The Twitter hack, and why we need a better class of criminal

The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination

This week, the tech world was rocked by a hack that saw multiple prominent Twitter accounts hijacked and used to spread a coordinated message. Accounts belonging to the likes of Bill Gates, Elon Musk and even Barack Obama were taken over, and the impact was so severe that Twitter was forced to ban all verified users (me included) from tweeting until they sorted everything out. 

While I’m sure that being unable to tweet would be classed as cruel and unusual punishment by some of my fellow journalists, it’s no surprise that Twitter clamped down as hard as it did: This constitutes a major breach and has come at a time when Twitter is a more powerful communications tool than possibly anything else on the planet. The platform has been used to announce global foreign policy, crash stock prices and even fuel revolutions. 

So what did the attackers do with near-unfettered access to the virtual mouthpieces of the world’s most influential people? They tried to flog a Bitcoin scam.

The sheer lack of creativity is almost mind-boggling; here is a group that found itself with the power to rewrite economies or start wars at a stroke, and used it to try and fleece people for cryptocurrency.

What’s worse is it wasn’t even a good scam. If you’ve spent any length of time on Twitter, you’ll almost certainly have seen similar efforts floating around, often from dummy accounts made to look like those of celebrities. The fact that this one came from genuine accounts evidently lent it enough credibility to trick users out of more than $120,000 in bitcoin, but it was hardly sophisticated. 

The possibilities of such an opportunity are almost limitless; leaving aside the potential for political manipulation (say, by endorsing a particular viewpoint or political candidate), a coordinated ‘pump and dump’ scheme would have been child’s play to execute, and would have made the perpetrators a hell of a lot more money than $120,000. All they would have needed to do is invest in a cheap stock, tweet out endorsements of said stock from accounts like Jeff Bezos, Kanye West and Joe Biden, and then cash out once the stock inevitably skyrocketed. 

Related Resource

How malware and bots steal your data

Protect your organisation with a layered defence

Download now

Even if they did want to rely on untraceable cryptocurrencies as their payment method, their offer to double any cryptocurrency sent to the target address was transparently bogus, whereas framing it as a promise to double any crypto-based donations to the COVID-19 relief effort, for example, would have been much more plausible coming from high-profile political and business leaders.

Of course, as we discussed on this week’s episode of the IT Pro Podcast, the crypto scam may have merely been a smokescreen, and the DM records of victims may well have yielded a veritable treasure trove of information that could be used to compromise other accounts or to carry out blackmail in the future. 

The most interesting omission was that of the Tweeter-In-Chief, US president Donald Trump. He would have been a goldmine for this type of scam, but was omitted from the list of victims. The logical explanation is that Twitter has ring-fenced his account, with only a handful of employees permitted to access or modify it – a rule that was presumably enacted after a departing employee deactivated Trump’s account in 2017.

Amidst all this, I’m reminded of simpler times, when hackers would use their skills not simply to siphon money from the gullible but to advance genuinely-held ideals, or even simply to amuse themselves with mischief. The advent of cyber crime as a legitimate large-scale revenue stream may have put paid to the days of hackers as harmless tricksters, but at the very least, it would be nice to feel like they’re at least putting some effort in. 

Indeed, reports on this latest incident indicate that the perpetrators may simply have paid off a Twitter employee to give them access to internal tools, and between that and the growing trend of ransomware as a service, it seems that even cyber thieves are now outsourcing their work. Hackers may be criminals, but if they’re going to steal from us, is it too much to ask that they at least take a little pride in their work?

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021