Politics Twitter's massive hack could be even worse than it seems
'Tweet-tastrophe'? It could have been. Twitter hack reveals national security threat ahead of election
The hack has national security implications, people are warning. What if it someone tried to disrupt the election or cause an international incident?The Twitter accounts of some of the world’s biggest names were hacked Wednesday in a bitcoin scam. The FBI is investigating and the Senate Intelligence Committee has asked for a briefing.
Thethat led to the accounts of a former US president, a possible future president, numerous billionaire businessmen, celebrities and the world's most valuable company all promoting a bitcoin scam may go down as one of the worst cybersecurity disasters ever to hit a social media company.
But while the scope of the incident was massive in its own right — impacting accounts belonging to Barack Obama, Joe Biden, Bill Gates, Elon Musk, Kanye West, Kim Kardashian West and Warren Buffett — it could merely be the tip of a very large iceberg with vast security implications. Cybersecurity experts and policymakers now worry that the bitcoin scam may mask a much more troubling data breach involving the personal communications of the world's most powerful people.
Twitter’s massive attack: What we know after Apple, Biden, Obama, Musk, and others tweeted a bitcoin scam
Update: Wednesday’s Twitter attack is now being investigated by numerous law enforcement agenciesMultiple law enforcement investigations, including one from the Federal Bureau of Investigation, are now actively probing the situation over far a deeper concern: that the exploited vulnerability in Twitter’s systems — a result it seems of mid-level employees having powerful access to site-wide admin tools that can fall into the wrong hands — has exposed serious security risks for the platform’s most powerful users.
The attack is also a stark reminder, in the middle of a pivotal election year, about the power of social media in general, and Twitter in particular, to destabilize America and the world. Despite it having a significantly smaller user base than rivals like Facebook, Twitter has a disproportionately large influence on the media, investors and policymakers. It's where news breaks, CEOs makeand US presidents sometimes declare new policies. And Wednesday's attacks showed how much trust the public places in Twitter's hands, and how brittle its systems can be.
AP PHOTOS: Greece's great declutter at battle coastline
SALAMINA, Greece (AP) — Greece is commemorating one of the greatest naval battles in ancient history this year at Salamis, the claw-shaped island skirting the mainland near Athens. It’s where the invading Persian navy suffered a heavy defeat 2,500 years ago, their large vessels unable to properly maneuver in the narrow seaways. Salamis, now known as Salamina, has become an extended suburb of the capital, a blue-collar retirement and summer home spot. © Provided by Associated Press A submarine approaches its naval base as a half sunken ship is seen near a shipyard on Salamina island, west of Athens, on Tuesday, Feb. 12, 2020.
It still isn't clear what the attackers' ultimate goals were. But what little has been revealed about the hack so far has already raised serious concerns from policymakers, security experts and some close to Twitter. With the level of access they enjoyed, the hackers could have triggered a sell-off in the financial markets, issued fake policy pronouncements or disrupted entire presidential campaigns.
"If Ivanka [Trump's] account were to tweet the extreme hypothetical, 'I'm so proud of my father tonight for making the hard decisions; nuclear war is never easy, but we'll win it,' that would ... be problematic," said an ex-Twitter employee, speaking on condition of anonymity to discuss a former employer.
Neither Ivanka Trump nor President Donald Trump's account appeared to have been affected by the hack; the White House declined to comment on the matter Wednesday afternoon.
Twitter Says Attackers Downloaded Account Information, Which Includes Direct Messages, From Some in Hack
Twitter has released new details about the hack heard round the world this week, which is apparently a massive scam that aimed to get users to send bitcoin to a random cryptocurrency wallet. It was carried out by targeting some of the highest profile accounts on the social media network, such as those belonging to Elon Musk, Jeff Bezos, Kanye West, Joe Biden and Barack Obama. Besides asking for bitcoin, Twitter has revealed that the attackers also managed to download account information, which includes direct messages, for up to eight of the 130 accounts targeted.
