Text Size
Social media connecting

Social Media Hacks

Hack attacks.  The unsocial side of social media 

For anyone using the Internet, but particularly for older people who are often the target of hackers and cyber criminals, it is important to deal with reputable organisations for security and information.  A very high profile case demonstrates how easy, and even damaging, being too trustworthy can be.

When names like Barack Obama, Bill Gates, Jeff Bezos, and Elon Musk make the headlines it is a big story on anyone’s terms.  All the more so as clearly wealth and power are no protection from a ‘hack attack’.

Given the big names involved there might be a tendency to think this level of hacking is someone else’s problem.  In fact, this is a major revelation and wake up call for anyone who uses the Internet for anything.  Again, for older people, two questions should be at the fore. 

Is security really that secure and trustworthy?  Equally, is the information that appears on the Internet reliable, factual, credible, and most importantly safe? 

The Twitter story broke in July 2020 with the revelation that some very high-profile Twitter accounts had been taken over by a group of what was described as only ‘moderately’ skilled hackers.  With the ‘ringleader’ of the raiding party a 17-year-old. 

Two red lights of concern started flashing.  How could an IT giant like Twitter have their security breached?  The bigger worry being the degree of faith and misplaced trust that people have in social media.  If it seems implausible or too good to be true it most likely is. 

This is how the Twitter hack story unfolded.  On July 15, followers of Jeff Bezos on Twitter saw an unusual tweet from the world’s richest man. Bezos is regarded as a shrewd businessman and the company he leads, Amazon, is a global economic superpower.  To most it seemed jarringly out of character that such a person would post the following bizarre tweet (a posting on Twitter): “I have decided to give back to my community. All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $50,000,000.”

The Internet hosts all sorts of non-factual information including opinions, false news and outright lies.  Just because it appears to be credible it is not necessarily so. 

If a ‘normal’ person received this kind of message in an email, they would probably disregard it as one of those offers that has to be a scam.  Simply because it is too good to be true. With Bezos’s name linked to it, however, it gained authenticity.  That is why people did fall for the scam and did send bitcoin to the scammers behind this hack. In short while the Amazon founder might be trustworthy and pass the scrutiny, the cybersecurity systems at Twitter were anything but.  

Socially engineered   

Based on the information provided in the United States court proceedings, Twitter was a victim of a new phenomenon known as social engineering.  As in when scammers ‘engineer’ situations to trick people into doing things such as sharing their passwords. In this case, a gang of hackers socially engineered some staff members at Twitter and got their user credentials (usernames and passwords).

The hackers then used these employees’ credentials to do more social engineering on other Twitter employees tricking them into sharing their credentials. Before too long, the gang of hackers had gained enough usernames and passwords to take control of Twitter’s computer systems and take over the accounts of some of the most famous users on site.

The theft of trusted identities was much more concerning than the theft of the money.

While these hackers only stole about $177,000 USD worth of bitcoins in their digital heist, more highly skilled hackers could steal a lot more money from innocent people.  Simply by exploiting this blind trust in information seemingly provided by trusted figures on social media.

Twitter on phone
Photo by Joshua Hoehne on Unsplash

While these hackers were only common cybercriminals looking to steal bitcoins from gullible Twitter users, imagine how much harm could be caused by more dangerous hackers stealing the identity of an important political figure.

The different ‘what if’ scenarios are endless, but the lessons learned are crystal clear. 

As well as showing how cybercriminals will always find new ways to scam people out of their money, this hack shows that social media can be a disruptive Achilles heel in our world.  If a 17-year-old and a couple of amateur accomplices can take over the social media accounts of prominent figures, and use their identities to manipulate public opinion, what could a more sophisticated criminal or terrorist group do?

Imagine if a major public figure’s social media account was used to tweet a declaration of war. In the world of COVID-19 what if the World Health Organisation’s social media account was hacked to spread dangerous misinformation about public health and safety. Or, in financial circles, a global panic could be created leading to social disorder.  Farfetched though it might seem the capabilities are there.

That is why as users of the Internet we all need to push for, and create, stronger controls to limit the potential for these companies to cause harm.

The full force of the law  

The Twitter hackers had previously focused on hacking regular people and had been able to fly under the radar of authorities, which allowed them to enjoy commercial success in the hacking underworld. This all changed once they targeted Twitter and compromised the accounts of some of the most powerful people in the world.  Their ambitions clearly outstripped their capabilities. 

While these hackers were able to cause significant mischief and harm, they were easy to trace due to their lack of professional cybersecurity skills. The investigation into the hack involved the ‘big boys’ of law enforcement including  the United States Secret Service, the FBI, and the IRS. It revealed that the hackers were involved in organised crime, working as a gang to hack and sell stolen accounts online. Forum posts show that the gang would take “hacker for hire” requests from customers who paid them to steal other people’s social media accounts. Three young men believed to be responsible for the hack have now been arrested and charged with a range of criminal offences.

While this is the end of the line for them many more criminals lurk in the Internet. Again, keep sensible, keep safe and keep enjoying the positive aspects of the Internet.