- Hackers break into famous Twitter accounts, scamming people of over USD 100,000
- Commentators and experts say the Bitcoin link could obscure the real shortcomings: a lack of personal finance education and data security with centralized databases
The sweeping news of the week is probably going to be yesterday’s incredible Twitter hack, that splashed as major headlines across several notable media outlets, including the BBC, who called the event a “Bitcoin scam” that affected many notable global personalities including Barack Obama, Joe Biden, and billionaires Elon Musk, Bill Gates and Jeff Bezos.
Hackers had apparently gained control of Twitter and used the accounts of famous people to Tweet out, soliciting Bitcoin from their millions of followers, promising to send back double the amount of Bitcoin that was sent. The Tweets, now deleted, were deceivingly simple. The account belonging to Bill Gates, for example, simply Tweeted:
“Everyone is asking me to give back. You send $1,000, I send you back $2,000.”
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
So far, Twitter has blamed a “coordinated social engineering” attack targeting its employees “with access to internal systems and tools”. They announced, in a series of Tweets:
“We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
Compromised accounts were frozen after the discovery of these hacks and so far look to have been restored to their rightful owners.
Doubler scams are of course pretty common online, and have been around at least as long as digital money. A search online shows all kinds of doubler scams, promising to send back twice as much money as people can send. Bitcoin is not the only form of payment, as others like PayPal and even Western Union show up on search, though the “Bitcoin doubler” scam is probably among the most popular now, as can be the usual trend seen with new technologies that are poorly understood by people.
But the analysts and commentators talking about the whole incident are questioning if it really is a problem of Bitcoin being poorly understood here, or if in fact the fault lies with Twitter, who, like most other social media platforms used throughout the world, have a centralized database that exposes stored data to hacking attempts.
Twitter CEO Jack Dorsey, a known public supporter of Bitcoin and other decentralized technology, threw his hands up online, saying: “Tough day for us at Twitter. We all feel terrible this happened.”
Bitcoin proponents, and certainly those of blockchain projects, often cite decentralized technology as a solution to this centralized security problem. In the case of Bitcoin, successful hacking attempts are virtually impossible to perform today, as there is no particular entity in the world with enough money or computing resources to compete with the millions of computers contributing powerful computations to secure the Bitcoin network. In theory, a hack — called a 51% attack, because it would require the attacker to have a majority of the computer power to successfull pull it off — is still possible but the “good actors” in the network could easily reverse or branch off to what they deem is the correct blockchain, thus rendering the hacked blockchain useless anyway. This is the main reason why it simply is financially futile to even attempt to hack Bitcoin.
With Google, Yahoo, and now Twitter found to be wanting in security, blockchain activists will certainly push their agenda even more. The verdict, although early, is already damning from many quarters. In one Reuters report, cybersecurity firm Crowdstrike co-founder Dmitri Alperovitch remarked: “This appears to be the worst hack of a major social media platform yet.”
Others are saying not to lose sight of the real problem: it’s not Twitter security, nor Bitcoin scams, but the seeming lack of awareness or education about personal finance. Even before the hack, doubler scams continue to reap money form unsuspecting victims believing they have found an easy way to make money.
In the UK, the National Cyber Security Centre contacted the tech giant, and have issued a statement assuring people that the attacks seem to be on the company and not on people but asked users to “treat requests for money or sensitive information on social media with extreme caution.”
But at least one academic and cybersecurity expert says it is about data security, warning that a more sinister attack could have had graver consequences. Dr Alexi Drew of King’s College London said:
“If you were to have this kind of incident take place in the middle of a crisis, where Twitter was being used to either communicate de-escalatory language or critical information to the public, and suddenly it’s putting out the wrong messages from several verified status accounts – that could be seriously destabilising.”
So far, some USD 100,000 has been successfully received by the hackers from victims of this Twitter hack. A mysterious message on an Instagram account the BBC believes to belong to the hackers simply reads:
“It was a charity attack. Your money will find its way to the right place.”
Image Courtesy: Pixabay