Technology

Teen hacking famous accounts reveals Twitter’s security issues, NY report says

By Brooke Wolford

October 14, 2020 9:18 PM

In July, a group of hackers — led by a 17-year-old — attacked several high-profile Twitter accounts for hours using a “double your bitcoin” scheme, a report from the New York State Department of Financial Services says.

Now the agency is calling on the social media platform to tighten its security protocols and for the U.S. government to take regulatory action after discovering how easy it was for the hackers to take over the accounts and steal over $118,000 worth in bitcoin, according to the report.

Hackers attack

The group seized control of “the Twitter accounts of politicians, celebrities and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos and Elon Musk,” the report says. Hackers were also able to take over the “accounts of several cryptocurrency companies.”

Twitter couldn’t seem to get the issue under control for several hours, the report says, even though the hackersused “basic techniques more akin to those of a traditional scam artist.”

“It was jarringly easy for a teenager and his young associates to hack Twitter and hijack accounts belonging to some of the most prominent people and organizations in the world,” the report says.

Hackers called Twitter pretending to be from its Information Technology department, according to the report. They were able to carry out the cyberattack without using any “high-tech or sophisticated techniques often used” by hackers, the report says.

“The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report says. “In the hands of a dangerous adversary, the same access obtained by the hackers — the ability to take control of any Twitter users’ account — could cause even greater harm.”

Twitter responded to the agency’s report by linking a post it published Sept. 24 that detailed the new measures it plans to take to mitigate future security issues, KPIX reported.

“We want you to have peace of mind when you come to Twitter that the data you share with us is secure, and that you understand and feel empowered to use the controls we offer you to keep your account secure,” Twitter’s post said.

Social media security issues

Foreign countries have attempted to “interfere with democratic processes, using influence measures in social and traditional media,” according to the report. U.S. intelligence officials found that Russian actors were able to influence the 2016 elections by undermining “faith in democratic institutions” and provoking “social discord” online, according to the report.

Instances like these outline the intense need for companies to secure their platforms, according to the report. Lawmakers have not yet established cybersecurity regulations for social media companies, the report says.

In the Twitter attack, “the hackers’ success was due in large part to weaknesses in Twitter’s internal cybersecurity protocols,” the report says. Twitter did not have a chief information security officer at the time of the attack, which is “a common source of cybersecurity weaknesses,” according to the report.

The problem was exacerbated because Twitter employees were working remotely due to the pandemic, which “created a host of new challenges for IT and cybersecurity,” the report says. Hackers exploited this using a tactic called “social engineering,” or manipulating people into giving out confidential or personal information, according to the report.

How to stop future attacks

The agency’s report outlines several practices that can help companies prevent or mitigate cyberattacks. Beyond that, the agency recommends that government institutions establish a “new regulatory framework,” similar to the actions lawmakers took during the 2008 financial crisis, according to the report.

“The scale and reach of these companies, combined with the ability of adversarial actors who can manipulate these systems, require a similarly bold and assertive regulatory approach,” the report says. “The Twitter Hack demonstrates, more than anything, the risk to society when systemically important institutions are left to regulate themselves… The time for government action is now.”

This story was originally published October 14, 2020 at 9:18 PM with the headline "Teen hacking famous accounts reveals Twitter’s security issues, NY report says."

Brooke Wolford

The News Tribune

Brooke is native of the Pacific Northwest and most recently worked for KREM 2 News in Spokane, Washington, as a digital and TV producer. She also worked as a general assignment reporter for the Coeur d’Alene Press in Idaho. She is an alumni of Washington State University, where she received a degree in journalism and media production from the Edward R. Murrow College of Communication.

Hackers attack

Social media security issues

How to stop future attacks

Related Stories from Rock Hill Herald

International hackers accused of pirating Xbox, Nintendo, PlayStation games, feds say

Voting problem at the polls? Here’s how to report it through Electionland

Get unlimited digital access

#ReadLocal