{"id":21389,"date":"2020-07-18T05:45:32","date_gmt":"2020-07-18T05:45:32","guid":{"rendered":"https:\/\/www.lifeandnews.com\/articles\/?p=21389"},"modified":"2020-07-24T13:53:54","modified_gmt":"2020-07-24T13:53:54","slug":"twitter-hack-exposes-broader-threat-to-democracy-and-society","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/twitter-hack-exposes-broader-threat-to-democracy-and-society\/","title":{"rendered":"Twitter hack exposes broader threat to democracy and society"},"content":{"rendered":"<p><a href=\"https:\/\/theconversation.com\/profiles\/laura-denardis-971364\">Laura DeNardis<\/a>, <em><a href=\"https:\/\/theconversation.com\/institutions\/american-university-school-of-communication-2885\">American University School of Communication<\/a><\/em><\/p>\n<p>In case 2020 wasn\u2019t dystopian enough, <a href=\"https:\/\/krebsonsecurity.com\/2020\/07\/whos-behind-wednesdays-epic-twitter-hack\/\">hackers on July 15 hijacked the Twitter accounts<\/a> of former President Barack Obama, presidential hopeful Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian and Apple, among others. Each hijacked account posted a similar fake message. The high-profile individual or company wanted to philanthropically give back to the community during COVID-19 and would double any donations made to a bitcoin wallet, identical messages said. The <a href=\"https:\/\/www.bbc.com\/news\/technology-53425822\">donations followed<\/a>.<\/p>\n<p>The hack on the surface may appear to be a run-of-the-mill financial scam. But the breach has chilling implications for democracy.<\/p>\n<h2>Serious political implications<\/h2>\n<p>As a scholar of internet governance and infrastructure, I see the underlying cybercrimes of this incident, such as hacking accounts and financial fraud, as far less concerning than the society-wide political implications. Social media \u2013 and Twitter in particular \u2013 is now the public sphere. Using a hijacked account, it would be simple to wreak economic damage, start a national security crisis or create a social panic.<\/p>\n<p>Consider some of the potential threats to society posed by the takeover of technology infrastructure.<\/p>\n<ul>\n<li>Market stability. Coordinated rogue tweets from the accounts of Apple, Facebook, Google, Netflix and Microsoft could easily crash the stock market, at least temporarily, eroding confidence in markets.<\/li>\n<li>Societal panic. A false warning about an impending terrorist attack from a major media company account could create a dangerous public panic.<\/li>\n<li>National security. Twitter is the platform of choice for President Donald Trump. A foreign adversary hijacking his account and announcing a nuclear strike on North Korea could be catastrophic.<\/li>\n<li>Democracy. Hijacked accounts could sow well-timed political disinformation that sways or seeks to delegitimize the 2020 presidential election.<\/li>\n<\/ul>\n<p>As such, what happened is not about financial crime. It is a serious threat to us all.<\/p>\n<figure class=\"align-center \"><img src=\"https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\" sizes=\"(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px\" srcset=\"https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=391&amp;fit=crop&amp;dpr=1 600w, https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=391&amp;fit=crop&amp;dpr=2 1200w, https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=391&amp;fit=crop&amp;dpr=3 1800w, https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=492&amp;fit=crop&amp;dpr=1 754w, https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=492&amp;fit=crop&amp;dpr=2 1508w, https:\/\/images.theconversation.com\/files\/348175\/original\/file-20200717-19-1vhb5da.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=492&amp;fit=crop&amp;dpr=3 2262w\" alt=\"Screen shot of Joe Biden's hacked account.\" \/><figcaption><span class=\"caption\">Screen shot of Joe Biden\u2019s hacked account.<\/span><br \/>\n<span class=\"attribution\"><span class=\"source\">Twitter via the New York Times<\/span><\/span><\/figcaption><\/figure>\n<p>Politicians are rightly calling for hearings and investigations. The House Committee on Oversight and Reform ranking member, Kentucky Republican James Comer, <a href=\"https:\/\/republicans-oversight.house.gov\/wp-content\/uploads\/2020\/07\/Letter-to-J.-Dorsey-re-Twitter-hack-071620.pdf\">issued a letter demanding answers from Twitter<\/a> CEO Jack Dorsey about what happened. New York Governor Andrew Cuomo <a href=\"https:\/\/www.governor.ny.gov\/news\/governor-cuomo-directs-state-conduct-full-investigation-twitter-hack\">ordered a full investigation of the hack<\/a>, warning that \u201cForeign interference remains a grave threat to our democracy.