The FBI is leading a federal inquiry into Twitter’s security breach that saw hackers hijack high profile accounts – as the social media giant scrambles to investigate how its most catastrophic attack yet was able to occur.
Sources say federal investigators are now probing the Twitter attack, which initially appears to have been a bitcoin scam but has sparked fears the hackers could have wreaked havoc on the stock market, meddled in elections or even potentially started a war.
A day on from the breach, which resulted in Twitter stopping all verified accounts from tweeting or resetting their passwords for hours as they tried to contain it, they have still not revealed how it happened or to what extent its internal systems were compromised.
Barack Obama, Joe Biden, Jeff Bezos and Elon Musk were among the victims of the four-hour attack on Wednesday afternoon that saw hackers infiltrate Twitter’s internal systems and post bogus tweets from the high profile accounts asking people to send bitcoin.
The scammers received more than $116,000 worth of cryptocurrency, which equates to 12.8 bitcoin, from over 300 people over the four-hour stretch, according to blockchain records.
Twitter, who have said they are still investigating, has so far indicated at least one of its employees was involved in the attack.
The company described the hack as ‘social engineering attack’, which occurs when a hacker tricks someone into providing their login credentials.
Two people who claimed to be behind the attack, however, anonymously told Vice’s Motherboard that they bribed the Twitter employee for access.
Hackers said the employee used an internal tool to change the email addresses and passwords on the accounts, which gave them access.
While it initially appears on the surface that the hackers were after money, Twitter has not yet confirmed the scope of the breach – meaning it is not clear if the hackers accessed any private information or messages from the accounts they hacked.
Cyber security experts have warned that if the hackers did gain access to private messages, it could open the victims up to blackmail and, in some cases, pose a threat to national security.
The ruse included bogus tweets from Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.
Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The fake tweets tweets offered to send $2,000 for every $1,000 sent to an anonymous bitcoin address.
Twitter employees spent several hours playing whack a mole given they would quickly remove tweets, only for more to pop up on other accounts.
More than an hour after the first wave of hacks, Twitter took the extraordinary step of stopping all verified accounts from tweeting or resetting their passwords for several hours as they struggled to control the security breach.
After about four hours, Twitter revealed that some users had been able to start tweeting again.
In several tweets, Twitter said it believes the incident was a ‘coordinated social engineering attack’ that targeted some of its employees with access to internal systems and tools.
‘We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,’ a tweet from Twitter Support read.
Twitter’s CEO Jack Dorsey briefly addressed the controversy on Wednesday, tweeting: ‘Tough day for us at Twitter. We all feel terrible this happened.
‘We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. Love to our teammates working hard to make this right.’
In a race to identify the hackers, the focus could now fall on the digital footprint they potentially left behind that could offer clues for law enforcement agencies investigating the attack, according to three blockchain analysis companies.
In an unprecedented spree, the unidentified attackers used the accounts of high profile people to solicit bitcoin transfers to a string of digital wallets.
The fraudulent tweets all followed a similar formula, and directed potential victims to send bitcoin to the same anonymous wallet.
‘I am giving back to my community due to COVID-19!’ read the scam tweet posted to Obama’s account.
‘All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!’ the fake message continued.
The message shared on Bezos’ account stated he is ‘only doing a maximum of $50,000,000.’
Although many users knew the gesture was the working of a cybercriminal, others replied they sent money to the listed account. Many Twitter users posted screenshots of bitcoin transfer receipts to the wallet listed in the scam, claiming they had been duped before realizing the scam.
A digital wallet used to consolidate the bitcoin has previously been linked with crypto firms including merchant service providers, US blockchain forensics firm Chainalysis told Reuters – a clue that could aid investigators.
‘They have interacted with service providers that have know-your-customer processes, and law enforcement can work with those service providers to find out who can be behind those accounts,’ spokeswoman Maddie Kennedy said.
Bitcoin allows users to send and receive funds without revealing their personal identity. Yet its movements are recorded on the blockchain, a publicly viewable digital ledger that underpins the crypto currency.
By tracing illicit bitcoin to exchanges and crypto payment firms where identification is required, investigators can potentially pinpoint criminal suspects.
‘In bitcoin it’s very difficult to transact without leaving some clues on the blockchain,’ said Tom Robinson of Elliptic, a London-based blockchain analysis firm.
One of the wallets used in the hack has transacted with exchanges in the past, Robinson said.
Since 2016, blockchain analysis firms including Elliptic, Chainalysis and California-based Cipher Trace have won contracts with US government agencies including the FBI and Drug Enforcement Administration, according to a database of US government contracts.
While the hack is thought to be one of the largest in history, experts have warned that Twitter was ‘extremely lucky’ the hackers appeared to only be after money and that it ‘could have been much worse’.
‘This appears to be the worst hack of a major social media platform yet,’ said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
One intelligence official who spoke to the New York Times said the thought of anyone getting access to the accounts of world leaders was ‘scary’.
Other officials said that an ‘amatuerish’ individual was likely behind the attack rather than a state, but warned North Korea, Russia, and China – all of which have state-level hacking operations – could exploit the flaws it exposed.
Had the breach been carried out by a foreign state, the officials said, then the stock market would have been a prime target.
Elon Musk managed to cause ‘significant disruption’ to markets himself back in 2018 when he tweeted that he was thinking of making Tesla a private company. It caused Tesla’s stock price to jump by six per cent – meaning hackers with control over his account could have easily used it to influence markets again.
The accounts of Bill Gates and Jeff Bezos could have been used in a similar way.
Meanwhile Adam Conner, vice president for technology policy at the Center for American Progress, warned that seizing control of the accounts of politicians such as Biden could have serious consequences for the upcoming US elections.
‘This is bad on July 15 but would be infinitely worse on November 3rd,’ he tweeted.
US lawmakers are now demanding an explanation from Twitter.
Republican Senator Josh Hawley, a tech critic, sent a letter to Dorsey, demanding more answers on the impact and scope of the breach.
‘Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,’ he wrote.
‘A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.’
Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee that oversees a sizeable portion of US tech policy, said in a tweet the company ‘needs to explain how all of these prominent accounts were hacked.’
‘While this scheme appears financially motivated…imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market, or upset our international relations,’ Senator Ed Markey, a Democrat, said in a statement.
The breach is certain to refocus attention in Washington on social media companies, which have already attracted the concern of critics on both the left and the right because of their vast reach, security and privacy policies, and impact on political discourse.
Other political figures impacted in Wednesday’s attack included Rep. Alexandria Ocasio-Cortez and former Democratic presidential candidate Mike Bloomberg.
Of the politicians affected by the breach, all appeared to be Democrats.
President Trump’s account, a high-profile target, was not affected.
It is possible that Twitter has additional restrictions on the accounts of world leaders that make it impossible for most of its own employees to access them.
Trump has been embroiled in a feud with Twitter in recent months, after the social media site began slapping warning and fact-checking labels on some of the president’s tweets.
Following Wednesday’s breach, Biden’s campaign was ‘in touch’ with Twitter, according to a person familiar with the matter.
The person said the company had locked down the Democrat’s account ‘immediately following the breach and removed the related tweet.’