FBI Investigates Hacking of Elite Twitter Accounts by Bitcoin Scammers

Twitter revealed yesterday that criminals had briefly taken control of the ‘blue check’ official accounts of a string of famous people including Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Kanye West, and of businesses including Apple and Uber, and then used those accounts to request donations of Bitcoin. As a consequence, the platform locked down accounts of users who recently changed their passwords as part of their investigations. According to Twitter, the accounts were compromised after employees fell victim to social engineering, though they were vague about the details.

In contrast, Vice reported that the hack was deliberately enabled by an insider working for Twitter. The insider was alleged to have been bribed, and the claim was apparently supported by screenshots of a tool used by Twitter employees to administer user accounts.

The scammers may have been sophisticated enough to exploit Twitter employees, but one wonders at the stupidity of anyone who responded to their tweets, which typically said the account holder was going to ‘give to the community’ by promising that anyone who sent them Bitcoin would receive double the amount in return. Nevertheless, the link presented to readers received approximately USD110,000. It is possible that some of this came from the criminals’ own accounts, and was used to further disguise the flow of money.

Twitter said they had now taken significant steps to limit access to internal systems. Many users rightly wondered at why Twitter had designed their systems so that staff could easily and quickly assume control of any user’s account. Rather than answering those questions, Twitter boss Jack Dorsey emphasized how bad he felt.

Dorsey will have to answer questions soon because Senator Roger Wicker, Chair of the Senate Commerce Committee, also made his feelings plain whilst demanding a briefing from the company by Thursday 23rd July at latest.

It cannot be overstated how troubling this incident is, both in its effects and in the apparent failure of Twitter’s internal controls to prevent it

Twitter has a history of blaming telcos when SIM swap fraudsters gain control of Twitter accounts. However, Twitter could learn a few things from businesses like telcos that tend to implement special access controls for VIP accounts.

The San Francisco office of the Federal Bureau of Investigation (FBI) announced they would investigate the breach, and blockchain forensics firms CipherTrace and Chainanalysis reported that they had been asked to help the FBI’s investigation.

FCC Chairman Ajit Pai, who recently instigated a review by the comms regulator of the limits of free speech on social media, took the opportunity to troll Twitter about their embarrassment.

Twitter should rightly be embarrassed about the weakness of their internal controls. Many have already pointed out that malicious actors could have used these prominent accounts to do far more harm than greedily asking for money from gullible people. Much has been said about the incredible stock market valuations of internet platforms like Twitter relative to the number of people they employ. Poor old telcos are compared unfavorably, but failures like this show why fast and loose business practices can lead the value of this kind of business to slide as rapidly as it rose.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.