\u201d<\/p>\n<p>The <a href=\"https:\/\/www.theverge.com\/2020\/7\/16\/21327701\/fbi-twitter-hack-attack-investigation-national-security-risk-cybersecurity\">FBI is investigating<\/a> the incident.<\/p>\n<h2>Social engineering<\/h2>\n<p>On the day of the attack, Dorsey <a href=\"https:\/\/twitter.com\/jack\/status\/1283571658339397632\">tweeted<\/a>, \u201cTough day for us at Twitter. We all feel terrible this happened.\u201d But <a href=\"https:\/\/threatpost.com\/the-great-twitter-hack-what-we-know-what-we-dont\/157538\/\">what did happen<\/a>?<\/p>\n<div data-react-class=\"Tweet\" data-react-props=\"{&quot;tweetId&quot;:&quot;1283571658339397632&quot;}\"><\/div>\n<p>Twitter <a href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1283957911841054721\">disclosed that approximately 130 accounts<\/a> were affected and that \u201cattackers were able to gain control of the accounts and then send Tweets from those accounts.\u201d The affected accounts seemed to be \u201cverified accounts\u201d with the blue check mark meant to authenticate the identities of high-profile public figures.<\/p>\n<p>Because these accounts are potential hacking targets, Twitter recommends <a href=\"https:\/\/help.twitter.com\/en\/managing-your-account\/twitter-verified-accounts\">additional security<\/a> such as having a <a href=\"https:\/\/theconversation.com\/the-age-of-hacking-brings-a-return-to-the-physical-key-73094\">second log-in verification check<\/a>, and requiring personal information such as a phone number to reset a password.<\/p>\n<p>How were the accounts taken over? There are two general possibilities: Either hackers gained the login credentials, including passwords, or gained access to systems from inside the company. Twitter has, as of this writing, <a href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1283591846464233474\">described the attack<\/a> as having \u201csuccessfully targeted some of our employees with access to internal systems and tools.\u201d In other words, it may have originated inside Twitter\u2019s secure system.<\/p>\n<p>But this explanation raises more questions. Are Twitter employees (or hackers) with unauthorized access to \u201cinternal systems\u201d actually able to tweet from the account of someone like Joe Biden? Another major question is whether the hackers also were able to <a href=\"https:\/\/techcrunch.com\/2020\/07\/16\/twitter-passwords-hack-direct-messages\/\">read the private direct messages in each of these accounts<\/a>.<\/p>\n<p>To begin to regain trust, Twitter will have to clarify what happened and explain what the company will do to mitigate such an attack in the future.<\/p>\n<figure class=\"align-center zoomable\"><a href=\"https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip\"><img src=\"https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\" sizes=\"(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px\" srcset=\"https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=1 600w, https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=2 1200w, https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=3 1800w, https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https:\/\/images.theconversation.com\/files\/348183\/original\/file-20200717-25-nho9lt.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w\" alt=\"person working at computer screens\" \/><\/a><figcaption><span class=\"caption\">Outsiders were apparently able to take over Twitter accounts of high-profile individuals by \u2018social engineering,\u2019 which allowed them to convince Twitter employees to provide access to its systems.<\/span><br \/>\n<span class=\"attribution\"><a class=\"source\" href=\"https:\/\/www.gettyimages.com\/detail\/photo\/rear-view-of-female-computer-hacker-coding-at-desk-royalty-free-image\/1159379067?adppopup=true\">Maskot via Getty Images<\/a><\/span><\/figcaption><\/figure>\n<p>In terms of the tactics used, <a href=\"https:\/\/twitter.com\/TwitterSupport\/status\/1283591846464233474\">Twitter described the incident<\/a> as having used social engineering, a term that refers to a cyberattack exploiting some human action. Examples include phishing attacks that prompt someone to click on a malicious link in an email or divulge a password or personal information. These techniques date back decades, such as the infamous <a href=\"https:\/\/www.cnn.com\/2020\/05\/01\/tech\/iloveyou-virus-computer-security-intl-hnk\/index.html\">I Love You attack of 2000<\/a>, when emails with the subject line \u201cI Love You\u201d prompted people to download a virus-infected file, creating massive economic damage to companies. It can be a <a href=\"https:\/\/www.wired.com\/2012\/08\/apple-amazon-mat-honan-hacking\/\">range of activities<\/a> aimed at deceiving people into providing information useful to another party, such as a hacker trying to penetrate a company\u2019s network.