Experts say Twitter breach troubling, undermines trust

Experts say a breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public.

Posted: Jul 16, 2020 12:52 PM

HONG KONG (AP) — A breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday.

The FBI is investigating the hack, according to a person familiar with the probe who was not authorized to discuss an ongoing probe and spoke on the condition of anonymity Thursday.

The ruse discovered Wednesday included bogus tweets from Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

Hackers used social engineering to target some of Twitter’s employees and then gained access to the high-profile accounts. The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

Cybersecurity experts say such a breach could have dire consequences since the attackers were tweeting from verified, globally influential accounts with millions of followers.

“If you receive a tweet from a verified account, belonging to a well-known and therefore trusted person, you can no longer assume it’s really from them,” said Michael Gazeley, managing director of cybersecurity firm Network Box.

Reacting to the breach, Twitter swiftly deleted the tweets and locked down the accounts to investigate. In the process it prevented verified users from sending out tweets for several hours.

The company said Thursday it has taken “significant steps to limit access to internal systems and tools.”

Many celebrities, politicians and business leaders often use Twitter as a public platform to make statements. U.S. President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts and governments around the world.

Twitter faces an uphill battle in regaining people’s confidence, Gazeley said. For a start, it needs to figure out exactly the accounts were hacked and show the vulnerabilities have been fixed, he said.

“If key employees at Twitter were tricked, that’s actually a serious cybersecurity problem in itself,” he said. “How can one of the world’s most used social media platforms have such weak security, from a human perspective?”

Rachel Tobac, CEO of Socialproof Security, said that the breach appeared to be largely financially motivated. But such an attack could cause more serious consequences.

“Can you imagine if they had taken over a world leader’s account, and tweeted out a threat of violence to another country’s leader?” asked Tobac, a social engineering hacker who specializes in providing training for companies to protect themselves from such breaches.

Social engineering attacks typically target human weaknesses to exploit networks and online platforms. Companies can guard themselves against such attacks by beefing up multi-factor authentication -– where users have to present multiple pieces of evidence as authentication before being allowed to log into a system, Tobac said.

Such a process could include having a physical token that an employee must have with them, on top of a password, before they can log into a corporate or other private system. Other methods include installing technical tools to monitor for suspicious insider activities and reducing the number of people who have access to an administrative panel, Tobac said.

Several U.S. lawmakers called on Twitter to co-operate with authorities including the Department of Justice and the FBI to secure the site.

“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” said Sen. Josh Hawley, a Missouri Republican.

He added that millions of users relied on Twitter not just to send tweets but also communicate privately via direct messaging. Twitter hasn’t said if hackers were able to access the private messages of their high-profile targets.

Oregon Democratic Sen. Ron Wyden said Twitter CEO Jack Dorsey told him in a private conversation in 2018 that the company was working on protecting direct messages, known as DMs, with end-to-end encryption.

But that promise never materialized, Wyden said Thursday, leaving everyone’s private messages “vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access.”

“This is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms,” Wyden said in an emailed statement. “If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.”

California Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 530606

Reported Deaths: 9808
CountyConfirmedDeaths
Los Angeles1981654827
Riverside38487738
Orange38131665
San Bernardino34237487
San Diego30516568
Kern21433152
Fresno15945157
Alameda12136193
San Joaquin12034187
Santa Clara11030192
Sacramento10174148
Tulare10078193
Imperial9513232
Stanislaus9308135
Contra Costa8324131
Ventura787777
San Francisco708162
Santa Barbara652664
San Mateo5758120
Marin518076
Monterey496634
Merced458351
Kings445356
Solano380638
Sonoma320842
Madera211432
Placer199819
San Luis Obispo197016
Yolo161442
Santa Cruz11964
Butte10128
Napa10079
Sutter8406
San Benito6894
El Dorado6681
Lassen6320
Yuba5334
Shasta4049
Colusa3594
Glenn3462
Mendocino3419
Nevada3161
Tehama2491
Humboldt2454
Lake2111
Mono1461
Tuolumne1442
Amador1370
Calaveras1361
Del Norte900
Siskiyou880
Inyo661
Mariposa592
Plumas330
Trinity50
Modoc40
Sierra30
Alpine20
Unassigned00
Chico
Clear
75° wxIcon
Hi: 89° Lo: 66°
Feels Like: 75°
Oroville
Clear
72° wxIcon
Hi: 92° Lo: 65°
Feels Like: 72°
Paradise
Clear
75° wxIcon
Hi: 84° Lo: 63°
Feels Like: 75°
Chester
Clear
59° wxIcon
Hi: 82° Lo: 50°
Feels Like: 59°
Red Bluff
Clear
73° wxIcon
Hi: 92° Lo: 67°
Feels Like: °
Willows
Clear
75° wxIcon
Hi: 93° Lo: 63°
Feels Like: 75°
Although temperatures began to rise today around northern California, our weather was still quite pleasant for early August. Enjoy the below-average highs will we have them, because hotter weather will return soon.
KHSL Severe
KHSL Radar
KHSL Temperatures

Community Events