Beijing time on July 16 thin-afternoon news, according tomedia reports, Bitcoin fraudsters will not be the last to steal certified accounts – we should be vigilant, because there will be others to steal our accounts. Everything was to be expected. The July 15, 2020 hack was the worst security breach in Twitter’s history. Whatever the company ends up telling the story, it must be admitted that the crisis began to brewing years ago.
Since the spring of 2018, fraudsters have been impersonating Elon Musk, a well-known cryptocurrency enthusiast. Using Musk’s avatar, they chose a similar username, and then issued an effective invitation that seemed like a pie in the sky: lend him some cryptocurrencies, and he’ll pay you back more. Sometimes, fraudsters reply to an already connected and certified account (such as Musk’s SpaceX) to make the fake account look more authentic. Scammers also spread fake tweets through botnets, also to increase authenticity.
The events of 2018 show us three things. First, there will always be people being tricked, and every time someone is tricked, it is enough to inspire further fraud; second, Twitter’s slow handling of this threat is far less than the company’s promise to take these issues seriously in the early hours of the day; and third, the needs of fraudsters and Twitter’s initial counter-measures form a cat-and-mouse game that encourages the outlaws to take more aggressive action to create destruction.
Then there was the biggest attack of the day. Nick Statt reports:
“The Twitter accounts of large companies and individuals have recently been the biggest hacking attack son-in-the-air attack on the platform. All the attacks were aimed at promoting the Bitcoin scam, and the originators seemed to have made a small profit from it. We don’t know how the attack happened or how much damage Twitter’s own system was. The hack appears to have stopped, but the authentication account has been posting new scam tweets since 4 p.m. Eastern time and has been going on for more than two hours. After more than an hour of silence, Twitter finally admitted the hacking time, writing on the company’s user support account at 5:45 am Est. We are investigating and are actively taking steps to respond to the attack. We will provide you with the latest information as soon as possible. ‘”
The verified accounts of technology companies including former presidents Barack Obama, Joe Biden, Amazon CEO Jeff Bezos, Bill Gates and pop singer Kanye West, as well as technology companies such as Apple and Uber, have been hacked.
But they are all later things. Who was the first celebrity account to be attacked? Elon Musk, no doubt.
In the hours before the hack, people who had been tricked had sent more than $118,000 to the hackers. In addition, hackers may have access to a large number of personal direct messages. More disturbingly, the speed and scale of the hacking, as well as deeper national security concerns.
Of course, the most important and prominent question is who was behind the attack and how did they do it? At the time of writing, we had no answers. Screenshots shared between members of the underground hacking community show someone having access to tools used inside Twitter to manage accounts, according to security reporter Joseph Cox. Cox writes:
Two sources of the underground hacking community provided the media with a screenshot of an internal control panel allegedly used by Twitter employees to manage user accounts. Twitter’s control panel is also used to change ownership of some so-called OG accounts, a source said. Twitter has removed the screenshots from the control panels and suspended the user accounts that posted them, saying the content violated community rules. “
Continuing speculation may seem irresponsible, but Cox’s report at least suggests that this is not a simple and ordinary hacking incident. One possibility is that the hackers broke into Twitter’s internal tools; Cox also raised the possibility that Twitter employees, including insiders, were involved in the attack – and if that were the case, Twitter was winning twice in the year.
But in either case, Twitter’s response to the incident has caused further distress. The company’s first tweet on the matter was largely non-material, and two hours later Twitter simply said it had disabled the tweet ingress of its authenticated account or had reset their password, while the company was investigating the root cause of the attack. But even before Twitter explained, many users had been forced to find out that they couldn’t get a tweet.
Politicians, celebrities and the national news media can’t tweet but it’s going to save Twitter some public relations trouble, and while the average user is having fun, it’s up to the bigger questions to think about. Twitter, for better or worse, has always been one of the world’s most important communications systems, and many of its users are associated with emergency medical services. For example, the National Weather Service in Lincoln, Illinois, just issued a tornado warning before the authentication account was banned. Those who rely on this account to learn about tornado esperities may be unlucky.
Of course, Twitter’s ban on authentication accounts is a last resort. People probably would rather the National Weather Service couldn’t push it, or would have liked hackers to sell their accounts to criminals and then the latter to log into their accounts to post false information, such as falseclaims that the tornadoes swept through major U.S. cities. But this clumsy approach to solving the problem – banning most of the 359,000 authentication accounts from publishing information – reflects the scope of the incident.
Then you can’t help but wonder what kind of emergency measures the company would take if it wasn’t a greedy Bitcoin fraudster, but a state-level figure or a psychopath. After this incident, it is not hard to imagine that if someone took control of the accounts of a world leader and then tried to start a nuclear war, it was impossible.
At this point, senator Josh Hawley, Republican of Missouri, said in a letter to Twitter CEO Jack Dorsey that resonates. Holly says:
“I’m concerned that this incident is not just a series of planned independent hacking attacks, but also a successful attack on Twitter’s own security. As you know, your millions of users not only rely on your service to post tweets publicly, but also use your direct messaging service to communicate with each other in private. A successful attack on your system server would pose a threat to the privacy and data security of all users. “
However, Holly did not say anything comprehensive. Here, it’s not just user privacy and data security that are at risk. What’s more, twitter impersonation and fraud are likely to cause real-world unrest. To this day, we have seen this assumption happen. With less than four months to go until the 2020 election, God knows what will happen.
Over the next few days, Twitter may investigate the cause of the security incident. The company may not be able to give a completely satisfactory explanation. But it’s important that Twitter timely shares with the public what it knows about the incident – and what the company will do in the future to prevent it from happening again. (Little White)