A day after a widespread security breach hit the Twitter accounts of high-profile public figures, including Barack Obama, Jeff Bezos, and Joe Biden, lawmakers and cybersecurity experts are concerned that whoever entered the The company’s system has been able to access direct private messages.
Hackers gained access to the accounts of some of the world’s most famous celebrities and influential politicians on Wednesday, which a Twitter statement said was part of a “coordinated social engineering attack on people who successfully attacked some of our employees”.
Hackers seemed to have unlimited access to a feature that allowed Twitter admins to reset the password for any account, according to screenshots circulating online that were removed by Twitter. Then hackers used the feature to grab accounts from celebrities like Elon Musk and Kanye West, as well as companies like Uber and Apple, to tell users to send bitcoins to a certain account.
Twitter has since stopped the scam tweets. But the understanding of the extent of the rape is only just beginning. There is growing concern among lawmakers and experts that the feature that has allegedly been exploited by hackers would allow access to direct messages, or DMs, from any account that has reset their password.
Senator Ron Wyden, D-Ore., A leading figure in Internet law for more than two decades, warned that the hack could have serious and far-reaching effects if intruders could access direct messages from politicians and others politicians. -profile of public figures.
“If hackers gained access to users’ DMs, this violation could have an impressive impact in the coming years,” Wyden said in a statement.
“While it is still unclear whether the hackers behind yesterday’s incident gained access to direct messages from Twitter, this is a vulnerability that has lasted too long and is not present on other competing platforms,” he said.
Senators on both sides of the aisle, including Josh Hawley, R-Mo., Mark Warner, D-Va., And Richard Blumenthal, D-Conn., Asked Twitter to provide urgent responses.
The concern about access to direct messages comes in part from broader concerns that they could leak as part of a campaign to influence the US election in November.
Michael Coates, who was Twitter’s top digital security official from 2015 to 2018, said that because the attackers appeared to have been motivated by money, they may not have been particularly sophisticated.
“It seems that someone with that level of access would have been more advanced,” he said. “But the fact that they did that doesn’t make me think it was a nation state.”
Coates, who is now the CEO of cybersecurity company Altitude Networks, also said it is not yet clear if the attackers were able to gain access to DMs.
“We shouldn’t presume it, but we shouldn’t rule it out either,” he said.
Twitter declined to discuss whether the direct messages had been violated, pointing to the company’s official Twitter account, which has not addressed the direct messages.
The hostile foreign intelligence services of Russia, China and Iran have directed private messages from public figures to embarrass governments and try to influence elections in the past. Russia carried out a radical piracy and disinformation campaign in 2016 targeting the Democratic National Convention and Hillary Clinton’s campaign chairman, John Podesta. Emails acquired through those efforts were eventually released through the WikiLeaks broker.
Russian intelligence services have also used the coverage of a Bitcoin scam in an attempt to obtain private information. In 2016, the GRU attempted to mirror the emergence of a malware attack called Petya, which held content on users’ computers hostage in exchange for bitcoins. The GRU variation on the attack, dubbed NotPetya, focused exclusively on gathering private information, and used the Bitcoin scam as a cover to evade detection.
NBC News contributor Clint Watts, a former FBI special agent, said the hack may have been carried out by criminal hackers, but the information currently available cannot be known for certain.
“If you wanted to influence the election, you wouldn’t get Twitter to kick off to clean up its platform four months later,” Watts said. “But if you’re going to hack and dump, then maybe.”
Watts added that a direct Twitter message hacking campaign “is not the same as internal DNC emails,” because many lawmakers have switched to more secure messaging platforms, and that Bitcoin scams are frequently “just what seen on the surface. “
But Twitter DMs “would be useful if they just wanted to blackmail everyone,” he said.
