Twit­ter takes ‘nu­clear op­tion’ to dis­arm hack­ers

Bit­coin scam­mers take con­trol of A-list ac­counts, re­port Olivia Rudgard and Margi Mur­phy in San Fran­cisco

The Daily Telegraph - Business - - Technology Intelligen­ce -

On Wed­nes­day af­ter­noon a tor­nado ap­proached cen­tral Illi­nois. Nor­mally, the Twit­ter ac­count run by the Na­tional Weather Ser­vice out­post based in the city of Lin­coln would be warn­ing res­i­dents about the dan­gers and offering ad­vice.

But it was silent, its abil­ity to tweet cut off by a mas­sive hack that had seen the ac­counts of some of the world’s most pow­er­ful peo­ple, in­clud­ing Jeff Be­zos, Joe Bi­den and Bill Gates, taken over and used to pro­mote a Bit­coin scam.

Twit­ter seemed pow­er­less to fix the prob­lem. Over an hour af­ter the first tweets started ap­pear­ing on the ac­count of Tesla boss Elon Musk, the at­tack­ers were still post­ing tweets pro­mot­ing the scam.

De­feated, Twit­ter was forced to take the nu­clear op­tion – pre­vent­ing all ver­i­fied users from tweet­ing. As well as the US pres­i­dent, the Prime Min­is­ter, the world’s big­gest busi­ness lead­ers and celebri­ties, the blan­ket ban stopped thou­sands of peo­ple with Twit­ter’s fa­mous “blue tick” from post­ing mes­sages.

The cri­sis ex­posed just how sig­nif­i­cant the plat­form has be­come, and how vul­ner­a­ble. For hours af­ter the at­tack, Twit­ter did not say, or ap­pear to know, who the hack­ers are, or how they gained con­trol. But Twit­ter has be­come the main mouth­piece for pres­i­dent Don­ald Trump, who uses it to post mus­ings on cur­rent af­fairs. US for­eign and do­mes­tic pol­icy is of­ten built up around his tweets.

The hack ap­pears to have stolen a mere tens of thou­sands of dol­lars, a pal­try re­ward for the amount of ac­cess the at­tack­ers ap­pear to have gained.

Those out­side the Twit­ter bub­ble, which is over­whelm­ingly com­posed of jour­nal­ists, politi­cos, provo­ca­teurs and bots, prob­a­bly had no rea­son to take no­tice and no in­ter­est in the hack.

But the in­ci­dent has po­ten­tial ram­i­fi­ca­tions well be­yond Twit­ter. With the ac­counts of the US pres­i­dent and his main po­lit­i­cal ri­val at their fin­ger­tips, the at­tack­ers had an al­most unimag­in­able amount of power.

Imag­ine fak­ing an an­nounce­ment that the big red but­ton had been pushed, and the mis­siles were on their way to North Korea. Un­der pre­vi­ous pres­i­dents, such wild state­ments would likely be dis­missed as the work of a hacker. But un­der the cur­rent one, they might well be taken se­ri­ously.

A study from King’s Col­lege Lon­don’s Cen­tre for Sci­ence and Se­cu­rity Stud­ies on Wed­nes­day il­lus­trated the risks: “To re­duce the risks of un­in­tended nu­clear es­ca­la­tion, gov­ern­ments and in­di­vid­ual of­fi­cials should re­frain from un­co­or­di­nated or ‘rogue tweet­ing’ dur­ing crises,” it said.

Last year, Twit­ter founder Jack Dorsey was him­self hacked us­ing the rel­a­tively sim­ple method of SIM hi­jack­ing, where hack­ers take over a phone num­ber and have ver­i­fi­ca­tion codes sent to them in­stead of the ac­count’s true owner. Trey Herr, di­rec­tor of the Cy­ber State­craft Ini­tia­tive at US think tank the At­lantic Coun­cil, sug­gests that this method could have been em­ployed again.

“Cell phone ven­dors are not very ef­fec­tive at val­i­dat­ing the iden­tity of peo­ple who call into their cus­tomer ser­vice lines, al­low­ing at­tack­ers to get cell ser­vice for an ac­count moved to a SIM card they con­trol and can in­ter­cept text-based 2FA codes.

