The Twitter hack, and why we need a better class of criminal

The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination

This week, the tech world was rocked by a hack that saw multiple prominent Twitter accounts hijacked and used to spread a coordinated message. Accounts belonging to the likes of Bill Gates, Elon Musk and even Barack Obama were taken over, and the impact was so severe that Twitter was forced to ban all verified users (me included) from tweeting until they sorted everything out. 

While I’m sure that being unable to tweet would be classed as cruel and unusual punishment by some of my fellow journalists, it’s no surprise that Twitter clamped down as hard as it did: This constitutes a major breach and has come at a time when Twitter is a more powerful communications tool than possibly anything else on the planet. The platform has been used to announce global foreign policy, crash stock prices and even fuel revolutions. 

So what did the attackers do with near-unfettered access to the virtual mouthpieces of the world’s most influential people? They tried to flog a Bitcoin scam.

The sheer lack of creativity is almost mind-boggling; here is a group that found itself with the power to rewrite economies or start wars at a stroke, and used it to try and fleece people for cryptocurrency.

What’s worse is it wasn’t even a good scam. If you’ve spent any length of time on Twitter, you’ll almost certainly have seen similar efforts floating around, often from dummy accounts made to look like those of celebrities. The fact that this one came from genuine accounts evidently lent it enough credibility to trick users out of more than $120,000 in bitcoin, but it was hardly sophisticated. 

The possibilities of such an opportunity are almost limitless; leaving aside the potential for political manipulation (say, by endorsing a particular viewpoint or political candidate), a coordinated ‘pump and dump’ scheme would have been child’s play to execute, and would have made the perpetrators a hell of a lot more money than $120,000. All they would have needed to do is invest in a cheap stock, tweet out endorsements of said stock from accounts like Jeff Bezos, Kanye West and Joe Biden, and then cash out once the stock inevitably skyrocketed. 

Related Resource

How malware and bots steal your data

Protect your organisation with a layered defence

Download now

Even if they did want to rely on untraceable cryptocurrencies as their payment method, their offer to double any cryptocurrency sent to the target address was transparently bogus, whereas framing it as a promise to double any crypto-based donations to the COVID-19 relief effort, for example, would have been much more plausible coming from high-profile political and business leaders.

Of course, as we discussed on this week’s episode of the IT Pro Podcast, the crypto scam may have merely been a smokescreen, and the DM records of victims may well have yielded a veritable treasure trove of information that could be used to compromise other accounts or to carry out blackmail in the future. 

The most interesting omission was that of the Tweeter-In-Chief, US president Donald Trump. He would have been a goldmine for this type of scam, but was omitted from the list of victims. The logical explanation is that Twitter has ring-fenced his account, with only a handful of employees permitted to access or modify it – a rule that was presumably enacted after a departing employee deactivated Trump’s account in 2017.

Amidst all this, I’m reminded of simpler times, when hackers would use their skills not simply to siphon money from the gullible but to advance genuinely-held ideals, or even simply to amuse themselves with mischief. The advent of cyber crime as a legitimate large-scale revenue stream may have put paid to the days of hackers as harmless tricksters, but at the very least, it would be nice to feel like they’re at least putting some effort in. 

Indeed, reports on this latest incident indicate that the perpetrators may simply have paid off a Twitter employee to give them access to internal tools, and between that and the growing trend of ransomware as a service, it seems that even cyber thieves are now outsourcing their work. Hackers may be criminals, but if they’re going to steal from us, is it too much to ask that they at least take a little pride in their work?

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Twitter sells mobile ad unit for triple its original value
Acquisition

Twitter sells mobile ad unit for triple its original value

7 Oct 2021
Twitter, LinkedIn reverse course due to climbing COVID cases
remote access

Twitter, LinkedIn reverse course due to climbing COVID cases

29 Jul 2021
Social media companies vow to reduce abuse of women online
Security

Social media companies vow to reduce abuse of women online

1 Jul 2021
Four in ten Americans would rather give up a pet than social media
social media

Four in ten Americans would rather give up a pet than social media

21 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021