Experts Concerned Over Twitter’s Ability to Tweet on Behalf of Users

Published at: July 21, 2020

Cybersecurity experts are warning that the Twitter hack on July 15 shows that the social network needs to strengthen its security in order to avoid a worse black swan scenario with serious consequences.

In the most recent incident, attackers launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims.

The attack could have been worse

Ilya Sachkov, CEO of threat intelligence firm Group-IB, believes the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.” He told Cointelegraph:  

“This could have ended far worse, affecting the stock market heavily or even resulting in a geopolitical catastrophe. This is the least they could have done with the God-mode access they had.”

James Carder, chief security officer and vice president of LogRhytm Labs, said that amid international efforts to contain the coronavirus outbreak, hackers are “quickly taking advantage and exploiting the uncertainty of this time” for their financial gain.

Carder said that experts need to evaluate how the attack was possible and pointed out the need to strengthen social media platforms in terms of privacy:

“This hack also brings into concern why — in the first place — Twitter granted its employees with the functionality to tweet on behalf of their customers. It is clear that social media organizations need the ability to manage accounts, and particularly the ability to take down offensive or inappropriate content, the employees should not have access to post an entirely unique Tweet on a user’s behalf. This points to a likely case of too much functionality available in the platform and not enough robust controls.”

Risk of another incident is still high 

Brett Callow, threat analyst at malware lab Emsisoft, said that the subsequent security efforts taken by Twitter likely aren't enough to preclude the possibility of another such incident in the future.

“While Twitter will no doubt work to improve its security, the fact is that there is no completely sure-fire way to prevent account take-overs and similar incidents will almost certainly happen again, though hopefully not on this scale,” he said.

As Cointelegraph previously reported, the hackers who conducted the massive Twitter hijacking do not appear to be sophisticated Bitcoin users, as they left trails leading to and from major exchanges that presumably hold the keys to their identities.

Tags
Related Posts
Dorsey & Co Were Aware of Security Issues With Twitter Users Since 2015
Numerous unnecessary employees at Twitter allegedly have the ability to reset users’ accounts and modify their security settings. This is a problem that Jack Dorsey, chief executive officer, and the company’s board were warned about all the way back in 2015. According to Bloomberg, Twitter has over 1,500 workers with the abilities to reset accounts and review user breaches. This led to speculation that the hack on July 15 could have been prevented if timelier actions were taken. Security concerns addressed The report clarified that such credentials gave limited access to most of the workers involved in the social network’s …
Bitcoin / July 28, 2020
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Defending Bitcoin’s Integrity in the Great Twitter Hack
Bitcoin (BTC) has made global headlines again because of the recent Twitter hack, but this time, we need to work harder to protect Bitcoin’s integrity and the progress the industry has made. The coordinated social engineering attack compromised the Twitter accounts of high-profile figures and organizations like Microsoft co-founder Bill Gates, Tesla founder Elon Musk, Amazon owner Jeff Bezos, former United States President Barack Obama and 2020 U.S. presidential candidate Joe Biden, among many others, to ask for Bitcoin in fake “giveaway” posts. When the story broke, the New York Times, BBC and other mainstream media outlets were quick to …
Decentralization / July 22, 2020
Twitter Hackers Caught Using BitPay and Coinbase on Hack-Related Wallet
The Twitter hackers who compromised more than a dozen celebrity accounts on Wednesday appear to be consolidating their funds to an address that had earlier sent money to BitPay and Coinbase. According to research from Whitestream, a blockchain analytics company, three transactions originating from the “1Ai5” address lead to wallets associated with Coinbase and BitPay, both of which provide merchant solutions. The legacy address was the first to be offered by the hackers, who later switched to a Bech32 address when targeting non-crypto accounts. However, the original address is now the consolidation point of all the proceeds gotten through the …
Technology / July 16, 2020
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022