The Twitter hack, and why we need a better class of criminal

The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination

This week, the tech world was rocked by a hack that saw multiple prominent Twitter accounts hijacked and used to spread a coordinated message. Accounts belonging to the likes of Bill Gates, Elon Musk and even Barack Obama were taken over, and the impact was so severe that Twitter was forced to ban all verified users (me included) from tweeting until they sorted everything out. 

While I’m sure that being unable to tweet would be classed as cruel and unusual punishment by some of my fellow journalists, it’s no surprise that Twitter clamped down as hard as it did: This constitutes a major breach and has come at a time when Twitter is a more powerful communications tool than possibly anything else on the planet. The platform has been used to announce global foreign policy, crash stock prices and even fuel revolutions. 

So what did the attackers do with near-unfettered access to the virtual mouthpieces of the world’s most influential people? They tried to flog a Bitcoin scam.

The sheer lack of creativity is almost mind-boggling; here is a group that found itself with the power to rewrite economies or start wars at a stroke, and used it to try and fleece people for cryptocurrency.

What’s worse is it wasn’t even a good scam. If you’ve spent any length of time on Twitter, you’ll almost certainly have seen similar efforts floating around, often from dummy accounts made to look like those of celebrities. The fact that this one came from genuine accounts evidently lent it enough credibility to trick users out of more than $120,000 in bitcoin, but it was hardly sophisticated. 

The possibilities of such an opportunity are almost limitless; leaving aside the potential for political manipulation (say, by endorsing a particular viewpoint or political candidate), a coordinated ‘pump and dump’ scheme would have been child’s play to execute, and would have made the perpetrators a hell of a lot more money than $120,000. All they would have needed to do is invest in a cheap stock, tweet out endorsements of said stock from accounts like Jeff Bezos, Kanye West and Joe Biden, and then cash out once the stock inevitably skyrocketed. 

Related Resource

How malware and bots steal your data

Protect your organisation with a layered defence

Download now

Even if they did want to rely on untraceable cryptocurrencies as their payment method, their offer to double any cryptocurrency sent to the target address was transparently bogus, whereas framing it as a promise to double any crypto-based donations to the COVID-19 relief effort, for example, would have been much more plausible coming from high-profile political and business leaders.

Of course, as we discussed on this week’s episode of the IT Pro Podcast, the crypto scam may have merely been a smokescreen, and the DM records of victims may well have yielded a veritable treasure trove of information that could be used to compromise other accounts or to carry out blackmail in the future. 

The most interesting omission was that of the Tweeter-In-Chief, US president Donald Trump. He would have been a goldmine for this type of scam, but was omitted from the list of victims. The logical explanation is that Twitter has ring-fenced his account, with only a handful of employees permitted to access or modify it – a rule that was presumably enacted after a departing employee deactivated Trump’s account in 2017.

Amidst all this, I’m reminded of simpler times, when hackers would use their skills not simply to siphon money from the gullible but to advance genuinely-held ideals, or even simply to amuse themselves with mischief. The advent of cyber crime as a legitimate large-scale revenue stream may have put paid to the days of hackers as harmless tricksters, but at the very least, it would be nice to feel like they’re at least putting some effort in. 

Indeed, reports on this latest incident indicate that the perpetrators may simply have paid off a Twitter employee to give them access to internal tools, and between that and the growing trend of ransomware as a service, it seems that even cyber thieves are now outsourcing their work. Hackers may be criminals, but if they’re going to steal from us, is it too much to ask that they at least take a little pride in their work?

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
Twitter hires new cyber chief after devastating breach
Security

Twitter hires new cyber chief after devastating breach

1 Oct 2020
Twitter to make AI algorithm open source to scour for biases
machine learning

Twitter to make AI algorithm open source to scour for biases

21 Sep 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
IBM and SAP expand partnership to support software on hybrid cloud
Cloud

IBM and SAP expand partnership to support software on hybrid cloud

21 Oct 2020