Recently, unverified Twitter users were going wild with memes about how verified user accounts had been restricted after a handful of celebrity accounts had been hacked. Hours later it became clear that the hacks were part of a larger, much more sophisticated scam targeting profiles with trusted names.
Revamping an Old Trick
The timeline of events and the public nature of the crime makes it easy to track the actions of the hackers on the fifteenth. Twitter accounts of popular celebrities, politicians, and well-known companies began posting tweets offering Bitcoin giveaways where they promised to double the number of coins to be sent to the included link address. Other accounts of prominent names in Bitcoin finance posted similar links to BTC giveaways.
An age-old trick, money flipping scams are a con many may be familiar with, one that involves someone asking for an initial monetary investment that they then promise to double or even triple. When people think of online scams, they might imagine easy-to-spot spam emails or suspicious downloads, but most online money flipping scams occur over social media.
This most recent hack on Twitter is a curiously high-profile money flipping scam and it may encourage people to be more aware of online scams going forward. But there is speculation that the combination of both the poor decision to lock the verified accounts after the fact in an attempt to lessen the impact of the posts as well as the lacking security on the social media site resulted in the perfect storm for the planned scam. As the story unfolds it may raise larger issues for major social media sites and pose more questions about what their responsibilities are to their users.
An Inside Job
Those examining the event say that the hackers most likely waited until they had control of many accounts and then made their move. And that control was widespread. So widespread that Twitter believes the hackers may have either been involved with or coerced employees of the social media site to gain access to administrative systems.
Social Media Security
Although the breach has brought media attention to both Bitcoin and Twitter, most of the negative judgment seems to be falling on the social media giant’s shoulders. Even among speculation that the hacker may have been using admin keys to gain widespread control over certain verified accounts, some users have spoken out about the short-sighted security options on the site.
For instance, the two-factor authentication, or 2FA, system that users have the option of using was implemented recently. This form of authentication adds another level of protection, but Twitter settings allow for workarounds to their 2FA, essentially rendering it useless when up against tech-savvy attackers.
Twitter isn’t the only social media site receiving criticism for leaving their users vulnerable. TikTok has recently made headlines after the app was shown accessing the clipboard information on devices, although many apps perform functions. Facebook was also feeling the heat for a major data breach not long before that. Events like these have many users rethinking what they put on their phones and computers, and what kind of access they are allowing social media sites to have.
Protecting Your Information
When going online, users should always be alert and aware of threats they are potentially at risk of. Being both skeptical and informed can help put you in a better position to spot suspicious information, especially if it’s coming from a usually reliable source (like Uber, Apple, and Bill Gates whose accounts were all involved in the Twitter hack).
Online users can also practice good “cyber hygiene” and get familiar with how their devices and the sites they use most often work. If there are regulatory boards and recommendations for the sites you frequent like there are with online casinos and certain app markets, read up, and use smart visiting habits.
Following the Trail
A couple of days ago it became known that a 17-year-old teen Graham Ivan Clark “was the mastermind” behind the attack. Moreover, the U.S. Department of Justice found two other people who took part in the attack.
The blockchain system that Bitcoin uses as a ledger serves as a sort of built-in trail of breadcrumbs, so any transactions made with the stolen cryptocurrency are identifiable. One of the benefits of Bitcoin is the pseudo-anonymity that it allows users, but exchanges still need to be tied to a real-world identity.
However, that’s not to say getting away with the more than $110,000 scam is an impossibility. There are still ways to launder or scrub the money, but it certainly isn’t the perfect crime. One way to mix up the trail is relying on online slots and Bitcoin gambling to win back clean money, but it’s risky and time-consuming. Another more probable method is Bitcoin Tumblers, and there are some reports that the hackers may be using Bitcoin wallet mixers to do just that.