Bill Gates, Elon Musk, Apple, Joe Biden, Barack Obama Array.. The list of Twitter glitterati who was kidnapped last night is long. But a notable call that doesn’t appear on the list, arguably the most prominent Twitter user of all: Donald Trump.
While many of the larger Twitter accounts were shattered with messages urging others to participate in what appears to be a Bitcoin scam, the account @realDonaldTrump and its 83.5 million subscribers were not attacked. The official account of the president @POTUS and his audience of 30.8 million does not.
The question is: why didn’t the scammers target everyone’s prominent maximum account?
The first theory is that Trump’s accounts have some form of enhanced security measures that should not be held to regular account holders verified.
The president would certainly be the number one goal of the service for hackers, so it is conceivable that Twitter has presented Trump and his staff with another form of verification that made it difficult to breach his account.
Twitter admitted this morning that the breach is the result of a “social engineering attack through other people who effectively attacked some of our workers with access to internal systems and tools.”
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter said in a series of tweets published on its support account.
The most productive execution theory at the moment is that the administrator account is not used to post tweets. Instead, the administrator account used to disable two-factor authentication on the affected accounts, which then allowed hackers to replace account-related email, allowing them to hijack accounts and post malicious tweets.
What can be these enhanced security measures in the president’s accounts? Twitter may, for example, only allow tweets on Trump accounts from legal devices, hackers were unable to tweet on behalf of the president.
Given that Donald Trump’s predecessor and long-term presidential opponent were attacked, but not Trump himself, there is also the question of whether the attack had political motivation.
This is currently unlikely. Nor was there a political message in any of the fake tweets, the attacks seem to have pointed to those who are largely in the Democratic aspect of the political barrier.
A direct attack on the president would also increase the stakes of what is already an incredibly important attack. A statement issued by the FBI suggests he’s already reviewing the attacks. “We are aware of today’s security incident involving several Twitter accounts belonging to high-level people,” the FBI said in one last night. I would be under much more pressure to investigate, and investigate a lot, if the president’s account had been compromised in the run-up to the election.
This is not to say that investigations will not continue. In fact, Republican politicians are already pushing for an investigation. A vice report states that Republican Sen. Josh Hawley has already written on Twitter, asking the company to “immediately touch the Department of Justice and the Federal Bureau of Investigation and take all mandatory steps to protect the site before this violation unfolds.”
The biggest fear is the ease with which hackers have succeeded in so many high-level accounts. Given the massive audience in which hackers have been successful, albeit temporarily, this raises apparent questions about Twitter’s security and whether it can only be used for more sinister than a bitcoin scam.
Although Twitter will no doubt go through a new security review, it has already been punished by a similar type of attack. Ten years later, the company settled a case with the FTC in which it found that “an intruder compromised an employee’s non-public email account and was able to infer the employee’s Twitter administrative password, discovered in two similar passwords, that had been stored in the account.” This has been used to “access user’s private information” and private tweets from any Twitter user. In addition, the intruder was able, and did, to reset at least a user’s password. “
Twitter CEO Jack Dorsey has already promised the effects of an internal investigation into the attack.
This time, Twitter will need to be informed of your lessons.
I’ve been a generation and editor for over 20 years. I was deputy editor of the generation segment of the Sunday Times, editor-in-chief of PC Pro mag and
I’ve been a generation and editor for over 20 years. I’ve been deputy editor of the Sunday Times generation segment, editor-in-chief of PC Pro magazine, and have written for more than a dozen publications and Internet sites over the years. I have also given the impression of a specialist in TV and radio generation, adding BBC Newsnight, Chris Evans Show and ITN News at Ten.
Contact me if you have a generation story that wants to be published in [email protected].