Twitter logo. (AP Photo/Jeff Chiu)

Twitter logo. (AP Photo/Jeff Chiu)

Twitter racing to unravel mystery cyberattack

Some of the world’s most prominent names had their Twitter accounts post invitations for an apparent Bitcoin scam

As Twitter Inc. grapples with the worst security breach in its 14-year history, it must now uncover whether its employees were victims of sophisticated phishing schemes or if they deliberately allowed hackers to access high-profile accounts.

On Wednesday, some of the world’s most prominent names, including former president Barack Obama and Democratic candidate and his former vice president Joe Biden, along with Bill Gates, Elon Musk and Warren Buffett, had their Twitter accounts post invitations for an apparent Bitcoin scam. Twitter reacted by blocking further posts from all verified accounts on the service and said it had detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

The company’s explanation has ignited speculation over the identity of the perpetrators and what they were actually targeting in the attack. The scale of the endeavor and its timing —months before the November U.S. elections —have given rise among cybersecurity experts to theories that the attack masked a more nefarious campaign to seize sensitive data.

In its investigation of the incident, Twitter will now likely focus on employee logs, email and phone records. At question will be any failures in authentication processes that might have allowed hackers to hijack verified accounts, and also what other information, such as direct messages, might have been compromised in the breach. The Bitcoin wallets promoted in the tweets collected around $120,000 in cryptocurrency.

Twitter shares were down about 6% in pre-market trading on Thursday.

A social engineering attack means “leveraging the human element of security” and there are many different ways to do that, said Rachel Tobac, Chief Executive Officer of San Francisco-based SocialProof Security.

“I can phish someone who has administrative access and try and gain access to their credentials and log into their account,” she said, or the less technical method would be to develop “a relationship with someone who works on those panels and convincing them to do your bidding for you.”

Security awareness at companies like Twitter would be mandatory, but ultimately it’s hard to track insider attacks when it’s the employees rather than the technology who fall under the microscope, Tobac said.

“It used to be the Nigerian prince letter with a bunch of spelling mistakes, and now it’s something that almost looks legitimate, but it always starts with a person,” said Frances Dewing, the CEO of cybersecurity firm Rubica Inc., based in Seattle.

“There’s a playbook for doing this, there are cybercriminal organizations that make millions of dollars. It’s the fastest growing business in the world,” she said.

And there is no accounting for disaffected workers, as Twitter learned in 2017 when an employee deactivated President Donald Trump’s account before it was quickly restored.

Identifying potential Twitter employees to target wouldn’t be difficult for the hackers, given the way most smartphone apps hungrily vacuum up location and other contextual data from users —data which is often then sold on to marketing companies. Anyone frequenting the same coffee shops and businesses or entering and leaving a workplace at particular hours can give away clues about themselves.

Cybersecurity experts can only speculate until Twitter itself reveals what happened and where the failures occurred, but even this kind of show of force —a demonstration by hackers to earn credibility or gain infamy —isn’t convincing them that a Bitcoin scam was all there was to the operation.

With U.S. elections looming, the cyber landscape is ripe for a major attack. Stas Protassov, co-founder and president of global technology firm Acronis said the attack was “too prepared to be just a cryptocurrency scam.”

“We don’t believe that’s all the hackers went into once they got access,” he said in an email. “The attack is too big and too noisy and likely covering a bigger play. We’ve yet to see the full impact of what this was about.”

Tobac also raised the possibility that the attack could have been a distraction while hackers harvested private direct messages and any other confidential data to be able to deploy at a more critical time. So while the initial disruption to Twitter’s service appears to have been patched over and the company is gradually restoring normal operation, the lingering effects of this breach might have much wider effects than Wednesday’s spectacle.

“Maybe they were doing something insidious and this was just a cover up,” she said. “There’s no way for us to know, we can just speculate.”

Whatever happened, Twitter must be completely candid about the cause of attack once it’s established, Tobac said. “This was such a public meltdown that if they’re not completely transparent it would damage their brand further.”

Jamie Tarabay, Bloomberg News

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

social media

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

A BC Hydro outage is affecting nearly 4000 customers in Kitimat. The cause of the outage is under investigation. (Screenshot/BC Hydro Outage Map)
Cable fault responsible for Kitimat power outage, BC Hydro says

At its peak, the BC Hydro power outage affected near 4,000 customers

Graph showing the 2020 passenger totals at the Northwest Regional Airport in Terrace. (Submitted/Northwest Regional Airport)
New year brings an end to a turbulent 2020 at Northwest Regional Airport

Passenger totals half of what they were in 2019

Wireless voice and data services are out for those on Telus as of Thursday (Jan. 14) afternoon across Western Canada, Telus Support said in a recent Tweet. (Black Press file photo)
UPDATE: Telus services restored across Western Canada

Telus said they are monitoring the situation to ensure connections remain stable

The leisure pool at the Sam Lindsay Aquatic Centre will be open Thursday and closed Friday for maintenance, the DoK said in an updated Facebook post Thursday (Jan. 14). (Kitimat Leisure Services photo)
UPDATE: Leisure pool at Sam Lindsay Aquatic Centre open Thursday, closed Friday

The leisure pool will be closed Friday (Jan. 15) for maintenance due to a mechanical issue

A woman wears a face mask and shield to curb the spread of COVID-19 while walking in North Vancouver, B.C., on Wednesday, January 6, 2020. THE CANADIAN PRESS/Darryl Dyck
536 COVID cases, 7 deaths reported as B.C. finds its first case of South African variant

Henry said 69,746 people have received their first dose of the COVID vaccine.

Harvest Meats is recalling a brand of Polish sausages, shown in a handout photo, due to undercooking that may make them unsafe to eat. The Canadian Food Inspection Agency says the recall affects customers in Alberta, British Columbia, Manitoba, Northwest Territories, Ontario and Saskatchewan. THE CANADIAN PRESS/HO-Canadian Food Inspection Agency Mandatory Credit
Harvest Meats recalls sausages over undercooking

Customers are advised to throw away or return the product

Seasonal influenza vaccine is administered starting each fall in B.C. and around the world. (Langley Advance Times)
After 30,000 tests, influenza nowhere to be found in B.C.

COVID-19 precautions have eliminated seasonal infection

Martin Luther King Jr. addresses the crowd during the march on Washington, D.C., in August of 1963. Courtesy photo
Government announces creation of B.C.’s first anti-racism act on Black Shirt Day

B.C. Ministers say education “a powerful tool” in the fight for equity and equality

Jobs Minister Ravi Kahlon shared a handwritten note his son received on Jan. 13, 2021. (Ravi Kahlon/Twitter)
Proud dad moment: B.C. minister’s son, 10, receives handwritten note for act of kindness

North Delta MLA took to Twitter to share a letter his son received from a new kid at school

Black Press media file
Port McNeill driver tells police he thought the pandemic meant no breathalyzers

Suspect facing criminal charges after breathalyzer readings in excess of 3.5 times the legal limit

Forestry companies in B.C. agree to abide by the cedar protocols based on traditional laws of the First Nation members of the Nanwakolas Council. (Photo courtesy, Nanwakolas Council)
Landmark deal sees B.C. forest firms treat big cedars like a First Nation would

Western Forest Products, Interfor among companies to adapt declaration drafted by Nanwakolas Council

A northern resident killer whale shows injuries sustained by a collision with a vessel in B.C. waters. (Photo supplied by Ocean Wise Conservation Association)
Coast Guard ramps up protections for B.C. whales

First-ever Marine Mammal Desk will enhance cetacean reporting and enforcement

Two toucans sit on tree at an unidentified zoo. (Pixabay.com)
BC SPCA calls for ban on exotic animal trade after 50 parrots, toucans pass through YVR

One toucan was found dead and several others were without food

Most Read