Politics Twitter's massive hack could be even worse than it seems
'Tweet-tastrophe'? It could have been. Twitter hack reveals national security threat ahead of election
The hack has national security implications, people are warning. What if it someone tried to disrupt the election or cause an international incident?The Twitter accounts of some of the world’s biggest names were hacked Wednesday in a bitcoin scam. The FBI is investigating and the Senate Intelligence Committee has asked for a briefing.
Thethat led to the accounts of a former US president, a possible future president, numerous billionaire businessmen, celebrities and the world's most valuable company all promoting a bitcoin scam may go down as one of the worst cybersecurity disasters ever to hit a social media company.
But while the scope of the incident was massive in its own right — impacting accounts belonging to Barack Obama, Joe Biden, Bill Gates, Elon Musk, Kanye West, Kim Kardashian West and Warren Buffett — it could merely be the tip of a very large iceberg with vast security implications. Cybersecurity experts and policymakers now worry that the bitcoin scam may mask a much more troubling data breach involving the personal communications of the world's most powerful people.
Twitter’s massive attack: What we know after Apple, Biden, Obama, Musk, and others tweeted a bitcoin scam
Update: Wednesday’s Twitter attack is now being investigated by numerous law enforcement agenciesMultiple law enforcement investigations, including one from the Federal Bureau of Investigation, are now actively probing the situation over far a deeper concern: that the exploited vulnerability in Twitter’s systems — a result it seems of mid-level employees having powerful access to site-wide admin tools that can fall into the wrong hands — has exposed serious security risks for the platform’s most powerful users.
The attack is also a stark reminder, in the middle of a pivotal election year, about the power of social media in general, and Twitter in particular, to destabilize America and the world. Despite it having a significantly smaller user base than rivals like Facebook, Twitter has a disproportionately large influence on the media, investors and policymakers. It's where news breaks, CEOs makeand US presidents sometimes declare new policies. And Wednesday's attacks showed how much trust the public places in Twitter's hands, and how brittle its systems can be.
AP PHOTOS: Greece's great declutter at battle coastline
SALAMINA, Greece (AP) — Greece is commemorating one of the greatest naval battles in ancient history this year at Salamis, the claw-shaped island skirting the mainland near Athens. It’s where the invading Persian navy suffered a heavy defeat 2,500 years ago, their large vessels unable to properly maneuver in the narrow seaways. Salamis, now known as Salamina, has become an extended suburb of the capital, a blue-collar retirement and summer home spot. © Provided by Associated Press A submarine approaches its naval base as a half sunken ship is seen near a shipyard on Salamina island, west of Athens, on Tuesday, Feb. 12, 2020.
It still isn't clear what the attackers' ultimate goals were. But what little has been revealed about the hack so far has already raised serious concerns from policymakers, security experts and some close to Twitter. With the level of access they enjoyed, the hackers could have triggered a sell-off in the financial markets, issued fake policy pronouncements or disrupted entire presidential campaigns.
"If Ivanka [Trump's] account were to tweet the extreme hypothetical, 'I'm so proud of my father tonight for making the hard decisions; nuclear war is never easy, but we'll win it,' that would ... be problematic," said an ex-Twitter employee, speaking on condition of anonymity to discuss a former employer.
Neither Ivanka Trump nor President Donald Trump's account appeared to have been affected by the hack; the White House declined to comment on the matter Wednesday afternoon.
Michigan State football team to quarantine after two staffers test positive for coronavirus
The two-week quarantine essentially takes the team out of action until the official start of training camp, which is likely to leave players behind physically. The pandemic has had significant impacts on college football already. Beyond schedule changes, coaches have had to adapt and adjust due to a lack of in-person offseason activities. That’s especially hard for first-year coaches, including the Spartans’ Mel Tucker.Subscribe to Yardbarker's Morning Bark, the most comprehensive newsletter in sports. Customize your email to get the latest news on your favorite sports, teams and schools. Emailed daily.
