Twitter Hack: A Sign of More Troubles Ahead?Some Experts Say the Platform's Security Failures Could Lead to Bigger Attacks
While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.
By Thursday, the Twitter accounts affected by the hacking incident had returned to normal. Those include the accounts of Democratic presidential candidate Joe Biden, Tesla CEO Elon Musk, Microsoft founder Bill Gates and the corporate accounts of Apple, Uber and others. The affected verified accounts with their distinctive blue checkmarks could send out messages and tweets again.
Twitter said in a Wednesday statement that the incident appears related to a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." But the social media giant has yet to provide further details.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.— Twitter Support (@TwitterSupport) July 16, 2020
In addition to Twitter's own internal investigation, the Wall Street Journal reported that both the FBI and New York State authorities are now investigating the incident as well.
Wednesday's Twitter hack is likely a one-off incident with financial gain as the goal, some security experts tell Information Security Media Group. But the fact that verified accounts of public figures were successfully manipulated indicates the stage is set for more damaging attacks.
In Wednesday’s incident, the hackers took over accounts seeking to get followers to send money. But in a future attack, “could the instructions change, and would they be followed?" asks Evan Dornbush, a former employee with the U.S. National Security Agency and now CEO of security firm Point3 Security.
Mounir Hahad, the head of Juniper Threat Labs at Juniper Networks, says hackers who take over the accounts of influential leaders could potentially cause chaos.
"This is a very serious hack that could have resulted in a lot of damage in financial markets should a tweet have been attributed to a personality with influence, like the president of the United States, the Treasury secretary or the chairman of the Federal Reserve Bank," Hahad says.
Nature of Wednesday’s Incident
Troy Mursch, the chief research officer at security firm Bad Packets, notes that the Wednesday hacking incident could be something bigger “than what we saw on the surface as a bitcoin scam."
Although Saryu Nayyar, the CEO of security firm Gurucul, does not believe Wednesday's hacking incident was a trial run for a more damaging cyberattack, she says other groups could now be inspired to wage similar campaigns.
"It seems unlikely that this was itself a proof-of-concept for a more dangerous attack, but we will certainly see attackers use this technique in the future," Nayyar tells ISMG. "What their goals down the road will be is anyone's guess."
Nayyar notes that the hackers were cunning enough to use social engineering techniques and chose a proper target audience - walking a thin line between targeting those tech savvy enough to access bitcoin yet gullible enough to fall for such an obvious ploy.
"The trouble going forward is, will people believe VIP social media posts because they trust they are 'real'? That could lead to dangerous consequences socially, as well as financially, as we've just seen," Nayyar says.
The hackers behind Wednesday’s incident likely were just out to make a quick buck, says Dmitry Galov, a security researcher at Kaspersky. In fact, some 360 individuals reportedly transferred approximately $120,000 in bitcoin to the scammers within two hours of the account takeovers.
"Obviously, this attack carries some financial and reputational risks for the company,” Galov says. “However, as it appears to be a one-shot attack, we do not currently believe that it carries any extensive global ramifications.”
An Inside Job?
On Thursday, Vice Motherboard, citing sources who identified themselves as hackers who took over Twitter accounts Wednesday, reported that a Twitter employee gave hackers access to an internal tool that allowed them to hijack the verified accounts.
Twitter has had previous issues with employees who apparently gave access to outsiders. In November 2019, the U.S. Justice Department charged three men with perpetrating a campaign to infiltrate the social media company and spy on critics of the Saudi Arabian government (see: Feds Allege Saudi Spies Infiltrated Twitter).
The hijacking of verified accounts has also prompted some to question why Twitter doesn’t take more security steps for employees as well as users.
On Thursday, Sen. Ron Wyden, D-Ore., noted that Twitter CEO Jack Dorsey promised to provide end-to-end encryption for Twitter's Direct Messaging features in 2018, but it has not yet delivered on that pledge.
It's been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access.— Ron Wyden (@RonWyden) July 16, 2020
Dorsey has been a victim of account hijacking. In September 2019, his Twitter account was taken over for a short period and used to send out racist messages (see: Hey Jack, How Was Your Account Hacked?).