Some cybersecurity analysts and information security professionals are questioning whether the attack Wednesday on prominent Twitter users’ accounts was a misdirection for other malicious action.
The full extent of the damage from the cyberattack on Twitter could be much greater than scam-posts on high-profile accounts and include stolen private data and national security secrets.
Twitter has said it fell victim to a “coordinated social engineering attack” after accounts for Joseph R. Biden, former President Barack Obama, Microsoft founder Bill Gates, and many others were accessed by unauthorized users that posted messages involving an apparent scam involving the cryptocurrency Bitcoin.
Brett Callow, threat analyst at software company Emsisoft, said the Bitcoin scam messages were “utterly bizarre” considering the attackers could have made a killing by influencing the financial markets, instigating political turmoil, or driving international tensions.
“Whether the motivation was profit or mischief, their actions do not appear to make sense,” Mr. Callow said. “This is especially true as the statements released by Twitter indicate the incident was the result of a coordinated social engineering attack on key personnel, which would have required extensive planning and research. In other words, it seems they put considerable effort into executing what is probably the most serious breach of a social network to date simply to execute a small-scale scam.”
He added, “Had the attack occurred in the immediate run-up to the election, it would have provided the perfect springboard for an unprecedented disinformation campaign that could potentially have invalidated the result.”
Twitter has struggled with insider threats in the recent past. In November 2019, an unsealed criminal complaint showed the federal government charged two former Twitter employees with accessing users’ personal data at the behest of the Saudi government.
David Evenden, former U.S. National Security Agency analyst, said the potential data privacy and national security fallout is boundless, and could affect such things as international trade agreements, active intelligence operations, and potential exposure of command-and-control infrastructure.
“The exposure for people like senators, spies, public figures, etc. that think no one is watching and no one can sync verified to sock accounts has no ceiling,” Mr. Evenden said.
Mr. Evenden tweeted scenarios where government officials using pseudonymous, or sock, accounts could have their identities revealed by the attack, if the attackers matched IP addresses, emails, and phone numbers between accounts. Mr. Evenden also told The Washington Times he could foresee sophisticated hackers using Twitter’s application programming interface as a command-and-control channel for data exfiltration.
“Is Twitter more exposed and does it have a higher probability of being attacked again and again because of the treasure trove of data it has? Yes,” Mr. Evenden said.
The 2020 cyberattack is not Twitter’s first major setback in protecting users’ information. According to an FTC press release from 2010, Twitter agreed to settle U.S. Federal Trade Commission charges that, “serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter… and the ability to send out phony tweets from any account including those belonging to then-President-elect Barack Obama and Fox News, among others.”
Twitter is likely to undergo new congressional scrutiny in the coming weeks. Sen. Josh Hawley, Missouri Republican, and Rep. James Comer, a top Republican on the House Oversight and Reform Committee, have each written to Twitter CEO Jack Dorsey for more details on the cyberattack.
On Wednesday, Twitter said it was taking additional steps to limit access to internal systems and tools while it investigates the breach.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.