Thursday, July 16, 2020

Twitter Hack: Why Wasn’t Donald Trump Targeted?



Donald Trump's Twitter account wasn't directly affected by the Twitter hack GETTY IMAGES

Bill Gates, Elon Musk, Apple, Joe Biden, Barack Obama... the list of the Twitter glitterati who had their accounts hijacked last night is long. But there’s one notable name that doesn’t appear on the list, arguably the most famous Twitter user of them all: Donald Trump.

While many of the biggest Twitter accounts were vandalized with messages urging people to participate in what appears to be a bitcoin scam, the @realDonaldTrump account and its 83.5 million followers were not targeted. Neither was the official account of the president @POTUS and its 30.8m audience.

The question looms large: why did the scammers not target the most high-profile account of them all?


Enhanced security

The first theory is that Trump’s accounts have some form of enhanced security measures that aren’t available to other verified account holders.

The president would undoubtedly be the service’s prime target for hackers, so it is possible that Twitter has afforded Mr Trump and his staff some form of extra verification that made it more difficult to breach his account.

Twitter has this morning admitted that the breach was a result of a “social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter said in a series of tweets published on its support account.

What might those enhanced security measures be? Twitter may, for example, only permit tweets to be made to Trump’s accounts from authorized devices, meaning that even the elevated staff accounts that the hackers breached weren’t able to tweet on the president’s behalf.

Politically motivated

Given that Donald Trump’s predecessor and forthcoming opponent in the presidential election were targeted, but not Trump himself, there’s also the question of whether the attack was politically motivated.

That, currently, seems unlikely. Prominent Republicans were targeted during the attack, such as one-time Republican presidential candidate Michael Bloomberg. There was also no political messaging in any of the faked tweets.

A direct attack on the president would also raise the stakes in what is already an incredibly high-profile attack. A statement released by the FBI suggests it’s already looking into the attacks. “We are aware of today's security incident involving several Twitter accounts belonging to high profile individuals," the FBI said in a statement last night. It would be under much greater pressure to investigate, and investigate hard, if the president’s account had been compromised in the run-up to an election.

That’s not to say investigations aren’t going to be pursued. Indeed, Republican politicians are already pressing for a probe. A Vice report claims Republican senator Josh Hawley has already written to Twitter, asking the company to “reach out immediately to the Department of Justice and the Federal Bureau of Investigation and take any necessary measures to secure the site before this breach expands".

Sign of things to come?

The ease with which the hackers managed to breach so many high-profile accounts is the biggest cause for concern. Given the enormous audience the hackers were able to reach - albeit temporarily - it raises obvious questions over Twitter’s security and whether it could be used for something more sinister than a ham-fisted bitcoin scam.

Although Twitter will now undoubtedly go through a fresh security review, it’s been punished for a similar kind of attack previously. A decade ago, the company settled a case with the FTC in which it was found that “an intruder compromised an employee’s personal email account, and was able to infer the employee’s Twitter administrative password, based on two similar passwords, which had been stored in the account”. This was used to “access non-public user information and non-public tweets for any Twitter user. In addition, the intruder could, and did, reset at least one user’s password.”

Twitter CEO Jack Dorsey has already promised to publish the findings of an internal investigation into the attack.


This time Twitter will really have to learn its lessons.

Barry Collins Contributor
Consumer Tech
I am a consumer tech expert writing about Windows, PCs, laptops, Mac, broadband and more.
Follow me on Twitter or LinkedIn. Check out my website.
I have been a technology writer and editor for more than 20 years. I was assistant editor of The Sunday Times’ technology section, editor of PC Pro magazine


Some of the world's biggest Twitter accounts are hacked. Here's what we do and don't know about what's going on right now.
Twitter CEO Jack Dorsey REUTERS/Anushree Fadnav

Elon Musk wants to give you free bitcoin — at least, that's what his Twitter account says.

Don't trust him.

The Tesla account is one of numerous high-profile accounts on the social network that have been compromised as part of a remarkable, far-reaching hack, in an attempt to scam people using digital currency bitcoin.

As of writing on Wednesday, there's still a whole lot of unknowns. But here's what we do and don't know so far.

Who's been hacked?

Tons of people. And some companies.

Joe Biden, Jeff Bezos, Apple's official account, Bill Gates, Warren Buffett, Kanye West, Kim Kardashian, Uber, Wiz Khalifa, Floyd Mayweather, Cash App, MrBeast, XXXTentacion, parody account TheTweetOfGod ... the list goes on and on.

The only common thread between the accounts appears to be that they're all, well, very famous. The hacker(s) appears to be targeting high-profile accounts that will spread the scam as far as possible.
How did they get hacked?

Late Wednesday evening, Twitter said it had uncovered "what we believe to be a coordinated engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." Those with access to those tools, "ostensibly Twitter employees," can reset email addresses associated with accounts, as TechCrunch reported.
What do the hacked messages look like?

Like this:

No, Obama is not going to give you free bitcoin. BI

What's Twitter saying about all this?

In a fairly unenlightening statement via tweet, Twitter's Security team confirmed there were shenanigans happening and that it was looking into it. "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly," they wrote.

CEO Jack Dorsey chimed in on the incident in a tweet later on Wednesday evening, calling it a "tough day for us at Twitter."

"We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened," Dorsey said.

Later on Wednesday, however, the company asserted that, once it became aware of the attack, it "locked down the affected accounts and removed Tweets posted by the attackers." As a precaution, it also limited access for a larger group of accounts — verified users ("blue checks") were unable to post for some time.

Despite the company's actions, hacked posts remained on the site long after many of its users realized things were awry.

"Our investigation continues and we hope to have more to share there soon," a Twitter spokesperson told Business Insider.

What's Twitter doing to stop it?

Many verified users, including this reporter, said that they were unable to tweet, but could retweet others' posts. Twitter's Security team eventually followed its original tweet with updates confirming that users might not be able to tweet or reset their passwords while it looked into things.

Around 9:30 p.m. ET, they returned to say that the account restrictions should be lifted.

"Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible," it tweeted.

Later on Wednesday, the company said that "Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing."


What's the scam?

Generally, the compromised accounts are posting a tweet saying they're feeling generous (or some other similar motivation), and falsely claiming that if people send them bitcoin to their address, they'll resend them double back.
Should I send them bitcoin?

No.
Who's behind the hack?

We don't know yet. 

No comments: