close
Advertisement
Can't connect right now! retry

add The News to homescreen

tap to bring up your browser menu and select 'Add to homescreen' to pin the The News web app

Got it!

add The News to homescreen

tap to bring up your browser menu and select 'Add to homescreen' to pin the The News web app

Got it!
AFP
July 17, 2020

Twitter’s bitcoin hack signals political danger

World

AFP
July 17, 2020

The hack at Twitter raises serious questions about in-house security at Donald Trump’s favourite social media platform but, experts say, also threatens malign consequences for the integrity of November’s US presidential election.

Here is what we know so far after hackers took over the Twitter accounts of an array of political and business leaders -- including Democratic White House candidate Joe Biden -- apparently as part of a bitcoin scam:

Twitter says it is still investigating but believes it fell victim to "a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools".

"Social engineering" describes fraudsters trying to manipulate their targets into divulging confidential information. Twitter’s admission means that even IT-savvy staff at one of the world’s best known internet companies are not immune. Citing web screenshots and two anonymous sources apparently behind the hack, Vice reported that a Twitter insider was responsible. One of the sources told the media group they had paid the employee.

"That (Vice report) is deeply troubling as these platforms have such influence," said professor Alan Woodward, of the Centre for Cyber Security at the University of Surrey in Britain. "It maybe suggests that no one person should be able to use these internal tools: it’s more difficult to bribe four eyes than two," he told AFP.

Limited, thus far. Twitter reacted quickly to deactivate the targeted accounts, delete the hoax messages and stop their onward transmission. The fake posts said people had 30 minutes to send $1,000 in bitcoin to receive twice as much in return.

A total of 12.58 bitcoin -- worth almost $116,000 -- were sent to email addresses mentioned in the fraudulent tweets, according to Blockchain.com. Gerome Billois, Paris-based cybersecurity expert for the consultancy Wavestone, said early indications were that "at least one person has in recent days been trying to hawk access to individuals’ certified accounts on the dark web, without success".

"It seems therefore that they decided to exploit the accounts themselves to try to make a quick buck," he said. That is what worries the experts more. If hackers could take over top-ranking accounts for small personal gain, they could also strive to subvert democracy itself. "We should worry. It seems the hacking at Twitter was in-house," commented Professor Anthony Glees, security and intelligence expert at the University of Buckingham.

"But if I were in Russian or Chinese or Iranian intelligence, I would be thinking about getting hold of somebody who works at the business to hire them," he said. Even if internet companies respond swiftly, as Twitter appears to have done, hacked messages can do serious financial damage to victims in a short space of time.

"But politically, a fake or hacked tweet at a critical time could have a huge impact. Someone getting in there at the right time with the right kind of misinformation could absolutely sway the (November) election," Glees told AFP. The normal rules of good online housekeeping still apply: be wary of fake web links or "phishing" messages designed to extract financial data, create strong passwords, use two-factor authentication to log in wherever possible.

The trouble is, none of that helps when a company’s own internal systems are penetrated, as happened with Twitter. So plain common sense was the best protection against the bitcoin hackers hawking a get-rich-quick scheme.