Text Size
12 Oct 2023

Hack attacks. The unsocial side of social media

Online Safety - Hacking

For anyone using the Internet, but particularly for older people who are often the target of hackers and cyber criminals, it is important to deal with reputable organisations for security and information.  A very high profile case from July 2020 demonstrates how easy, and even damaging, being too trustworthy can be.

The facts of the case weren’t necessarily that spectacular.  That is until the names of those involved in the ‘hack attack’ were revealed.  When names like Barack Obama, Bill Gates, Jeff Bezos, and Elon Musk make the headlines it is a big story on anyone’s terms.  All the more so as clearly wealth and power are no protection from a ‘hack attack’.

Given the big names involved there might be a tendency to think this level of hacking is someone else’s problem.  As in ‘this will never happen to me.’ In fact, this is a major revelation and wake up call for anyone who uses the Internet for anything.  Again, for older people, two questions should be safely and satisfactorily answered.   

Is security really that secure and trustworthy?  Equally, is the information that appears on the Internet reliable, factual, credible, and most importantly safe? 

The Great Twitter Hack of 2020 broke with the revelation that some very high profile Twitter accounts had been taken over by a group of what was described as only ‘moderately’ skilled hackers.  With the ‘ringleader’ of the raiding party 17 years old at the time.   

Two red lights of concern started flashing.  How could an IT giant like Twitter have their security breached?  The bigger worry was the degree of faith and misplaced trust that people have in social media.  A guiding rule is this:  If it seems implausible or too good to be true it probably is. 

This is how the Twitter hack story unfolded.  On July 15 2020, followers of Jeff Bezos on Twitter saw an unusual tweet from the world’s richest man. Bezos is regarded as a shrewd businessman and the company he leads, Amazon, is a global economic superpower.  To most it seemed jarringly out of character that such a person would post the following bizarre tweet (a posting on Twitter): “I have decided to give back to my community. All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $50,000,000.”

The Internet hosts all sorts of non-factual information including opinions, false news and outright lies.  Just because it appears to be credible it is not necessarily so. 

If a ‘normal’ person received this kind of message in an email, they would probably disregard it as one of those offers that has to be a scam.  Particularly on the ‘common sense’ principle of being too good to be true.  With Bezos’s name linked to it, however, it gained authenticity.  That is why people did fall for the scam and did send bitcoin to the scammers behind this hack. In short while the Amazon founder might be trustworthy and pass the scrutiny, the cybersecurity systems at Twitter were anything but.  

Socially engineered   

Based on the information provided in the United States court proceedings, Twitter was a victim of a what was then a new phenomenon known as social engineering.  As in when scammers ‘engineer’ situations to trick people into doing things such as sharing their passwords. In this case, a gang of hackers socially engineered some staff members at Twitter and got their user credentials (usernames and passwords).

The hackers then used these employees’ credentials to do more social engineering on other Twitter employees tricking them into sharing their credentials. Before too long, the gang of hackers had gained enough usernames and passwords to take control of Twitter’s computer systems and take over the accounts of some of the most famous users on site.

The theft of trusted identities was much more concerning than the theft of the money.

While these hackers only stole about $177,000 USD worth of bitcoins in their digital heist, more highly skilled hackers could steal a lot more money from innocent people.  Simply by exploiting this blind trust in information seemingly provided by trusted figures on social media.

While these hackers were only common cybercriminals looking to steal bitcoins from gullible Twitter users, imagine how much harm could be caused by more dangerous hackers stealing the identity of an important political figure.

The different ‘what if’ scenarios are endless, but the lessons learned are crystal clear. 

Imagine if a major public figure’s social media account was used to tweet a declaration of war. In the world of CoVID-19 what if the World Health Organisation’s social media account was hacked to spread dangerous misinformation about public health and safety. Or, in financial circles, a global panic could be created leading to social disorder.  Farfetched though it might seem the capabilities are there.

That is why as users of the Internet we all need to push for, and create, stronger controls to limit the potential for these companies to cause harm.

The full force of the law  

The Twitter hackers had previously focused on hacking regular people and had been able to fly under the radar of authorities, which allowed them to enjoy commercial success in the hacking underworld. This all changed once they targeted Twitter and compromised the accounts of some of the most powerful people in the world.  Their ambitions clearly outstripped their capabilities. 

While these hackers were able to cause significant mischief and harm, they were easy to trace due to their lack of professional cybersecurity skills. The investigation into the hack involved the ‘heavyweights’ of US law enforcement including the United States Secret Service, the FBI, and the IRS. It revealed that the hackers were involved in organised crime, working as a gang to hack and sell stolen accounts online. Forum posts show that the gang would take “hacker for hire” requests from customers who paid them to steal other people’s social media accounts. Three young men believed to be responsible for the hack have now been arrested and charged with a range of criminal offences.

While this is the end of the line for them many more criminals lurk in the Internet. Again, keep sensible, keep safe and keep enjoying the positive aspects of the Internet. 

 

Feedback welcomed

We'd like to hear your thoughts on this information about ageing

Click here to submit your feedback.

Date Published:  September 2020

Reviewed: September 2022

To be reviewed: September 2025