On Wednesday evening, Twitter offered a preliminary explanation for the hack. It blamed a "coordinated social engineering attack" against some of its employees who had access to "internal systems and tools," Twitter.
The hackers then "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," Twitter. "We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it." Twitter declined to comment for this story.
The hackers who controlled the accounts posted fake tweets urging Twitter users to send money to a number of bitcoin wallets, promising that users would be paid back double. Instead, the hackers appeared to simply take the money and run — withflowing into the wallets by Thursday morning. All bitcoin transactions are visible on a public ledger, making the hack an even greater spectacle.
Those wallets will be forever radioactive as law enforcement eyes them for withdrawals or transfers that could be traced back to the original attackers, said Kenn White, a security principal at the software database company MongoDB.
NFL, NFLPA reach agreement on 2021 salary cap
The NFL and NFLPA have agreed to some compromises regarding finances. Next year’s salary cap will be no lower than $175M, Tom Pelissero and Mike Garafolo of NFL.com report. Rather than borrowing money from projected future revenues through 2030 — as the players initially sought — this agreement will take projected funds through 2024 to help guard against a salary cap free fall this season could cause, Mark Maske of the Washington Post tweets. Read more here.
"Those [bitcoin] addresses will be scrutinized closer than any in history," he said.
For such a disruptive hack, the money involved pales in comparison to the kind ofpayouts hackers can routinely expect from other types of financially motivated attacks. In addition to being relatively small in financial terms, the profits from this week's Twitter attack are insignificant in light of how deeply the hackers appear to have penetrated Twitter's systems.
"If you've stolen a Ferrari, why just drive around the block?" White said.
As the crisis unfolded Wednesday night, Missouri Republican Sen. Josh Hawley, a major critic of Silicon Valley, sent a letter to Twitter CEO Jack Dorsey.
"Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service," Hawley. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."
The Federal Trade Commission is also likely to investigate — opening the door to potential fines or other penalties, according to David Vladeck and Jessica Rich, two former directors of the agency's consumer protection bureau.
Twitter's own investigation is still ongoing, and it isn't clear what data the hackers may have accessed. Twitter also hasn't disclosed who may have been behind the attack or any information about the targeted employees. Two US intelligence officials told CNN Wednesday night that it is still too early to tell if the attack was the work of a nation state or a state-sponsored actor.
Brett Kulak, Jayce Hawryluk confirm positive COVID-19 tests
Habs defenseman Brett Kulak and Senators center Jayce Hawryluk both confirmed positive COVID-19 years on Friday. Following practice today, Kulak confirmed to reporters, including Sportsnet’s Eric Engels (Twitter links) that he was dealing with symptoms for a little more than a week after initially testing negative just prior to the start of camp. Two positive tests quickly followed and he was only recently cleared to rejoin the team.
But some security experts are bracing for the worst. By using the hijacked accounts to push a bitcoin scam, the attackers publicly advertised their successful attack — guaranteeing that Twitter would swiftly respond and lock them out, said Theresa Payton, the former White House chief information officer under President George W. Bush.
While that could indicate nothing more than a play for notoriety and a quick cash grab, she said, the hackers could have downloaded information about the accounts for later release — potentially including private messages, photos, phone numbers and email addresses. That would be damaging enough at any time, but during a critical election year in which trust in platforms and their handling of information remain key concerns, the stakes could not be higher.
"Are they going to come back later with a 'dump and dox' campaign or a blackmail situation?" said Payton. "We only know about the accounts they flipped with that message. How about all the other accounts they didn't flip with that message?"
Video: Hackers target high profile Twitter accounts in online scam (CNN)
NFL, NFLPA agree on training camp setup, opt-out system .
Yahoo Sports' Charles Robinson and Terez Paylor discuss how Jets co-owner Woody Johnson's alleged racist and sexist remarks have brought back attention to NFL owners' questionable behavior. Subscribe to the Yahoo Sports NFL Podcast on Apple Podcasts, Spotify, or wherever you get your podcasts.