Experts Concerned Over Twitter’s Ability to Tweet on Behalf of Users
Cybersecurity experts are warning that the Twitter hack on July 15 shows that the social network needs to strengthen its security in order to avoid a worse black swan scenario with serious consequences.
In the most recent incident, attackers launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims.
The attack could have been worse
Ilya Sachkov, CEO of threat intelligence firm Group-IB, believes the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.” He told Cointelegraph:
“This could have ended far worse, affecting the stock market heavily or even resulting in a geopolitical catastrophe. This is the least they could have done with the God-mode access they had.”
James Carder, chief security officer and vice president of LogRhytm Labs, said that amid international efforts to contain the coronavirus outbreak, hackers are “quickly taking advantage and exploiting the uncertainty of this time” for their financial gain.
Carder said that experts need to evaluate how the attack was possible and pointed out the need to strengthen social media platforms in terms of privacy:
“This hack also brings into concern why — in the first place — Twitter granted its employees with the functionality to tweet on behalf of their customers. It is clear that social media organizations need the ability to manage accounts, and particularly the ability to take down offensive or inappropriate content, the employees should not have access to post an entirely unique Tweet on a user’s behalf. This points to a likely case of too much functionality available in the platform and not enough robust controls.”
Risk of another incident is still high
Brett Callow, threat analyst at malware lab Emsisoft, said that the subsequent security efforts taken by Twitter likely aren’t enough to preclude the possibility of another such incident in the future.
“While Twitter will no doubt work to improve its security, the fact is that there is no completely sure-fire way to prevent account take-overs and similar incidents will almost certainly happen again, though hopefully not on this scale,” he said.
As Cointelegraph previously reported, the hackers who conducted the massive Twitter hijacking do not appear to be sophisticated Bitcoin users, as they left trails leading to and from major exchanges that presumably hold the keys to their identities.