences for the upcoming US elections.
‘This is bad on July 15 but would be infinitely worse on November 3rd,’ he tweeted.
Twitter has already admitted that it does not know the full extent of the hack; or how much information the attackers accessed before they were kicked out.
Screenshots posted online after the attack suggest they may have gained access to private messages stored on the accounts.
Kevin Mitnick, a hacker turned security consultant, warn BBC Radio 4 that those messages could open the victims up to blackmail; threatening national security.
‘You can imagine if those messages were released; or if these hackers threatened to release them,’ he said.
At least one Senator, Josh Hawley of Missouri, has since written to Twitter CEO Jack Dorsey; demanding to know the extent of the breach and calling for an FBI probe.
‘Millions of your users rely on your service not just to tweet publicly; but also to communicate privately through your direct message service,’ he wrote.
‘A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.
‘Please reach out immediately to the Department of Justice and the Federal Bureau of Investigation; and take any necessary measures to secure the site before this breach expands.’
Hawley also demanded to know whether the hack had threatened the security of President Trump’s account.
The FBI’s San Francisco office confirmed it is aware of the attack; but would not say if it is investigating.
Twitter has confirmed that hackers targeted its employees in a ‘coordinated social engineering attack’; but did not give details about what that involved.
Social engineering attacks usually involve users being duped into giving out security information; or pressured into complying with a hacker.
Two people who took credit for the breach told Motherboard; that they had paid a Twitter insider to carry out the attack for them.
Screenshots of what appeared to be internal Twitter systems were also circulated online after the attack; with users who posted it suspended; and the image taken down by Twitter for ‘breaching its rules’.
The image appeared to show functions available to high-level Twitter administrators; including the ability to suspend, permanently suspend, or ‘protect’ user accounts.
Other tools included a ‘trends blacklist’ and ‘search blacklist’; suggesting that Twitter is able to limit how easily an account’s tweets appear across the site.
The company said that its investigation into the breach is ongoing.
Jack Dorsey wrote: ‘Tough day for us at Twitter. We all feel terrible this happened.
‘We’re diagnosing and will share everything we can; when we have a more complete understanding of exactly what happened.
‘Love to our teammates working hard to make this right.’
Meanwhile Twitter’s support page added: ‘We detected what we believe to be a coordinated social engineering attack; by people who successfully targeted some of our employees; with access to internal systems and tools.
‘We know they used this access to take control of many highly-visible (including verified) accounts; and tweet on their behalf.
‘We’re looking into what other malicious activity they may have conducted; or information they may have accessed; and will share more here as we have it.
List of compromised Twitter accounts
- Barack Obama
- Joe Biden
- Rep. Alexandria Ocasio-Cortez
- Mike Bloomberg
- Elon Musk
- Jeff Bezos
- Bill Gates
- Warren Buffet
- Kanye West
- Kim Kardashian West
- Wiz Khalifa
- Floyd Mayweather
PhotoCredit: Bloomberg via Getty images