The massive Twitter hack that took place yesterday has moved beyond the screen and into the real world—with potentially very real consequences, as the FBI and US Senate want answers.
Yesterday’s hack turned the world’s leaders and billionaires, among them Barack Obama, Joe Biden and Elon Musk, into puppets for a crypto scam as old as Bitcoin itself: send the hackers some Bitcoin, and they’ll send you even more in return.
And it worked—to some degree. The hackers profited roughly $120,000 in about four hours. Twitter said it believes the hack was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
The US government is concerned about the data security of Twitter’s users—most of whom are based in the US—as well national security concerns. The FBI has launched an investigation; the chairman of the Senate Commerce Committee asked Twitter to brief it on the incident and another Senate member, US Senator Josh Hawley, sent a letter to Twitter CEO Jack Dorsey expressing his concerns and demanding a full explanation.
“At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement, reported Reuters. It advised the public “not to fall victim to this scam” by sending money to the address.
Several companies have been contacted by the FBI about the hack, among them the cyber services company Unit 221b and blockchain analysis company Chainalysis, according to The Wall Street Journal.
Republican Senator Hawley, who has led investigations into Google and Facebook, told Dorsey in his letter that, since millions of people use Twitter to tweet publicly and communicate privately, “a successful attack on your system’s servers represents a threat to all of your user’ privacy and data security.”
Twitter said that it has “no evidence that attackers accessed passwords,” and said it’s not necessary for users to change passwords. It said it has taken “significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Senator Roger Wicker, the Chairman of the Senate Commerce Committee said the hack unearthed “larger concerns about social manipulation and disinformation online.”
Given that many of the Twitter accounts had millions of followers each, “it is not difficult to imagine future attacks being used to spread disinformation or otherwise sow discord through high-profile accounts, particularly through those of world leaders,” he said in his letter.
Social media sites are already used by political parties to spread misinformation and to harvest data. The 2018 Cambridge Analytica scandal exposed how political campaigners harvest data about their users for political advertising.
The Quint yesterday documented how fake Twitter accounts trump up China’s army while bashing India. Even the cryptocurrency XRP has its own Twitter army, composed of thousands of bots that rally around the coin.
Wicker requested that Dorsey “arrange for [his] staff to brief the Committee staff on this issue as soon as possible, but no later than July 23, 2020.”
Arnold Spencer, General Counsel at Coinsource, told Decrypt that Dorsey isn’t compelled to testify. “Dorsey can appear voluntarily or can choose to decline to appear. If he does appear, he can choose to answer any particular question or choose to decline to answer a particular question,” he said.
But Congressional Committees have the authority to issue subpoenas and to compel individuals to appear and testify, said Spencer. This voluntary request may turn into a subpoena when “the witness declines the request and when the Committee feels the witness’s testimony is unique and material to their hearing.”
Dorsey testified before the US Senate in 2018 over social manipulation. There, Joe Barton, a Republican Senator, welcomed Dorsey’s appearance, reported The New York Times: “Without subpoena, and sitting there all by yourself — that’s refreshing.”