Twitter logo. (AP Photo/Jeff Chiu)

Twitter racing to unravel mystery cyberattack

Some of the world’s most prominent names had their Twitter accounts post invitations for an apparent Bitcoin scam

As Twitter Inc. grapples with the worst security breach in its 14-year history, it must now uncover whether its employees were victims of sophisticated phishing schemes or if they deliberately allowed hackers to access high-profile accounts.

On Wednesday, some of the world’s most prominent names, including former president Barack Obama and Democratic candidate and his former vice president Joe Biden, along with Bill Gates, Elon Musk and Warren Buffett, had their Twitter accounts post invitations for an apparent Bitcoin scam. Twitter reacted by blocking further posts from all verified accounts on the service and said it had detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

The company’s explanation has ignited speculation over the identity of the perpetrators and what they were actually targeting in the attack. The scale of the endeavor and its timing —months before the November U.S. elections —have given rise among cybersecurity experts to theories that the attack masked a more nefarious campaign to seize sensitive data.

In its investigation of the incident, Twitter will now likely focus on employee logs, email and phone records. At question will be any failures in authentication processes that might have allowed hackers to hijack verified accounts, and also what other information, such as direct messages, might have been compromised in the breach. The Bitcoin wallets promoted in the tweets collected around $120,000 in cryptocurrency.

Twitter shares were down about 6% in pre-market trading on Thursday.

A social engineering attack means “leveraging the human element of security” and there are many different ways to do that, said Rachel Tobac, Chief Executive Officer of San Francisco-based SocialProof Security.

“I can phish someone who has administrative access and try and gain access to their credentials and log into their account,” she said, or the less technical method would be to develop “a relationship with someone who works on those panels and convincing them to do your bidding for you.”

Security awareness at companies like Twitter would be mandatory, but ultimately it’s hard to track insider attacks when it’s the employees rather than the technology who fall under the microscope, Tobac said.

“It used to be the Nigerian prince letter with a bunch of spelling mistakes, and now it’s something that almost looks legitimate, but it always starts with a person,” said Frances Dewing, the CEO of cybersecurity firm Rubica Inc., based in Seattle.

“There’s a playbook for doing this, there are cybercriminal organizations that make millions of dollars. It’s the fastest growing business in the world,” she said.

And there is no accounting for disaffected workers, as Twitter learned in 2017 when an employee deactivated President Donald Trump’s account before it was quickly restored.

Identifying potential Twitter employees to target wouldn’t be difficult for the hackers, given the way most smartphone apps hungrily vacuum up location and other contextual data from users —data which is often then sold on to marketing companies. Anyone frequenting the same coffee shops and businesses or entering and leaving a workplace at particular hours can give away clues about themselves.

Cybersecurity experts can only speculate until Twitter itself reveals what happened and where the failures occurred, but even this kind of show of force —a demonstration by hackers to earn credibility or gain infamy —isn’t convincing them that a Bitcoin scam was all there was to the operation.

With U.S. elections looming, the cyber landscape is ripe for a major attack. Stas Protassov, co-founder and president of global technology firm Acronis said the attack was “too prepared to be just a cryptocurrency scam.”

“We don’t believe that’s all the hackers went into once they got access,” he said in an email. “The attack is too big and too noisy and likely covering a bigger play. We’ve yet to see the full impact of what this was about.”

Tobac also raised the possibility that the attack could have been a distraction while hackers harvested private direct messages and any other confidential data to be able to deploy at a more critical time. So while the initial disruption to Twitter’s service appears to have been patched over and the company is gradually restoring normal operation, the lingering effects of this breach might have much wider effects than Wednesday’s spectacle.

“Maybe they were doing something insidious and this was just a cover up,” she said. “There’s no way for us to know, we can just speculate.”

Whatever happened, Twitter must be completely candid about the cause of attack once it’s established, Tobac said. “This was such a public meltdown that if they’re not completely transparent it would damage their brand further.”

