Famous US Twitter users hit by brazen online attack

Hackers take over accounts of Biden, Obama and Gates, among others, to run bitcoin scam

WASHINGTON • It was about 4pm on Wednesday in the East Coast when chaos struck online.

Dozens of the biggest names in the United States - including presidential candidate Joe Biden, former president Barack Obama, rapper Kanye West, Microsoft founder Bill Gates and entrepreneur Elon Musk - posted similar messages on Twitter: Send bitcoins and the famous people would send back double your money.

It was all a scam, of course, the result of one of the most brazen online attacks in memory.

Twitter quickly removed many of the messages, but in some cases similar tweets were sent again from the same accounts, suggesting that Twitter was powerless to regain control.

The firm eventually disabled broad swathes of its service, including the ability of verified users to tweet, for a couple of hours as it scrambled to prevent the scam from spreading further. Service was restored around 8.30pm on Wednesday.

Twitter's investigation into the breach revealed that several employees who had access to internal systems had their accounts compromised in a "coordinated social engineering attack", a spokesman said, referring to attacks that trick people into giving up their credentials.

The attackers then used Twitter's internal systems to tweet from high-profile accounts.

Twitter chief executive Jack Dorsey said in a post on Wednesday night that it was a "tough day for us at Twitter".

"We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

The hackers did not use their access to take aim at any important institutions or infrastructure - instead just asking for bitcoins.

But the attack was concerning to security experts because it suggested that the hackers could have easily caused much more havoc.

Officials noted that the breach did not affect the account of one of the most watched and powerful Twitter users: President Donald Trump.

His account is under a special kind of lock and key after past incidents.

Security experts said the wide-ranging attacks hinted that the problem was caused by a security flaw in Twitter's service, not by lax security measures used by the people who were targeted.

Mr Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer of Facebook, said that there was a range of other theories, but all of them suggested that the attackers got inside Twitter's system rather than stealing the passwords of individual users.

One American official called that a "scary possibility" in a world where national leaders, sometimes imitating Mr Trump's techniques, have adopted Twitter as a primary source of unfiltered communications.

Mr Stamos said: "It could have been much worse. We got lucky that this is what they decided to do with their power."

The hacker or hackers made some rookie errors.

Mr Stamos said that because the attackers had sent identical messages from the compromised accounts, they were easy to detect and delete.

The decision to ask for money through bitcoin, he added, showed that the attackers were most likely unable or unwilling to launder money or use their access for a more sophisticated scam.

Scams in which hackers pose as public figures on Twitter, and promise to match or even triple any funds sent to their bitcoin wallets, are not new but this is the first time that real accounts of public figures were used.

By Wednesday evening, the bitcoin wallets promoted in the tweets had received over 300 transactions and held bitcoins worth over US$100,000 (S$139,000), according to websites that track bitcoin's public ledger of transactions, which is known as the blockchain.

Twitter initially handled the attacks by taking down the offending tweets.

A spokesman for the Biden campaign said that Twitter had removed the tweet promoting the scam and locked down Mr Biden's account.

But the hackers kept control of many of the accounts, such as those of Mr Musk and Mr West, and sent out new messages as soon as the old ones were taken down.

Cyber-security experts said that the attack showed how vulnerable social media remains to attacks.

"This demonstrates a real risk for the elections," Mr Stamos said.

"Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities."

NYTIMES

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on July 17, 2020, with the headline Famous US Twitter users hit by brazen online attack. Subscribe