“No­tably, the lan­guage in the tweets was tweaked to the voice of the tar­get,” he said.

But as hack­ing has be­come a se­ri­ous threat to peo­ple’s liveli­hoods and se­cu­rity (imag­ine a hacker tweet­ing out some­thing of­fen­sive or in­crim­i­nat­ing from a TV per­son­al­ity’s ac­count), high-pro­file tweet­ers have put far more pro­tec­tions in place.

More se­cure than a texted code is an au­then­ti­ca­tion app or phys­i­cal se­cu­rity key, both of which Twit­ter now of­fers.

Some sug­gested this had been a well-thought-out plan that had taken some time to con­coct, point­ing to the fact that a se­ries of fake websites had al­ready been set up.

Cre­at­ing fake do­mains is of­ten a ploy to lure peo­ple to mal­ware-laden sites in an at­tempt to get them to en­ter their pass­words or fi­nan­cial de­tails. The fact that the scam in­volved cryp­tocur­rency, and first ap­peared on large cryp­tocur­rency or­gan­i­sa­tions such as Coin­base, Gemini and crypto celebri­ties like the Win­klevoss twins and Elon Musk, makes the most ob­vi­ous mo­tive fi­nan­cial crime.

But the scale of the breach, Twit­ter’s worst to date, points to the com­pany it­self be­ing the vic­tim here.

Vice re­ported that Twit­ter was quickly re­mov­ing screen­shots of a com­puter screen that ap­peared to show a panel with ad­min­is­tra­tion rights to Twit­ter ac­counts, giv­ing them the abil­ity to com­pletely con­trol Twit­ter ac­counts re­motely.

Later on Wed­nes­day, Twit­ter said it had ex­pe­ri­enced a “co-or­di­nated so­cial en­gi­neer­ing at­tack by peo­ple who suc­cess­fully tar­geted some of our em­ploy­ees with ac­cess to in­ter­nal sys­tems and tools”.

Whether an em­ployee was hacked or will­ingly handed over con­trol of the ac­counts to hack­ers was not clear. Ei­ther way, it raises ques­tions about the in­ter­nal checks and bal­ances in­volved in ac­cess to the plat­forms of the world’s most pow­er­ful peo­ple.

If the lat­ter, it would not be the first time a Twit­ter em­ployee has gone rogue. In 2017, Bahti­yar Duysak de­ac­ti­vated Don­ald Trump’s twit­ter ac­count for a to­tal of 11 min­utes.

The Ger­man was work­ing as a con­trac­tor dur­ing the last part of a stay in the US where he had been work­ing and study­ing, in­clud­ing stints at YouTube and Google un­der var­i­ous con­trac­tors. One imag­ines Twit­ter has been closely vet­ting who gets ad­min rights ever since.

The names of those who were first hacked seem not to give too much away, but there were some in­ter­est­ing trends. As a prin­ci­pal se­cu­rity re­searcher at a well known or­gan­i­sa­tion opined, the fact that Trump’s ac­count was not seen spew­ing Bit­coin spam seemed sur­pris­ing.

Widely fol­lowed Right-wingers were left alone. In­stead, the pil­lars of US lib­eral so­ci­ety – Barack Obama, Bill Gates, Joe Bi­den and War­ren Buf­fett – were tar­geted.

There has been a long-run­ning joke that all Twit­ter is good for is Bit­coin scams. For years, fake Elon Musk ac­counts were able to con peo­ple out of buy­ing dig­i­tal coins un­til the plat­form cracked down. Per­haps the Bit­coin scam was some kind of an­ar­chist joke?

We may not yet know ex­actly how or why the Twit­ter hack hap­pened, but it lays bare how vul­ner­a­ble the plat­form is, and how eas­ily the plat­forms of some of the world’s most in­flu­en­tial peo­ple can be hi­jacked to un­known ends.

‘Imag­ine fak­ing a state­ment that the big red but­ton had been pushed, and the mis­siles were on their way to North Korea’ ‘The hack ap­pears to have stolen a mere tens of thou­sands of dol­lars, a pal­try re­ward for the ac­cess the at­tack­ers gained’

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.