In case 2020 wasn’t dystopian enough, hackers on July 15 hijacked the Twitter accounts of former President Barack Obama, presidential hopeful Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian and Apple, among others. Each hijacked account posted a similar fake message. The high-profile individual or company wanted to philanthropically give back to the community during COVID-19 and would double any donations made to a bitcoin wallet, identical messages said. The donations followed.
The hack on the surface may appear to be a run-of-the-mill financial scam. But the breach has chilling implications for democracy.
Serious political implications
As a scholar of internet governance and infrastructure, I see the underlying cybercrimes of this incident, such as hacking accounts and financial fraud, as far less concerning than the society-wide political implications. Social media – and Twitter in particular – is now the public sphere. Using a hijacked account, it would be simple to wreak economic damage, start a national security crisis or create a social panic.
Consider some of the potential threats to society posed by the takeover of technology infrastructure.
- Market stability. Coordinated rogue tweets from the accounts of Apple, Facebook, Google, Netflix and Microsoft could easily crash the stock market, at least temporarily, eroding confidence in markets.
- Societal panic. A false warning about an impending terrorist attack from a major media company account could create a dangerous public panic.
- National security. Twitter is the platform of choice for President Donald Trump. A foreign adversary hijacking his account and announcing a nuclear strike on North Korea could be catastrophic.
- Democracy. Hijacked accounts could sow well-timed political disinformation that sways or seeks to delegitimize the 2020 presidential election.
As such, what happened is not about financial crime. It is a serious threat to us all.
Politicians are rightly calling for hearings and investigations. The House Committee on Oversight and Reform ranking member, Kentucky Republican James Comer, issued a letter demanding answers from Twitter CEO Jack Dorsey about what happened. New York Governor Andrew Cuomo ordered a full investigation of the hack, warning that “Foreign interference remains a grave threat to our democracy.”
The FBI is investigating the incident.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
? to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Twitter disclosed that approximately 130 accounts were affected and that “attackers were able to gain control of the accounts and then send Tweets from those accounts.” The affected accounts seemed to be “verified accounts” with the blue check mark meant to authenticate the identities of high-profile public figures.
Because these accounts are potential hacking targets, Twitter recommends additional security such as having a second log-in verification check, and requiring personal information such as a phone number to reset a password.
How were the accounts taken over? There are two general possibilities: Either hackers gained the login credentials, including passwords, or gained access to systems from inside the company. Twitter has, as of this writing, described the attack as having “successfully targeted some of our employees with access to internal systems and tools.” In other words, it may have originated inside Twitter’s secure system.
But this explanation raises more questions. Are Twitter employees (or hackers) with unauthorized access to “internal systems” actually able to tweet from the account of someone like Joe Biden? Another major question is whether the hackers also were able to read the private direct messages in each of these accounts.
To begin to regain trust, Twitter will have to clarify what happened and explain what the company will do to mitigate such an attack in the future.
In terms of the tactics used, Twitter described the incident as having used social engineering, a term that refers to a cyberattack exploiting some human action. Examples include phishing attacks that prompt someone to click on a malicious link in an email or divulge a password or personal information. These techniques date back decades, such as the infamous I Love You attack of 2000, when emails with the subject line “I Love You” prompted people to download a virus-infected file, creating massive economic damage to companies. It can be a range of activities aimed at deceiving people into providing information useful to another party, such as a hacker trying to penetrate a company’s network.
The essential feature of a social engineering attack is that a human being is prompted to make an error in judgment. If anyone ever thought an individual has no agency in cybersecurity, simply recall the Democratic National Committee email data breach in advance of the 2016 U.S. presidential election. That incident in part originated via a phishing attack that tricked someone into disclosing email credentials. Cybersecurity is a problem of human psychology and cyberliteracy as well as a complex technical area. Not only do Twitter employees appear to be victims of social engineering, according to the initial explanation, but so too were those people who were tricked into giving bitcoin donations.
Not just a tech company problem
Cybersecurity is the great human rights issue of our time simply because the security of everything in our society – from elections to health care to the economy – is dependent upon the security of the digital world. Private companies now mediate the public sphere and so they bear great responsibility for this security. From the Facebook Cambridge Analytica scandal to the Yahoo! data breach, tech companies have had trust problems. At the same time, the COVID-19 pandemic lays bare how much we need the digital world and must get cybersecurity right.
The disclosure that the Twitter hack originated via a social engineering technique is a reminder that cybersecurity is an individual human responsibility as much as a technical or institutional one. We are all responsible. Twitter was originally not designed to be something so politically relevant. Now we all know it is. That’s why this latest attack is so serious.
Check out the NEW NOQ Report Podcast.
Join fellow patriots as we form a grassroots movement to advance the cause of conservatism. The coronavirus crisis has prompted many, even some conservatives, to promote authoritarianism. It’s understandable to some extent now, but it must not be allowed to embed itself in American life. We currently have 8000+ patriots with us in a very short time. If you are interested, please join us to receive updates.
We Often Feel Like David Taking on Giants
Today’s Goliath is the Mainstream Media Industrial Complex that brainwashes the masses.
Our mission is very straightforward: To counter the false narratives and nefarious agendas destroying America today. It isn’t easy for obvious reasons; despite incredible growth over the last year we are still a very tiny fish in a huge media pond. But we’re fighting and we will continue to do so, Lord willing, for as long as we possibly can. The battle for America’s present and future is too important for us to back down to the giants that stand in our way.
We need help. I don’t want to say “desperately,” but the need is definitely great. If you have the means, please donate through our GivingFuel page, PayPal, or our brand new GiveSendGo page. Your generosity is what keeps these sites running and allows us to get the truth to the masses. We’ve had great success in growing but we know we can do more with your assistance.
Thank you, and God Bless!