Or the cybercriminals who hacked Twitter on Wednesday to take over accounts of prominent users like Barack Obama or Elon Musk, just seemed interested in greed. But this operation revealed shortcomings that could have much more serious consequences.
What do you do when you can tweet instead of Elon Musk, Bill Gates, Barack Obama, Warren Buffet, Apple or even Kim Kardashian? Obviously ask for bitcoins! The unsurpassed massive hacking of Twitter on Wednesday, July 15, enabled the cybercriminals behind the operation to collect nearly $ 120,000 in bitcoins, paid for by Internet users who really believed that Donald Trump’s predecessor or Microsoft founder offered them a golden deal …
It’s a lot and a little at a time. The sum is significant given the fact that “at this stage, one might have thought that people would be aware that one should not give money in response to a simple message on a social network. This hacking emphasizes, more than ever, that we can not fully trust what is written on Twitter, even when it comes to certified accounts “, states Gérôme Billois, cyber security expert at Wavestone, contacted by France 24.
Cheat for profit or “fake track”?
But a few bitcoins also seem to be a very small boil for someone who for several hours could incarnate on Twitter some of the most powerful or influential personalities in this world. He had the power “to cause panic among the population or in the financial markets”, specifies Gérôme Billois. A tweet from the Apple account about the cessation of iPhone production or several alarmist messages published simultaneously from the profiles of personalities followed by tens of millions of people could have had much more serious consequences.
“The most likely scenario is that he is a relatively talented hacker who discovered a flaw in the Twitter system and was quick to take advantage of it before he was discovered,” said Gérôme Billois.
Another hypothesis, which should not be ruled out according to this cybersecurity expert, is that this bitcoin fraud would only be a “false lead”. “It would be like the NotPetya virus [en 2017, NDLR] which seemed like a ransomware designed to attack computers randomly in the world, when the real target was very accurate, “recalls Gérôme Billois. The CIA ended 2018 that it was a Russian cyber attack specifically aimed at destabilizing the Ukrainian financial system.
In the Twitter hacking case, the few harvested bitcoins could have simply been used to divert attention. “It’s still too early to say what it’s about. To me it’s like piloting a new TV series,” felt on Twitter Felix Salomon, a cybersecurity journalist from Axio’s news website.
A phone number, private messages, a thousand possibilities
Because anchoring these famous Internet users on Twitter not only offers the ability to post messages. In order to commit their crime, cybercriminals have taken control of a moderator account on Twitter, which allows them, at the very least, to post, close accounts and have access to the information provided, which is a telephone number, “lists Gérôme Billois. it is likely that it is possible as a moderator to see private messages, states the New York Times.
This opens up a wide range of opportunities for an cybercriminal. With the phone number, he can “commit a very fashionable type of fraud in the United States, called swimming exchange”, states the French expert. It is for a criminal to convince the telephone operator of his victim that the SIM card has been “lost” and that it is now necessary to link the number to the SIM card for cybercrime. The latter can then use their phone to confirm via SMS the password reset for an entire series of accounts, such as email, Instagram or LinkedIn. This is Jack Dorsey, the head of Twitter, had his own account hacked on the microblogging service platform 2019.
Private messages, in turn, can provide elements that may interest the first blackmailer to arrive. Celebrities who are victims of this hacking, such as Kanye West or Kim Kardashian, may well be willing to pay dearly so that their private conversations on Twitter do not end up in the public square. These exchanges can also be used to put pressure on a politician, like Joe Biden, or a businessman, like Elon Musk.
Risk to international security?
If that were the case, Wednesday’s operation would no longer be piracy for purely lucrative purposes, but rather a “broader operation of influence”, extrapolates Gérôme Billois. At the moment, there is nothing to confirm that the cybercriminals had anything in mind other than greed. However, the success of the attack proved that it was possible to access the secret Twitter gardens of some of the most powerful users of the social network.
One way to limit the risks would be to make it “impossible from a single moderator account to pose as so many prominent personalities”, suggests Gérôme Billois.
Still, this case poses “a potential international security problem,” said Casey Newton, an IT security specialist for The Verge. Twitter has become more and more established in recent years as a diplomatic channel among others used by world leaders, whether it be US President Donald Trump, Iranian Ayatollah Ali Khamenei or the young guard of Chinese diplomats.
Public opinion is used to seeing international relations develop via tweets. But hacking of the platform has shown its fragility. A big blow when it comes to image for Twitter. If Barack Obama can no longer tweet securely and Internet users can no longer be sure that the messages are valid, the social network will lose part of its raison d’être.