Twittersphere hit with hack in massive scam demanding bitcoin
- A massive hacking operation has targeted major twitter accounts of political figures, celebrities, and tech leaders
- Twitter has since removed the illegitimate tweets
- The scam involves asking the public for bitcoin donations
On Wednesday, the twitter accounts of several major companies and individuals appeared to have been compromised in what is believed to be a widespread hacking operation.
The verified (blue tick) accounts of political figures including Barack Obama and Joe Biden, tech giants like Apple, industry leaders such as Elon Musk, Jeff Bezos, Bill Gates, and celebrities Kim Kardashian West were among the targets of the major security breach.
The scam saw hackers taking over dozens of high-profile accounts and urging the public to “donate” bitcoin via malicious links they provided, promising doubled contributions in return.
“We are giving back to our community. We support Bitcoin and we believe you should too,” read one such message on Apple’s Twitter account. “All Bitcoin sent to our address below will be sent back to you doubled,” the message added, including a link.
Following reports of the scam, Twitter “immediately locked down the affected accounts” and removed the malicious tweets that hackers had posted. The social media giant clarified that while the restrictions placed on other high-profile accounts were disruptive, it was a necessary move to “reduce risk.”
Most limited functions placed on the affected accounts have since been restored, but the investigation into the breach in ongoing.
The social media giant later confirmed that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Twitter Support (@TwitterSupport) July 16, 2020
On Twitter’s revelation that the incident involved the misuse “internal systems and tools” being misused, Todd Peterson, IAM Evangelist at One Identity, explained that providing customer support for “high-profile” customers means IT administrators need privileged access to certain accounts, to help reset passwords and to help clear up after an account takeover.
“However, with this great power comes great responsibility – and it takes only one bad admin to create global chaos by abusing their privileged access,” he told TechHQ.
“Touching such high profile Twitter accounts should be tied to an approval process, where a single person cannot act alone, without a detailed explanation and an approval by a superior.” Peterson continued; “a modern record-and-review monitoring system would have also stopped the lone actor in their tracks by flagging the highly unusual activity and helping to retrace and undo their steps.”
The affiliated bitcoin account seemed to have gathered up to US$100,000 worth of donations within an hour after the tweets were published online. However, many have speculated that the sum could be a decoy, as scammers are known to transfer their own money into accounts to make them appear more legitimate.
It's an actual wallet address and there are transactions happening. It's unclear if these transactions are legit. Scammers often seed their own scams to give them the appearance of authenticity. https://t.co/GUHEDaKNxu pic.twitter.com/xfhl3817xr
— Ryan Mac 🙃 (@RMac18) July 15, 2020
Bitcoin has become the de facto currency of ransomware, and the latest news shows that it’s gaining traction in scams. The cryptocurrency can be easily purchased with a credit card, payments can be quickly verified by cybercriminals and, while it isn’t the most private of cryptocurrencies, ‘mixer’ and ‘tumbler’ services can allow criminals to launder payments and keep identities closeted.
Such a high-profile scam doesn’t do anything to quell concerns about cryptocurrencies’ shady associations with crime and overall lack of accountability, despite their benefits.
Tech firms have been bullish in their goals of progressing towards future currencies. Facebook’s attempt to launch Libra (a blockchain-based currency) has triggered national financial institutions and incumbent banks to delve deeper into these rising finance-related technologies that could potentially shift monetary power into a wider, less centrally-regulated ecosystem.
Recently, Microsoft filed for a new crypto mining system patent that relies on energy emitted from daily activities. If successful, the tech giant will be able to slash the cost of the specialized hardware that powers crypto mining.
However, Twitter’s Jack Dorsey himself believes that bitcoin is still in the nascent stage of adoption: “It’s not functional as a currency. The peaks and troughs are like an investment asset and are equivalent to gold. What we need to do is make it more usable and accessible as a currency, but it’s not there yet.”
You may be unable to Tweet or reset your password while we review and address this incident.
— Twitter Support (@TwitterSupport) July 15, 2020
6 August 2020