Here are the weaknesses that experts say allowed for a massive Twitter hack
Inadvertently, Twitter might have been laying the groundwork for a massive scam that happened on its watch.
The hackers who gleaned over $110,000 through a massive Bitcoin scam on Twitter stunned the world. While their identities are still unknown, researchers are learning more about what they're doing with the money, and how weaknesses built into Twitter created a system that was ripe for the picking.
"Humans are always the weakest link."
Despite taking most of the world by surprise, independent researcher Geoff Golberg tells Inverse that he wasn't shocked by the hack. In fact, he's been arguing that something like this could happen for years. The founder of Social Forensics, which maps and monitors social media activity, has criticized Twitter for years as being vulnerable to platform manipulation, fake accounts, and useless trending topics.
The Great Hack is “especially problematic as it seems some person or entity got access to admin rights for the whole platform,” Golberg says. At the moment, the mechanics of the hack remain unclear. Twitter announced that some sort of “coordinated social engineering attack” was involved, meaning that the manipulation on a human scale.
What happened to all that Bitcoin?
Victor Fang, founder and CEO of AnChain.Ai, which specializes in blockchain security, tells Inverse that from a hacker’s point of view, social engineering at some capacity is likely the most logical path into a well-defended system. “Twitter invests hundreds of millions of dollars in security. It’s hard to go straight in. Humans are always the weakest link.”
Just as Golberg has been monitoring Twitter manipulation, Fang and AnChain have been carefully observing blockchain activity stemming from the hack. Fang shared with Inverse a map that AnChain created showing how the money was transferred into the scammers' Bitcoin wallets.
There are many questions left unanswered, like “who are these people?” and “why did they do this?” “We’re still trying to piece together who did this,” Fang says. But one thing is certain: the money the hackers received is being moved around. The reason for this distribution is unclear, but AnChain's report shows that it is likely the hack was a “coordinated crime by a sophisticated group of hackers.” That tracks with a report from Vice in which anonymous sources claimed the group had a mole operating within Twitter.
It’s possible they’re splitting the money up as the world watches.
Is Bitcoin the problem? Is Twitter?
As dramatic as the heist has been, Golberg argues that Twitter had been inadvertently laying the groundwork for years. Twitter has been far too passive in allowing its platform to be manipulated, he says, which created an environment where even an implausible scheme where Joe Biden and Elon Musk ask their followers for Bitcoin can thrive.
“Twitter touts taking a proactive approach to mitigating against platform manipulation,” Golberg says. “In reality, that simply is not the case. Twitter's Trust & Safety team should be verticalized. Communities where manipulation is rampant -- i.e. stan [hardcore fans of celebrities] Twitter, crypto Twitter, and human rights activist Twitter, for example -- would benefit greatly from having dedicated employees from Twitter's Trust & Safety team who are actually immersed in said communities. This is required for Twitter to truly take a proactive approach. Otherwise, they will continue to reactively deal with platform manipulation and security issues as they arise.”
For Fang, the hack represents a long-brewing perception that Bitcoin and its accompanying blockchain technology — digital chains that can transport and verify information, as opposed to a centralized source that most computer systems use — are only good for committing crimes.
Blockchains have any number of potential uses—the World Bank has been experimenting with the idea of using blockchains as smart contracts, for example, and could promote "inclusion among consumers and micro, small, and medium-sized enterprises in certain financial services, such as insurance and supply-chain finance."
A blockchain-based social media could have prevented the type of security attack that Twitter fell victim to, Fang says, but the buy-in to switch to another social media platform is too high.
The “silver lining of such a massive security incident is the mass awareness on security and privacy,” Fang says, adding that he hopes the incident will spur innovators around the world to action.