Connect with us

Latest News

Hackers blew Twitter ‘god mode’ on shenanigans



This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

Twitter got hacked in spectacular fashion last night.

Let me rephrase that: A hack of Twitter became public in spectacular fashion last night. Exactly when a hacker compromised a Twitter employee—or employees—and gained access to privileged, email address-resetting administration tools remains unclear.

“We are certain that it happened before yesterday,” said Roi Carthy, the chief marketing officer at Hudson Rock Intelligence, an Israeli cybersecurity firm that has been tracking a spree of account takeovers that culminated in last night’s fiasco. Carthy guesses the hackers had access to the tooling for “anywhere between 48 hours and a month.”

A screenshot of a cell phone

Description automatically generated

Screenshot of internal Twitter tool likely used to compromise people’s accounts. Personally identifying information has been blotted out. Courtesy of Hudson Rock Intelligence.

Twitter did not respond to Fortune’s request for comment, but the company seems to be trying to determine the duration and extent of the hacking too. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” a Twitter spokesperson said in a statement.

The account takeover spree—which hit Elon Musk, Barack Obama, Apple, and many others—appears to have originated on a forum for buying and selling hacked Twitter and Instagram accounts, called OG Users. At some point, the hackers pivoted to conduct a Bitcoin-related scam, trying to trick people into sending cryptocurrency their way.

Some of the first notable accounts taken over were those of prominent cryptocurrency companies, like Coinbase, Binance, and Gemini. The hackers eventually turned to larger prey, like presidential candidate Joe Biden and Amazon founder Jeff Bezos.

In the end, the scam reaped around 13 Bitcoins, north of $100,000 at the current market price. Of course, the fraudsters would be crazy to attempt to cash out the loot as any cryptocurrency movements will be carefully scrutinized by law enforcement. (A preliminary analysis by Chainalysis, a blockchain tracking firm, suggests that at least some of the money came from accounts controlled by the hackers themselves, likely “to make it seem like more people are participating and benefiting from the scam,” the firm speculated.)

All this leaves me wondering: Why did the hackers blow their access to Twitter “god mode” on, for lack of a better term, shenanigans?

There are better ways to make a quick buck, after all. Why not dig into people’s DMs for blackmail material? (or maybe they did and we just don’t know yet!?) Why not short Tesla stock, say, while falsely tweeting from CEO Elon Musk’s account that he is resigning his post? (Too sophisticated, or traceable?) The gang could have reaped a fortune any number of ways.

Instead, the hackers used their powers to send the equivalent of spam messages. Alex Stamos, the former chief security officer of Facebook, commented in a—what else?—tweet that criminals can be foolish. A hacker once similarly used a string of prized Facebook bugs to spam people, he said. Criminals aren’t always the sharpest.

Twitter’s wreckage reminds me of another huge cybersecurity debacle from a few years ago: the Mirai botnet “distributed denial of service” attacks of 2016. Those hackers got their start in online forums devoted to hacking Minecraft, the Microsoft videogame. Eventually, their mischief spiraled out of control and led to widespread Internet outages.

Perhaps as Wednesday’s situation got out of hand, the hackers amplified their hi-jinx for the lulz. Perhaps they did it for street cred. Or perhaps, as Batman’s loyal butler Alfred once put it, “Some men just want to watch the world burn.”

We’ll have to wait for Twitter’s investigation to conclude to understand what the hackers had access to, for how long, and why they burned their tool so publicly. Let’s just be grateful they didn’t try to start a war using President Trump’s account.

Robert Hackett


This edition of Data Sheet was curated by Aaron Pressman.

Continue Reading