Biden, Gates, other Twitter accounts hacked in Bitcoin scam
SAN FRANCISCO - The scam was a simple message. It asked people to send money to an anonymous Bitcoin account and get double the funds back. More than $100,000 reportedly was collected in the short time, but some cybersecurity experts say it points to a much bigger danger.
"On the one hand we were very lucky in that whoever managed to get this access and carry out this scam seems to have only wanted money and not to carry out, say, a misinformation campaign or start World War III," said Eva Galperin is Cybersecurity Director at the Electronic Frontier Foundation in San Francisco.
Unidentified hackers broke into the Twitter accounts of technology moguls, politicians, celebrities and major companies Wednesday in an apparent Bitcoin scam.
The ruse included bogus tweets from former President Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked. The fake tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
There is no evidence that the owners of these accounts were targeted themselves. Instead, the hacks appeared designed to lure their Twitter followers into sending money to an anonymous Bitcoin account. The Biden campaign, for instance, said that Twitter's integrity team "locked down the account within a few minutes of the breach and removed the related tweet."
Obama's office had no immediate comment. The FBI said it was aware of Twitter's security breach, but declined further comment.
The apparently fake tweets were all quickly deleted, although the Associated Press was able to capture screenshots of several before they disappeared.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said in a series of tweets on its @TwitterSupport handle.
"These are the guys who have sort of God-mode access to the system," said Galperin, "This is not a compromise that you can protect against by turning on two-factor authentication or by changing your passwords."
The company said it immediately locked down the affected accounts and removed the tweets posted by the attackers. It also temporarily blocked verified users from tweeting while the company investigated the issue.
Among the political figures targeted, the hack mostly appeared to target Democrats or other figures on the left, drawing comparisons to the 2016 campaign. U.S. intelligence agencies established that Russia engaged in coordinated attempts to interfere in those U.S. elections through social media tampering and various hacks, including targeting the various campaigns and major party organizations.
"It would be possible to make misleading tweets from all kinds of accounts including the account of President Trump and the accounts belonging to many other world leaders," said Galperin, "It would be possible to tweet misleading things about the election."
The hack might be a simple demonstration of Twitter's weak security controls as the U.S. heads into the 2020 presidential election, a contest in which the service is likely to play an influential role.
The Bitcoin account mentioned in the fake tweets appears to have been created on Wednesday. By the end of the day, it had received almost 12.9 bitcoins, an amount currently valued at slightly more than $114,000. At some point during the day, roughly half that sum in bitcoin was withdrawn from the account.
Bezos, Gates and Musk are among the 10 richest people in the world, with tens of millions of followers on Twitter. The three men are worth a combined $362 billion, according to the latest calculations by Forbes magazine.
The same bogus offer cropped up a second time on Musk's account, which has a history of sometimes befuddling tweets from the eccentric billionaire. Tesla didn't immediately respond to a request for comment.
Gates, who has become one of the world's leading philanthropists since stepping down as Microsoft CEO, confirmed the tweet wasn't from him. "This appears to be part of a larger issue that Twitter is facing," a spokesperson for the billionaire said in a statement.
This is hardly the first time hackers have created mischief on Twitter. Just last year, the account of Twitter CEO Jack Dorsey was broken into and used to tweet racist and vulgar comments.
The latest security breach prompted Sen. Josh Hawley, a Missouri Republican, to send a letter to Dorsey urging him to work with the FBI and the Justice Department on ways to improve Twitter's security.
"A successful attack on your system's servers represents a threat to all of your users' privacy and data security," Hawley wrote.
Investors also appeared to be concerned about potential fallout from the hack affecting Twitter's usage. Twitter's shares fell 3% in extended trading after news of the hack broke.
Associated Press reporter Michael Liedtke contributed to this story.
Jana Katsuyama is a reporter for KTVU. Email Jana at firstname.lastname@example.org and follow her on Twitter
@JanaKTVU or Facebook