Twitter (TWTR) accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, among other prominent handles, were compromised on Wednesday and posted tweets that appeared to promote a cryptocurrency scam.
The accounts, along with those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg, posted similar tweets soliciting donations via Bitcoin to their verified profiles on Wednesday.
“Everyone is asking me to give back, and now is the time,”
Gates’ tweet said, promising to double all payments to a Bitcoin address for the next 30 minutes.
In a tweet on Wednesday, Twitter’s support account said:
“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
A little more than an hour after the attack began, Twitter apparently moved to prevent holders of verified accounts from tweeting.
A CNN test showed non-verified accounts could still tweet. “You may be unable to Tweet or reset your password while we review and address this incident,” Twitter’s support account said.
Instagram message
The BBC can report from a security source that a web address - cryptoforhealth.com - to which some hacked tweets directed users was registered by a cyber-attacker using the email address mkeyworth5@gmail.com.
The name "Anthony Elias" was used to register the website, but may be a pseudonym - it appears to be a play on "an alias".
Cryptoforhealth is also a registered user name on Instagram, apparently set up contemporaneously to the hack.
The description of the profile read "It was us", alongside a slightly smiling face emoticon.
The Instagram profile also posted a message that said: "It was a charity attack. Your money will find its way to the right place."
In any case, the real identities of the perpetrators are as yet unknown.
An unprecedented 'smash and grab'
These "double your Bitcoin" scams have been a persistent pest on Twitter for years but this is unprecedented with the actual accounts of public figures hijacked and on a large scale.
The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter's platform itself.
Early suggestions are that someone has managed to get hold of some sort of administration privileges and bypassed the passwords of pretty much any account they want.
With so much power at their fingertips the attackers could have done a lot more damage with more sophisticated tweets that could have harmed an individual or organisation's reputation.
But the motive seems to be clear - make as much money as quickly as they can. The hackers would have known that the tweets wouldn't stay up for long so this was the equivalent of a "smash and grab" operation.
There are conflicting accounts of how much money the hackers have made and even when a figure is settled upon, it's important to remember that cyber-criminals are known to add their own funds into their Bitcoin wallets to make the scam seem more legitimate.
Either way, it's going to be very hard to catch the criminals by following the money. Law enforcement, as well as many angry users, will have some strong questions for Twitter about how this could have happened.
0 Comments