When Elon Musk tweeted an invitation to send money to his bitcoin wallet last week, promising to send double the amount right back, it just seemed like another weird thing the controversial billionaire inventor might do.
But it was part of an audacious hack of the 330-million-user social network that has shaken the cybersecurity world. The accounts of Musk, Barack Obama, Joe Biden, Bill Gates, Kim Kardashian, Kanye West, Uber and Apple were among the 130 that were hacked. Of those, 45 had their passwords changed, and eight accounts (which Twitter claims aren’t high-profile ones) had their data, including private messages, downloaded.
The most interesting aspect of this humiliating breach — which used internal Twitter tools that allow an account’s e-mail address to be changed — is that it could have been much, much worse.
The key player — whose chat name is "Kirk" — appears to have made only $100,000 from the bitcoin scam but had access to the back-end tools that control accounts.
The New York Times has pieced together the main threads of the exploit from four of the young hackers involved, who showed the newspaper screenshots from the Discord chat app, which gamers use.
The hackers are after short online usernames such as @6 or @t. These highly sought-after names are often known as OG for "original gangsters", the early adopters of a service or app like Twitter.
The breach is a throwback to the early years of hacking, when youngsters showed off their hacking prowess
One of the hackers — whose username is "ever so anxious" — briefly took over @anxious. "I just kinda found it cool having a username that other people would want," "ever so anxious" told the New York Times.
Other Twitter usernames they stole and sold include @dark, @w, @l, @50 and @vague.
This breach was a throwback to the early years of hacking, when youngsters showed off their hacking prowess with stunning stunts.
Eugene Kaspersky, the eponymous founder and CEO of the Russian internet security firm, told me in a recent interview that these early hackers were "vandals and hooligans" who did it "just for fun". Back then, he reminds us, hackers did it "to prove they are able to develop this kind of code".
Cybercrime has been motivated by money for many years and has also become part of the virtual wars between nations. "We are living in a cyberstorm," Kaspersky says.
So what were the Twitter hackers really up to? Whose eight accounts were downloaded and why? Was it merely some youngsters — one of whom told the New York Times he lived at home in England with his mother — who got lucky?
The hack is a timely reminder to beef up your security — and to remember that anything can be accessed if it’s online and in digital format.
- Shapshak is editor-in-chief and publisher of Stuff magazine
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.