BankThink

Twitter attack shows the shortfall of too much internal access

As of now the ultimate goal of the recent Twitter hack looked to simply be acquiring money and tricking people into sending money to a bitcoin address.

The title of this should not be "bitcoin scam." It was a Twitter hack to steal money. This hack would have happened even if bitcoin did not exist.

The nice part about it being bitcoin is that the funds can be tracked and are in the public purview in perpetuity. They are being traced as we speak. Operators may have already identified some of the parties involved, something that could never happen when robbers steal U.S. dollars.

I would not speculate directly on the source of the attack just yet. You would have to believe someone who would attempt this type of hack would do so either under the veil of a jurisdiction outside the U.S., or with complete and utter anonymity. And based on the social engineering required to complete the hack, pure anonymity was not contained.

From a technology standpoint, this type of coordinated attack would be highly improbable. Simultaneously getting access to these premier accounts from the outside with SIM swapping or even keylogging would be extremely difficult. Social engineering and compromising an employee with admin-level access is truly the only way you could make this happen.

The biggest takeaway from this hack should be for our large digital media companies to iterate and rework their admin controls including who has "God-Mode" access control at their companies. Fortunately for Twitter, the perpetrators do not have direct access to people's capital, otherwise their security would have been much more advanced to protect against something like this.

The bigger question remains that if nefarious actors get access to such a public forum, what would have happened if they hacked Trump's Twitter account and unbeknownst to anyone, started to post dangerous threats towards other countries or misdirection as to policy updates? They could potentially have started World War III, or significantly affected stock market prices.

For reprint and licensing requests for this article, click here.
Risk Cyber attacks Payment fraud Hacking
MORE FROM AMERICAN BANKER