Jamie Tarabay, Bloomberg News

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

social media

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

The students in the Timberline Musical Theatre program rehearse this year’s production, Once Upon a Mattress, three days per week after school in preparation for next month’s virtual performances. Photo by Mike Davies/Campbell River Mirror
Timberline’s popular musical goes online for 2021

Once Upon a Mattress will be streamed right to your living room thanks to school’s AV department

A health-care worker prepares a dose of the Pfizer-BioNTech COVID-19 vaccine at a UHN COVID-19 vaccine clinic January 7, 2021. THE CANADIAN PRESS/Nathan Denette
Employers might be able to require COVID-19 vaccination from employees: B.C. lawyer

‘An employer must make the case’ using expert science, explains lawyer David Mardiros

An Atlantic salmon is seen during a Department of Fisheries and Oceans fish health audit at the Okisollo fish farm near Campbell River, B.C. in 2018. The First Nations Leadership Council says an attempt by industry to overturn the phasing out of salmon farms in the Discovery Islands in contrary to their inherent Title and Rights. (THE CANADIAN PRESS /Jonathan Hayward photo)
First Nations Leadership Council denounces attempt to overturn salmon farm ban

B.C.’s producers filed for a judicial review of the Discovery Islands decision Jan. 18

A fire broke out near the Willow Point Bottle Depot early on Jan. 22. Photo courtesy Ashley Laycock
Two injured in early-morning fire in Campbell River

Sailboat fire also attended by Campbell River fire crews

Terrance Josephson of the Princeton Posse, at left, and Tyson Conroy of the Summerland Steam clash during a Junior B hockey game at the Summerland Arena in the early spring of 2020. (John Arendt - Summerland Review)
QUIZ: How much do you know about hockey?

Test your knowledge of Canada’s national winter sport

Is it time to start thinking about greener ways to package cannabis?

Packaging suppliers are still figuring eco-friendly and affordable packaging options that fit the mandates of Cannabis Regulations

A woman injects herself with crack cocaine at a supervised consumption site Friday, Jan. 22, 2021 in Ottawa. THE CANADIAN PRESS/Adrian Wyld
Drug users at greater risk of dying as services scale back in second wave of COVID-19

It pins the blame largely on a lack of supports, a corrupted drug supply

Wet’suwet’en supporters and Coastal GasLink opponents continue to protest outside the B.C. Legislature in Victoria, B.C., on Thursday, February 27, 2020. THE CANADIAN PRESS/Chad Hipolito
‘We’re still in it’: Wet’suwet’en push forward on rights recognition

The 670-km Coastal GasLink pipeline was approved by B.C. and 20 elected First Nations councils on its path

The sky above Mt. Benson in Nanaimo is illuminated by flares as search and rescuers help an injured hiker down the mountain to a waiting ambulance. (Photo courtesy Nanaimo Search and Rescue)
Search plane lights up Nanaimo mountain with flares during icy rope rescue

Rescuers got injured hiker down Mt. Benson to a waiting ambulance Saturday night

Jennifer Cochrane, a Public Health Nurse with Prairie Mountain Health in Virden, administers the COVID-19 vaccine to Robert Farquhar with Westman Regional Laboratory, during the first day of immunizations at the Brandon COVID-19 vaccination supersite in Brandon, Man., on Monday, January 18, 2021. THE CANADIAN PRESS/Tim Smith - POOL
Top doctor urges Canadians to keep up with COVID measures, even as vaccines roll out

More than 776,606 vaccines have been administered so far

From the left: Midway RCMP Csts. Jonathan Stermscheg and Chris Hansen, Public Servant Leanne Mclaren and Cpl. Phil Peters. Pictured in the front are Mclaren’s dog, Lincoln and Peters’ dog, Angel. Photo courtesy of BC RCMP
B.C. Mounties commended for bringing firewood to elderly woman

Cpl. Phil Peters said he and detachment members acted after the woman’s husband went to hospital

Dr. Jerome Leis and Dr. Lynfa Stroud are pictured at Sunnybrook Hospital in Toronto on Thursday, January 21, 2021.THE CANADIAN PRESS/Frank Gunn
‘It wasn’t called COVID at the time:’ One year since Canada’s first COVID-19 case

The 56-year-old man was admitted to Toronto’s Sunnybrook Health Sciences Centre

An Uber driver’s vehicle is seen after the company launched service, in Vancouver, Friday, Jan. 24, 2020. Several taxi companies have lost a court bid to run Uber and Lyft off the road in British Columbia. THE CANADIAN PRESS/Darryl Dyck
Taxi companies lose court bid to quash Uber, Lyft approvals in British Columbia

Uber said in a statement that the ruling of the justice is clear and speaks for itself

Most Read