Sometimes, a security breach is so startling in its reach and audacity that it becomes a stark reminder of the precarious nature of our collective dependence on computer systems. The particular nature of the attack also serves as a commentary on the times.
The Sony hack of 2014, later blamed on North Korea, exposed deeply embarrassing — and costly — personal and business secrets. The Snowden leaks of 2013 were an unprecedented dump of national security information. The attack on the Democratic National Committee in 2016 led to the leak of emails that might have influenced the outcome of an election.
It’s time for a farcical new addition to this list: the Great Twitter Hack of 2020. If the earlier cases demonstrated the sinister repercussions of computer insecurity, this was apparently a comedy without severe consequence. Attackers briefly took over the Twitter accounts of famous business people, celebrities, politicians and companies to try to trick people into sending them bitcoin.
The proceeds from this scam came to little more than $100,000 — a paltry pay-off given the startling success of the undertaking, and certainly much less than the value of the “earned media” that might normally be associated with tweeting from such influential accounts. The attackers had control for only a brief period — but that was still significant for a system whose value lies in holding mass attention in real time.
Inevitably, the apparently half-baked cryptocurrency element to the attack has led to suspicions that more was going on than meets the eye. While the accounts of Barack Obama, Joe Biden and Michael Bloomberg were taken over, for instance, no senior Republican figures were compromised — so was this really a disguised political assault of some kind? Maybe the miscreants used their access to pry into the direct messages of famous people, and will use these to attempt blackmail — or even to carry out the kind of political leaks that followed the DNC hack?
Until Twitter gets to the bottom of the incident, there’s no way to be sure. But given how much public discourse now takes place in the hall of mirrors that is social media — and the outsized influence now conferred by Twitter celebrity — it has already become an emblematic hack for our times. In the process, it has underlined two things.
The first is that there are some system-wide vulnerabilities that may be impossible to plug. According to Twitter, the attackers tricked some of the company’s employees in order to get internal access to its systems.
To the non-expert, it might seem inexcusable that individuals inside a company should have such control. But security expert Bruce Schneier points out that there is always a human somewhere with a hand on the lever: “Systems need trusted people to operate. Someone had to have control of everything.”
Those humans, in turn, are social creatures who are not above being fooled. The greater the prize, the more effort an attacker will put into the deceit.
The second point highlighted by this week’s debacle is the world’s growing dependence on information networks that are, by their very nature, built on unverified information. As the US enters the final months of a deeply divisive presidential election campaign, it might be tempting to think that the guardians of the most influential information systems have learnt the lessons from the campaign of 2016. Also, the people who rely on those systems — both to communicate and inform themselves — might be expected to be more on guard.
But the scale of the networks, and the world’s dependence on them, has only grown in the past four years. Many official agencies now use Twitter as the default mechanism for pushing out important information. The president of the US has frequently used it as a way to announce new policy — often, before his own advisers know about it. The media’s recourse to treating tweets as the definitive soundbites of our age has turned them into a fetish.
In this environment, what havoc might a more canny and manipulative attacker cause by secretly taking over the accounts of the powerful? What extra doubts might that seed in the public mind about the trustworthiness of political leaders? And how long will it be before the tweeter-in-chief at the White House, after a particularly controversial tweet, claims his Twitter account has been hacked?