<\/p>\n<p>The essential feature of a social engineering attack is that a human being is prompted to make an error in judgment. If anyone ever thought an individual has no agency in cybersecurity, simply recall the Democratic National Committee <a href=\"https:\/\/theconversation.com\/spearphishing-roiled-the-presidential-campaign-heres-how-to-protect-yourself-68274\">email data breach<\/a> in advance of the 2016 U.S. presidential election. That incident in part originated via a phishing attack that tricked someone <a href=\"https:\/\/techcrunch.com\/2019\/04\/18\/mueller-clinton-arizona-hack\/\">into disclosing email credentials<\/a>. Cybersecurity is a problem of human psychology and cyberliteracy as well as a complex technical area. Not only do Twitter employees appear to be victims of social engineering, according to the initial explanation, but so too were those people who were tricked into giving bitcoin donations.<\/p>\n<h2>Not just a tech company problem<\/h2>\n<p>Cybersecurity is the great human rights issue of our time simply because the security of everything in our society \u2013 from elections to health care to the economy \u2013 is dependent upon the security of the digital world. Private companies now mediate the public sphere and so they bear great responsibility for this security. From the <a href=\"https:\/\/www.npr.org\/2019\/10\/30\/774749376\/facebook-pays-643-000-fine-for-role-in-cambridge-analytica-scandal\">Facebook Cambridge Analytica scandal<\/a> to the <a href=\"https:\/\/www.nytimes.com\/2017\/10\/03\/technology\/yahoo-hack-3-billion-users.html\">Yahoo! data breach<\/a>, tech companies have had trust problems. At the same time, the <a href=\"https:\/\/theconversation.com\/societys-dependence-on-the-internet-5-cyber-issues-the-coronavirus-lays-bare-133679\">COVID-19 pandemic lays bare how much we need the digital world<\/a> and must get cybersecurity right.<\/p>\n<p>The disclosure that the Twitter hack originated via a social engineering technique is a reminder that cybersecurity is an individual human responsibility as much as a technical or institutional one. We are <a href=\"https:\/\/theconversation.com\/cybersecuritys-weakest-link-humans-57455\">all responsible<\/a>. Twitter was originally not designed to be something so politically relevant. Now we all know it is. That\u2019s why this latest attack is so serious.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img loading=\"lazy\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" src=\"https:\/\/counter.theconversation.com\/content\/142948\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" \/><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https:\/\/theconversation.com\/republishing-guidelines --><\/p>\n<p><a href=\"https:\/\/theconversation.com\/profiles\/laura-denardis-971364\">Laura DeNardis<\/a>, Professor and Interim Dean, <em><a href=\"https:\/\/theconversation.com\/institutions\/american-university-school-of-communication-2885\">American University School of Communication<\/a><\/em><\/p>\n<p>This article is republished from <a href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a href=\"https:\/\/theconversation.com\/twitter-hack-exposes-broader-threat-to-democracy-and-society-142948\">original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Laura DeNardis, American University School of Communication In case 2020 wasn\u2019t dystopian enough, hackers on July 15 hijacked the Twitter accounts of former President Barack Obama, presidential hopeful Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian and Apple, among others. Each hijacked account posted a similar fake message. The high-profile individual or company wanted to [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":21390,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[614,612,793,549,702,255,4787,486],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/21389"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=21389"}],"version-history":[{"count":2,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/21389\/revisions"}],"predecessor-version":[{"id":21458,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/21389\/revisions\/21458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/21390"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=21389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=21389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=21389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}