Show an ad over header. AMP

Twitter hack presages a bumpy election

Buckle up, more hacks ahead: That's the loud message Wednesday's wild attack on Twitter is sending to public officials, business executives and leaders of political campaigns.

Why it matters: With the election less than four months off, the takeover of high-profile Twitter accounts provided a grim reminder of the vulnerability of our communications platforms, government systems and business networks.


Driving the news: On Wednesday, messages promoting a bitcoin scam started appearing on prominent Twitter accounts, including those of Barack Obama, Joe Biden, Mike Bloomberg, Elon Musk, Jeff Bezos and Warren Buffett.

  • For several hours Twitter blocked its "verified" users — those with blue checkmarks — from posting as it tried to lock down its systems.
  • Experts immediately assumed, and Twitter later confirmed, that this wasn't a series of individual account break-ins but rather a compromise at its administrative level.

The big picture: Four years ago at this time, the Clinton campaign was reeling from a public dump of pilfered Democratic party emails that turned the 2016 election cycle upside down.

  • Partly as a result of that fiasco, potential hacking targets are more aware than ever of the potentially catastrophic consequences of losing control of their online accounts.
  • More people are taking precautions, and fewer are likely to fall for the most obvious threats.

But attackers have learned a lot since 2016, too. And the pandemic's work-from-home era has created fresh vulnerabilities for users who are adapting to new online work arrangements without ready access to onsite support.

What they're saying: Thursday saw both the FBI and the New York State attorney general announce investigations into the incident, and a wave of demands by members of Congress for information and remedies.

  • “This hack bodes ill for November balloting," said Sen. Richard Blumenthal (D-Conn.) in a statement. "Twitter was long put on notice by the Federal Trade Commission about its repeated security lapses and failure to safeguard accounts. Count this incident as a near miss or shot across the bow. It could have been much worse with different targets."
  • Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, issued a statement warning that the hack revealed "a worrisome vulnerability in this media environment — exploitable not just for scams, but for more impactful efforts to cause confusion, havoc, and political mischief."
  • Sen. Ron Wyden (D-Ore.) wants Twitter to encrypt direct messages. (It's worth remembering that a number of his colleagues want to make strong encryption illegal.)

Be smart: Many observers noted that the attackers' apparent goal of fleecing gullible users of their bitcoin was relatively low-key compared to the kind of mayhem they could have pursued, like manipulating markets, triggering international crises, or falsifying voting information on election eve.

There's a lot we still don't know, including:

  • whether the Twitter attackers also gained access to the direct messages in the compromised accounts;
  • whether the "social engineering attack" aimed at Twitter employees had any inside help;
  • who the attackers are and what their goal was. (Here's some good detective work from Brian Krebs.)

One thing we know: For the moment, at least, the attackers came out on top.

  • If they aimed just to make money, they appear to have collected north of $100,000 worth of bitcoin.
  • If they aimed to sow further confusion and doubt about the communications network relied on by the U.S. president, they did a pretty good job of that, too.

Our thought bubble: You'd think Twitter would have hardened its defenses by now, as well as tightened its controls on administrative access.

  • After all, there was that time in 2017 when a rogue employee deactivated President Trump's account, "inadvertently due to human error," for 11 minutes.
  • Nearly a decade ago, the company entered into a settlement with the Federal Trade Commission over similar issues surrounding administrative security.

What's next: The FTC could get involved again.

  • Steven Bellovin, a former FTC chief technologist, said that when the agency previously investigated high-profile account hacks over a decade ago, Twitter had failed to properly train administrators on password security.
  • That led to a20-year settlement, finalized in 2011, in part requiring Twitter to maintain a comprehensive information security program assessed by an auditor every other year for 10 years.
  • “Given that this appears to be an abuse of administrator accounts again, I suspect the FTC is going to investigate to see if Twitter was actually living up to the agreement,” Bellovin told Axios.
  • An FTC spokesperson declined to comment on whether the agency is investigating.
  • Yes, but: The FTC's powers are limited to imposing fines and rules. And any action it takes is unlikely to help protect the election in November.

Fauci: Trump hasn't been to a COVID task force meeting in months

President Trump has not attended a White House coronavirus task force meeting in “several months,” NIAID director Anthony Fauci told MSNBC on Friday.

Why it matters: At the beginning of the pandemic, the task force, led by Vice President Mike Pence, met every day, but in the "last several weeks," members have held virtual meetings once a week, Fauci said, even as the number of new cases continues to surge in the country.

Keep reading... Show less

Universal mask use could save 130,000 lives in U.S.

Nearly 130,000 fewer people will die of COVID-19 this winter if 95% of Americans wear face masks in public, according to research published Friday.

Why it matters: “Increasing mask use is one of the best strategies that we have right now to delay the imposition of social distancing mandates," Dr. Christopher Murray of the University of Washington told the N.Y. Times.

Keep reading... Show less

Israel and Sudan begin normalization process after call with Trump

Sudan and Israel announced today that they will “end the state of belligerence” between them and start the process of normalizing ties.

Driving the news: The announcement came after a phone call hosted by President Trump with Israeli Prime Minister Benjamin Netanyahu, Sudanese Prime Minister Abdalla Hamdok, and the head of Sudan's governing council, Gen. Abdel Fattah al-Burhan.

Keep reading... Show less

We're all guinea pigs for Tesla's latest self-driving tech

Tesla is beta-testing its latest self-driving technology with a small group of early adopters, a move that alarms experts and makes every road user — including other motorists, pedestrians and cyclists — unwitting subjects in its ongoing safety experiment.

Why it matters: Tesla hailed the limited rollout of its "full self-driving" beta software as a key milestone, but the warnings on the car's touchscreen underscore the risk in using its own customers — rather than trained safety drivers — to validate the technology.

Keep reading... Show less

Trump removes Sudan from state sponsors of terrorism list

President Trump signed Friday an order to remove Sudan from the State Department’s state sponsors of terrorism list, senior U.S. officials tell me.

Why it matters: Trump’s signature paves the way for the U.S. and Sudan to move forward on a larger deal — which will also include a Sudanese announcement on normalizing its relations with Israel.

Keep reading... Show less

Big Ten football is back

The Big Ten football season kicks off tonight after months of a "will they, won't they" narrative.

The state of play: Each team will play eight regular season games, culminating in a ninth, cross-divisional matchup on Dec. 19 (i.e. the Big Ten Championship, but also No. 2 East vs. No. 2 West, etc.).

Keep reading... Show less

Child care crisis is denting the labor market

Reproduced from Pew Research Center; Chart: Axios Visuals

New data from the Pew Research Center shows that parents are being hit especially hard by the coronavirus pandemic, and as far as job losses go, mothers and fathers are faring equally poorly.

Why it matters: Economists have been warning for months that the pandemic could do long-term damage to the economy as people remain unemployed for longer stretches of time.

Keep reading... Show less

"This guy": Trump-Biden personal venom was on full display during final debate

Joe Biden twice referred to President Trump as "this guy," and Trump called the former vice president's family "like a vacuum cleaner" for foreign money.

Why it matters: The personal venom — during Thursday's final presidential debate, in Nashville — was a reminder that even during a more normal debate, nothing this year is normal.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories