The Twitter hack, and why we need a better class of criminal

The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination

This week, the tech world was rocked by a hack that saw multiple prominent Twitter accounts hijacked and used to spread a coordinated message. Accounts belonging to the likes of Bill Gates, Elon Musk and even Barack Obama were taken over, and the impact was so severe that Twitter was forced to ban all verified users (me included) from tweeting until they sorted everything out. 

While I’m sure that being unable to tweet would be classed as cruel and unusual punishment by some of my fellow journalists, it’s no surprise that Twitter clamped down as hard as it did: This constitutes a major breach and has come at a time when Twitter is a more powerful communications tool than possibly anything else on the planet. The platform has been used to announce global foreign policy, crash stock prices and even fuel revolutions. 

So what did the attackers do with near-unfettered access to the virtual mouthpieces of the world’s most influential people? They tried to flog a Bitcoin scam.

The sheer lack of creativity is almost mind-boggling; here is a group that found itself with the power to rewrite economies or start wars at a stroke, and used it to try and fleece people for cryptocurrency.

What’s worse is it wasn’t even a good scam. If you’ve spent any length of time on Twitter, you’ll almost certainly have seen similar efforts floating around, often from dummy accounts made to look like those of celebrities. The fact that this one came from genuine accounts evidently lent it enough credibility to trick users out of more than $120,000 in bitcoin, but it was hardly sophisticated. 

The possibilities of such an opportunity are almost limitless; leaving aside the potential for political manipulation (say, by endorsing a particular viewpoint or political candidate), a coordinated ‘pump and dump’ scheme would have been child’s play to execute, and would have made the perpetrators a hell of a lot more money than $120,000. All they would have needed to do is invest in a cheap stock, tweet out endorsements of said stock from accounts like Jeff Bezos, Kanye West and Joe Biden, and then cash out once the stock inevitably skyrocketed. 

Related Resource

How malware and bots steal your data

Protect your organisation with a layered defence

Download now

Even if they did want to rely on untraceable cryptocurrencies as their payment method, their offer to double any cryptocurrency sent to the target address was transparently bogus, whereas framing it as a promise to double any crypto-based donations to the COVID-19 relief effort, for example, would have been much more plausible coming from high-profile political and business leaders.

Of course, as we discussed on this week’s episode of the IT Pro Podcast, the crypto scam may have merely been a smokescreen, and the DM records of victims may well have yielded a veritable treasure trove of information that could be used to compromise other accounts or to carry out blackmail in the future. 

The most interesting omission was that of the Tweeter-In-Chief, US president Donald Trump. He would have been a goldmine for this type of scam, but was omitted from the list of victims. The logical explanation is that Twitter has ring-fenced his account, with only a handful of employees permitted to access or modify it – a rule that was presumably enacted after a departing employee deactivated Trump’s account in 2017.

Amidst all this, I’m reminded of simpler times, when hackers would use their skills not simply to siphon money from the gullible but to advance genuinely-held ideals, or even simply to amuse themselves with mischief. The advent of cyber crime as a legitimate large-scale revenue stream may have put paid to the days of hackers as harmless tricksters, but at the very least, it would be nice to feel like they’re at least putting some effort in. 

Indeed, reports on this latest incident indicate that the perpetrators may simply have paid off a Twitter employee to give them access to internal tools, and between that and the growing trend of ransomware as a service, it seems that even cyber thieves are now outsourcing their work. Hackers may be criminals, but if they’re going to steal from us, is it too much to ask that they at least take a little pride in their work?

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Phishing attacks surge ahead of Black Friday and Cyber Monday
Security

Phishing attacks surge ahead of Black Friday and Cyber Monday

17 Nov 2020
Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020
What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
Tech becomes Bristol's fastest growing industry
Business strategy

Tech becomes Bristol's fastest growing industry

24 Nov 2020