On Wednesday evening, Twitter offered a preliminary explanation for the hack. It blamed a "coordinated social engineering attack" against some of its employees who had access to "internal systems and tools," Twitter.
The hackers then "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," Twitter. "We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it." Twitter declined to comment for this story.
The hackers who controlled the accounts posted fake tweets urging Twitter users to send money to a number of bitcoin wallets, promising that users would be paid back double. Instead, the hackers appeared to simply take the money and run — withflowing into the wallets by Thursday morning. All bitcoin transactions are visible on a public ledger, making the hack an even greater spectacle.
Those wallets will be forever radioactive as law enforcement eyes them for withdrawals or transfers that could be traced back to the original attackers, said Kenn White, a security principal at the software database company MongoDB.
Twitter apologizes for massive hack as revenue slumps, users soar
The company has taken a financial hit amid the pandemic but has seen a big jump in the number of people flocking to the site."Last week was a really tough week for all of us at Twitter. We feel terrible about the security incident that negatively affected the people we serve and their trust in us," Dorsey said on a call with Wall Street analysts. "We fell behind both in our protection duties and restrictions on our internal tools, and for that I apologize.
"Those [bitcoin] addresses will be scrutinized closer than any in history," he said.
For such a disruptive hack, the money involved pales in comparison to the kind ofpayouts hackers can routinely expect from other types of financially motivated attacks. In addition to being relatively small in financial terms, the profits from this week's Twitter attack are insignificant in light of how deeply the hackers appear to have penetrated Twitter's systems.
"If you've stolen a Ferrari, why just drive around the block?" White said.
As the crisis unfolded Wednesday night, Missouri Republican Sen. Josh Hawley, a major critic of Silicon Valley, sent a letter to Twitter CEO Jack Dorsey.
"Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service," Hawley. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."
The Federal Trade Commission is also likely to investigate — opening the door to potential fines or other penalties, according to David Vladeck and Jessica Rich, two former directors of the agency's consumer protection bureau.
Twitter's own investigation is still ongoing, and it isn't clear what data the hackers may have accessed. Twitter also hasn't disclosed who may have been behind the attack or any information about the targeted employees. Two US intelligence officials told CNN Wednesday night that it is still too early to tell if the attack was the work of a nation state or a state-sponsored actor.
NFL, NFLPA reach agreement on 2021 salary cap
The NFL and NFLPA have agreed to some compromises regarding finances. Next year’s salary cap will be no lower than $175M, Tom Pelissero and Mike Garafolo of NFL.com report. Rather than borrowing money from projected future revenues through 2030 — as the players initially sought — this agreement will take projected funds through 2024 to help guard against a salary cap free fall this season could cause, Mark Maske of the Washington Post tweets. Read more here.
But some security experts are bracing for the worst. By using the hijacked accounts to push a bitcoin scam, the attackers publicly advertised their successful attack — guaranteeing that Twitter would swiftly respond and lock them out, said Theresa Payton, the former White House chief information officer under President George W. Bush.
While that could indicate nothing more than a play for notoriety and a quick cash grab, she said, the hackers could have downloaded information about the accounts for later release — potentially including private messages, photos, phone numbers and email addresses. That would be damaging enough at any time, but during a critical election year in which trust in platforms and their handling of information remain key concerns, the stakes could not be higher.
"Are they going to come back later with a 'dump and dox' campaign or a blackmail situation?" said Payton. "We only know about the accounts they flipped with that message. How about all the other accounts they didn't flip with that message?"
Video: Hackers target high profile Twitter accounts in online scam (CNN)
NFL, NFLPA agree on training camp setup, opt-out system .
Yahoo Sports' Charles Robinson and Terez Paylor discuss how Jets co-owner Woody Johnson's alleged racist and sexist remarks have brought back attention to NFL owners' questionable behavior. Subscribe to the Yahoo Sports NFL Podcast on Apple Podcasts, Spotify, or wherever you get your podcasts.