Bill Gates, Elon Musk, Apple, Joe Biden, Barack Obama… the list of the Twitter glitterati who had their accounts hijacked last night is long. But there’s one notable name that doesn’t appear on the list, arguably the most famous Twitter user of them all: Donald Trump.
While many of the biggest Twitter accounts were vandalized with messages urging people to participate in what appears to be a bitcoin scam, the @realDonaldTrump account and its 83.5 million followers were not targeted. Neither was the official account of the president @POTUS and its 30.8m audience.
The question looms large: why did the scammers not target the most high-profile account of them all?
The first theory is that Trump’s accounts have some form of enhanced security measures that aren’t available to other verified account holders.
The president would undoubtedly be the service’s prime target for hackers, so it is possible that Twitter has afforded Mr Trump and his staff some form of extra verification that made it more difficult to breach his account.
Twitter has this morning admitted that the breach was a result of a “social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter said in a series of tweets published on its support account.
What might those enhanced security measures be? Twitter may, for example, only permit tweets to be made to Trump’s accounts from authorized devices, meaning that even the elevated staff accounts that the hackers breached weren’t able to tweet on the president’s behalf.
Given that Donald Trump’s predecessor and forthcoming opponent in the presidential election were targeted, but not Trump himself, there’s also the question of whether the attack was politically motivated.
That, currently, seems unlikely. There was also no political messaging in any of the faked tweets, although the attacks do seem to have targeted those largely on the Democrat side of the political fence.
A direct attack on the president would also raise the stakes in what is already an incredibly high-profile attack. A statement released by the FBI suggests it’s already looking into the attacks. “We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals,” the FBI said in a statement last night. It would be under much greater pressure to investigate, and investigate hard, if the president’s account had been compromised in the run-up to an election.
That’s not to say investigations aren’t going to be pursued. Indeed, Republican politicians are already pressing for a probe. A Vice report claims Republican senator Josh Hawley has already written to Twitter, asking the company to “reach out immediately to the Department of Justice and the Federal Bureau of Investigation and take any necessary measures to secure the site before this breach expands”.
Sign of things to come?
The ease with which the hackers managed to breach so many high-profile accounts is the biggest cause for concern. Given the enormous audience the hackers were able to reach – albeit temporarily – it raises obvious questions over Twitter’s security and whether it could be used for something more sinister than a ham-fisted bitcoin scam.
Although Twitter will now undoubtedly go through a fresh security review, it’s been punished for a similar kind of attack previously. A decade ago, the company settled a case with the FTC in which it was found that “an intruder compromised an employee’s personal email account, and was able to infer the employee’s Twitter administrative password, based on two similar passwords, which had been stored in the account”. This was used to “access non-public user information and non-public tweets for any Twitter user. In addition, the intruder could, and did, reset at least one user’s password.”
Twitter CEO Jack Dorsey has already promised to publish the findings of an internal investigation into the attack.
This time Twitter will really have to learn its lessons.
Source – Forbes