On the day of what appears to be the largest breach in Twitter’s history, US Senator Josh Hawley pens an open letter to Twitter CEO Jack Dorsey asking him to explain what happened as fingers point to Twitter employees involved in the scam.
— Josh Hawley (@HawleyMO) July 16, 2020
Yesterday, high profile accounts on Twitter were compromised and taken over in an apparent bitcoin-related scam, although the full scale of the attack has yet to be publicly assessed.
The Twitter accounts affected by the breach included those of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, and others.
On Wednesday Senator Hawley called on Twitter to work with the FBI and DOJ to better secure its platform and asked that Dorsey answer the following questions:
- Did this event represent a breach of users’ own account security or of Twitter’s systems?
- Were accounts protected by two-factor authentication successfully targeted in this breach? If so, how was this possible?
- Did this breach compromise the account security of users whose accounts were not used to share fraudulent posts? If so, how many accounts were affected? Were all accounts’ security compromised by this breach?
- How many users may have faced data theft as a consequence of this breach?
- What measures does Twitter undertake to prevent system-level hacks from breaching the security of its entire userbase?
- Did this attack threaten the security of the President’s own Twitter account?
Shortly after Twitter acknowledged the “security incident” all blue-checked accounts were temporarily suspended from tweeting on Wednesday evening.
Fingers point to an inside job
In a bizarre turn of events, Joseph Cox wrote in Motherboard that the bitcoin heist was allegedly made possible by a Twitter employee who helped the scammers pull it off.
Cox wrote that Motherboard was in contact with “two sources who took over accounts,” with one source declaring, “We used a rep that literally done all the work for us.”
The second source said that the Twitter employee was paid to take over the high profile accounts.
Backing up these claims, Twitter issued a statement saying that it believes some of its employees with access to internal systems and tools were successfully targeted.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
Statements from the anonymous sources, along with screenshots obtained by Motherboard, suggest that Twitter employees on the inside were able to access the high-profile accounts using an internal tool at Twitter.
Screenshots expose more evidence of Twitter shadowbanning with ‘Trends’ & ‘Search’ blacklists
Screenshots of the alleged internal tool, if proven to be authentic, raise even more alarm bells about the inner workings of the platform.
The screenshots showed colored buttons, on two of which were written, “Trends Blacklist” and “Search Blacklist.”
Twitter has long claimed not to shadow ban, and the public isn’t privy to what exact trends and searches may be blacklisted, but seeing buttons for blacklisting trends and searches is concerning to many users with serious questions about the platform’s integrity.
I can’t post the linked screenshots from Twitter’s admin panel but I have to ask
What is “search blacklist” and “trends blacklist” pic.twitter.com/f6DAw3zzqu
— Tim Pool (@Timcast) July 16, 2020
Twitter tells you straight up, “We do not shadow ban,” but Twitter admits to making content more difficult to find, which in my opinion sounds like a part of shadowbanning.
“You are always able to see the tweets from accounts you follow (although you may have to do more work to find them, like go directly to their profile). And we certainly don’t shadow ban based on political viewpoints or ideology,” reads a Twitter blog post from 2018 (emphasis mine).
We caught a Twitter software engineer RED HANDED when he admitted that Twitter #ShadowBans to our undercover journalist. Twitter will never admit it: “it’s a lot of bad press if, like, people figure out that you’re like shadow banning them. It’s like, unethical in some way.” pic.twitter.com/MmBGKohWLj
— James O’Keefe (@JamesOKeefeIII) July 26, 2018
Wednesday’s Twitter breach exposed not only how vulnerable the platform is and how its own employees could compromise the account of a presidential candidate, but that Twitter may also have been misleading the public about its policies with questions arising over blacklistings.