This week’s brazen Twitter hack should serve as a major wake-up call on the security risks posed by social media, experts have warned.
Apple, Uber, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Kanye West, and Kim Kardashian were among those targeted in the hack that rocked the internet on Wednesday, which saw a string of high-profile accounts tweet out a cryptocurrency scam to millions of followers.
Hackers sent tweets from the captured accounts with messages such as “Feeling greatful [sic], doubling all payments made to my Bitcoin address,” and calling on followers to transfer $1000 in Bitcoin.
Some Twitter users fell for it, with the scam account receiving more than $160,000 worth of Bitcoin by the end of the day.
Twitter took the drastic step of temporarily suspending all verified ‘blue tick’ accounts as it scrambled to respond to the hack.
While most hacks go unsolved, it has been reported that a Twitter insider was behind the major security breach.
Twitter boss Jack Dorsey promised to share “everything we can when we have a more complete understanding of exactly what happened”.
Is a ‘global security crisis’ brewing?
Hacks of high-profiled social media accounts have the potential to be catastrophic, warned University of Melbourne digital ethics researcher Kobi Leins.
“For those of us who have been watching a space, this is not new,” Dr Leins said of this week’s Twitter hack.
“In 2013, we saw a similar type of hack with very different outcomes where someone hacked the AP [Associated Press] Twitter handle and reported that there’d been explosion at the White House,” she explained.
“What happened was the stockmarket went crazy, because there was not an understanding at that time that social media could be interfered with, and that it could have such a huge impact so quickly on such a scale that humans couldn’t really intervene.”
The hacked tweet resulted in more than US$130 billion being wiped from the stock market in seconds.
By comparison, this week’s Twitter hack is “actually fairly low stakes”, Dr Leins said.
“Yes, some money has been stolen. The biggest cryptocurrency, which is supposed to be a trustworthy currency, actually hiding a hacking is interesting. But what’s more problematic is if something similar were to happen, let’s say, prior to an election about a presidential candidate,” she said.
What would happen if information regarding one country attacking another were to be spread in this way?
“The problem is that we’re relying on the sources that we think are absolutely indestructible and impenetrable, when in fact, they’re just not.”
US tech website The Verge warned that the hack could trigger a “global security crisis”.
“Bitcoin scammers won’t be the last people to take over verified accounts – and we should be very, very worried about who else will,” The Verge‘s Casey Newton wrote.
The Twitter breach shows that “no one is safe” from hacks, Swinburne University digital media expert Belinda Barnet said.
“These are very high-profile people, and they have millions of followers. For a couple of moments there, these accounts were under the control of hackers,” Dr Barnet told ABC News.
“It does tell us that no one is safe from this and that even important accounts with millions of followers can be compromised and that perhaps we shouldn’t trust everything that we read.”
How to avoid being hacked
Cyber scammers “will only succeed if people fall for their unlikely messages – which rely on people suspending their disbelief simply because the tweet comes from a celebrity or someone they are inclined to trust”, said Paul Ducklin, principal research scientist at cybersecurity firm Sophos.
Mr Ducklin said that Australians can protect themselves by heeding three pieces of advice.
If a message sounds too good to be true, it is too good to be true
“If Musk, Gates, Apple, Biden or any well-known person or company wanted to hand out huge amounts of money on a whim, they wouldn’t demand that you hand them money first,” Mr Ducklin said.
“That’s not a gift, it’s a trick, and it’s an obvious sign that the person’s account has been hacked.”
Cryptocurrency transactions don’t have legal protections
“There is no fraud reporting service or transaction cancellation in the world of cryptocurrency,” Mr Ducklin said.
“Sending someone cryptocoins is like handing over banknotes in an envelope – if they go to a crook, you will never see them again.”
Look out for any and all signs that a message might not be real
“Crooks don’t have to make spelling mistakes or get important details wrong, but often they do, like the word ‘greatful’ in the example above,” Mr Ducklin said.