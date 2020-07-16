Discover Australian Associated Press

The Twitter account of the world's richest man,.Amazon CEO Jeff Bezos, was hit by bitcoin scammers. Image by AP PHOTO

crime, law and justice

Twitter silences some accounts after hacks

By Joseph Menn, Raphael Satter and Katie Paul

July 16, 2020

2020-07-16 12:29:20

Multiple high-profile Twitter accounts have been hijacked, with some of the platform’s top voices – including US presidential candidate Joe Biden, reality TV star Kim Kardashian, former US President Barack Obama and billionaire Elon Musk, among many others – used to solicit digital currency.

Hours after the first wave of hacks on Wednesday, the cause of the breach had not yet been made public. 

In a sign of the seriousness of the problem, Twitter took the extraordinary step of preventing at least some verified accounts from publishing messages altogether.

It was not clear whether all verified users were affected but, if they were, it would have a huge impact on the platform and its users. Verified users include celebrities, journalists, and news agencies as well as governments, politicians, heads of state and emergency services.

Most of those users had their ability to tweet restored hours later, Twitter said in a statement, although it cautioned account functionality “may come and go” as it continued to work on a solution.

Chief executive Jack Dorsey says the company is diagnosing the problem and pledged to share “everything we can when we have a more complete understanding of exactly what happened”.

“Tough day for us at Twitter. We all feel terrible this happened,” he said in a tweet.

The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and co-ordination of Wednesday’s incident.

“This appears to be the worst hack of a major social media platform yet,” said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.

Congressman Frank Pallone, the chairman of the House energy and commerce committee, called on the company to account for what went wrong.

“Twitter needs to explain how all of these prominent accounts were hacked,” he said in a tweet.

Some experts said it seemed probable that hackers had access to Twitter’s internal infrastructure.

“It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” said Michael Borohovski, director of software engineering at security company Synopsys.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.

Twitter told Reuters just before 5pm US east coast time that it was investigating what it later called a “security incident” and would be issuing a statement shortly. However, as of 9pm the company still had not issued an explanation.

Earlier, some of the platform’s biggest users appeared to be struggling to reestablish control of their accounts. In the case of billionaire Tesla chief executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.

Among the others affected: rapper Kanye West, Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, and the corporate accounts for Uber and Apple. Several accounts of cryptocurrency-focused organisations were also hijacked.

Altogether, the affected accounts had tens of millions of users.

Biden’s campaign was “in touch” with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat’s account “immediately following the breach and removed the related tweet”. Tesla and other affected companies were not immediately available for comment.

Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

Several experts said the incident raised questions about Twitter’s cybersecurity.

