Hackers broke into the Twitter accounts of world leaders, celebrities, and tech moguls on Wednesday in one of the most high-profile security breaches in recent years, highlighting a major flaw with the service millions of people have come to rely on as an essential communications tool. The intent of the hack appeared to be to steal money from unsuspecting cryptocurrency enthusiasts — in particular, by using the compromised high-follower accounts to scam people out of Bitcoin. But it also raises questions about Twitter's ability to secure its service against election interference and misinformation ahead of the US presidential election.
Here are some questions and answers about the breach:
On Wednesday afternoon, the Twitter accounts of famous figures began tweeting similar messages saying they were “feeling generous” and would double any Bitcoin payments sent to an address in the tweet. Among the individual accounts affected were former US President Barack Obama, Democratic presidential candidate Joe Biden, tech billionaires like Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, and Tesla CEO Elon Musk and celebrities such as Kanye West and his wife, Kim Kardashian West.
Twitter soon locked down many accounts, including those of its “verified” users with blue check marks next to their names — a group that include many US politicians as well as businesses, celebrities, journalists, and news organisations. Twitter called the hack a “coordinated social engineering attack" by unknown people who “targeted” Twitter employees with access to the platform's internal systems and tools.
The hackers, Twitter said, used this access to take control of many high-profile accounts and masquerade as their owners.
Essentially, social engineering means taking advantage of human nature. Examples include phishing attacks and other ways people can be tricked into giving out compromising information, malware attacks that get people to download malicious software, and compromising people by offering something in return for information. Twitter did not say how its employees were compromised.
Twitter said late Wednesday it has taken “significant steps” to limit employees' access to internal systems and tools while its investigation is ongoing. But this is not the first time Twitter employees have wrecked havoc.
In 2017, a disgruntled employee deactivated President Donald Trump's account for a few minutes. Last year, US prosecutors charged two former Twitter employees with spying on user data for the government of Saudi Arabia. The incidents raise questions about Twitter's internal security systems, and whether the company can trust employees with access to sensitive information.
The hack might be a simple demonstration of Twitter's weak security controls as the US heads into the 2020 presidential election, a contest in which social media is already playing a hugely influential role.
Among the political figures targeted, the hack mostly appeared to target Democrats or other figures on the left, drawing comparisons to the 2016 campaign. The White House said that President Donald Trump's account was secure and wasn't jeopardised.
US intelligence agencies have established that Russia engaged in coordinated attempts to interfere in the 2016 US election through social media tampering and various hacks, including targeting the campaigns and major party organisations.
While Twitter, Facebook and other social media companies have since tightened their election security systems and policies, malicious actors trying to intervene have also improved their tactics. In other words, if a Bitcoin scam was so easy to pull off, what will prevent an attack on the US election?
Why are smartphone prices rising in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.