On Wednesday afternoon a tornado approached central Illinois. Normally, the Twitter account run by the National Weather Service outpost based in the city of Lincoln would be warning residents about the dangers and offering advice.
But it was silent, its ability to tweet cut off by a massive hack which had seen the accounts of some of the world’s most powerful people, including Jeff Bezos, Joe Biden and Bill Gates, taken over and used to promote a Bitcoin scam.
Twitter seemed powerless to fix the problem. Over an hour after the first tweets started appearing on the account of Tesla boss Elon Musk, the attackers were still posting tweets promoting the scam.
Defeated, Twitter was forced to take the nuclear option - preventing all verified users from tweeting. As well as the US President, the Prime Minister, the world’s biggest business leaders and celebrities, the blanket ban stopped thousands of people with Twitter’s famous “blue tick” from posting messages.
The crisis exposed just how significant the platform has become, and how vulnerable. For hours after the attack, Twitter did not say, or appear to know, who the hackers are, or how they gained control. But Twitter has become the main mouthpiece for President Donald Trump, who uses it to post musings on current affairs. US foreign and domestic policy is often built up around his tweets.
The hack appears to have stolen a mere tens of thousands of dollars, a paltry reward for the amount of access the attackers appear to have gained.
Those outside the Twitter bubble, which is overwhelmingly composed of journalists, politicos, provocateurs and bots, probably had no reason to take notice and no interest in the hack.
But the incident has potential ramifications well beyond Twitter. With the accounts of the US President and his main political rival at their fingertips, the attackers had an almost unimaginable amount of power. Imagine faking an announcement that the big red button had been pushed, and the missiles were on their way to North Korea?
Under previous presidents, such wild statements would likely be dismissed as the work of a hacker. But under the current one, they might well be taken seriously.
A study from King's College London's Centre for Science and Security Studies on Wednesday illustrated the risks: "To reduce the risks of unintended nuclear escalation, governments and individual officials should refrain from uncoordinated or ‘rogue tweeting’ during crises," it said.
Tough day for us at Twitter. We all feel terrible this happened.— jack (@jack) July 16, 2020
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
Last year, Twitter founder Jack Dorsey was himself hacked using the relatively simple method of SIM hijacking, where hackers take over a phone number and have verification codes sent to them instead of the account’s true owner.
Trey Herr, director of the Cyber Statecraft Initiative at US think tank the Atlantic Council, suggests that this method could have been employed again.
"Cell phone vendors are not very effective at validating the identity of people who call into their customer service lines, allowing attackers to get cell service for an account moved to a SIM card they control and can intercept text-based 2FA codes. Notably, the language in the tweets was tweaked to the voice of the target,” he said.
But as hacking has become a serious threat to people’s livelihoods and security (imagine a hacker tweeting out something offensive or incriminating from a TV personality’s account), high-profile tweeters have put far more protections in place.
More secure than a texted code is an authentication app or physical security key, both of which Twitter now offers.
Some suggested this had been a well thought out plan which had taken some time to concoct, pointing to the fact that a series of fake websites had already been set up. Creating fake domains is often a ploy to lure people to malware-laden sites in an attempt to get them to enter their passwords or financial details.
The fact that the scam involved cryptocurrency, and first appeared on large cryptocurrency organisations like Coinbase, Gemini and crypto celebrities like the Winklevoss twins and Elon Musk, makes the most obvious motive financial crime.
But the scale of the breach, Twitter's worst to date, points to the company itself being the victim here.
Vice reported that Twitter was quickly removing screenshots of a computer screen that appeared to show a panel with administration rights to Twitter accounts, giving them the ability to completely control Twitter accounts remotely.
Later on Wednesday, Twitter said it had experienced a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
Whether an employee was hacked or willingly handed over control of the accounts to hackers was not clear. Either way, it raises questions about the internal checks and balances involved in access to the platforms of the world's most powerful people.
If the latter, it would not be the first time a Twitter employee has gone rogue. In 2017, Bahtiyar Duysak deactivated President Donald Trump’s twitter account for a total of 11 minutes.
The German was working as a contractor during the last part of a stay in the US where he had been working and studying, including stints at YouTube and Google under various contractors. One imagines Twitter has been closely vetting who gets admin rights ever since.
The names of those who were first hacked seem not to give too much away, but there were some interesting trends. As a principal security researcher at a well known organisation opined, the fact that Trump’s account was not seen spewing Bitcoin spam seemed surprising. Widely-followed right-wingers were left alone. Instead, the pillars of US liberal society – Barack Obama, Bill Gates, Joe Biden and Warren Buffett – were targeted.
There has been a long-running joke that all Twitter is good for is Bitcoin scams. For years, fake Elon Musk accounts were able to con people out of buying digital coins until the platform cracked down. Perhaps the Bitcoin scam was some kind of anarchist joke?
We may not yet know exactly how or why the Twitter hack happened, but it lays bare how vulnerable the platform is, and how easily the platforms of some of the world’s most influential people can be hijacked to unknown ends.