Twitter’s worst-ever cyber breach has serious implications

Twitter-verse was rocked by a major cybersecurity incident which saw accounts of major global politicians, tech billionaires, and many others hacked in a major bitcoin scam. Even as these accounts are back to normal, the damage has been done. The incident, however, has far more serious implications.

According to a report, hackers grabbed over $100,000 in the first hours of the attack. The figures could be higher. For now, the cyber-attack did cause a financial loss, but things could have been murkier.

Let us look at some of the people whose accounts were hacked. US presidential front-runner Joe Biden, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk, and so on. These verified handles had millions of followers and a reach that is not just limited to the US.

Twitter-verse is known for provocative tweets from some users including the likes of Donald Trump and Elon Musk. What if hackers chose to use the hack to simulate a new political tussle. A damage control thereafter could be more difficult than you can imagine.

“Twitter is a Silicon Valley-based, digitally native company with its average employees being hands-on with technology, and even then it gets targeted by such an attack only shows how vulnerable companies around the world can be. People/Employees are generally the entry point for most cyberattacks and once a hacker gets access to the systems, they try to move laterally exploiting vulnerabilities of systems,” Saket Modi, Co-founder & CEO, Lucideus told Hindustan Times.

“Therefore, looking at technology holistically and objectively across people, process, and technology in real-time is the need of the hour. It's time when organizations have employee wise risk profiles, monitoring their behaviour, awareness, and threat profile of the devices they have access to,” he added.

Twitter's panic

Jack Dorsey says it was a “tough day” at his office. The timeline of events shows it was more than tough. Soon after accounts were hacked and malicious tweets were sent out, Twitter's first reaction was to silence all the verified accounts.

A Reuters report reveals that these hackers may have gained to Twitter's internal infrastructure. “It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” Michael Borohovski, director of software engineering at security company Synopsys, told Reuters.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he added.

Explanation and ownership

As Casey Newton writes in The Verge, Twitter had it coming. His report points out scamsters have long targeted Elon Musk's tweets to conduct a bitcoin scam. And these go back to as old as 2018. The hackers have time and again used Musk's name and likeness to ask for Bitcoin.

“These kinds of scams have happened in the past. But never at this scale. It was a well-coordinated attack where multiple accounts got hacked at the same time, with the same tweets directing users to the same scam site. Unfortunately, more than 373 users fell for the scam, losing a total of 89 lakh rupees before the Tweets were removed by the Twitter authority. The hacker had complete access to Twitter. He could post anything from any of the official accounts. But he chose to seek Bitcoins through false promises. People should be more careful. There is no easy money, and most Crypto giveaways that ask for contributions are scams. We hope this brings awareness, and Twitter users do not fall for these kinds of scams again," Arjun Vijay, Co-Founder and COO of Giottus Cryptocurrency Exchange said.

Already, the US is headed for a presidential election. Social media, just like the last time, is going to play a big role. Twitter's inability to keep this attack at bay does not give any assurance.

Could this be Twitter's Cambridge Analytica-moment? Facebook had to make a barrage of changes to the platform to prevent its platform from getting misused for social networking platform. Are we looking at a new series of lawsuits and trials? We shall find out soon.