If Twitter can be hacked, nobody is safe


Time to beef up your own security and delete anything you don’t want public.

When Elon Musk tweeted last week that he would double the Bitcoin people sent to a cryptocurrency wallet number in his message, it just seemed like another one of the odd things the controversial billionaire inventor does.

But it was part of an audacious hack of the 330-million user social network that has shaken the cybersecurity world. The accounts of Musk, Barack Obama, Joe Biden, Bill Gates, Kim Kardashian, Kanye West, Uber and Apple were part of the 130 users who were hacked. Of those, only 45 had their password changed. Of some mystery right now, is why the eight accounts (which Twitter claims aren’t high-profile ones) had all their data, including private messages, downloaded.

The most interesting aspect of this humiliating breach of security – which used Twitter’s internal tools that allow the account’s email address to be changed – is that it could have been much, much worse.

The key player – whose chat name is “Kirk” – appears only to have made US$100,000 from the scam but had access to the backend tools that control accounts.

The New York Times has pieced together the audacious hack from four of the young hackers involved, who showed screenshots from the Discord chat app (which gamers use).

The young hackers yearn for early or short usernames like @6 or @t. These highly sought-after names are often known as OG for “original gangsters” or the early adopters of a service or app.

One of the hackers – whose username is “ever so anxious” – briefly took over @anxious. “I just kinda found it cool having a username that other people would want,” “ever so anxious,” told the NYT.

Other names they sold include @dark, @w, @l, @50 and @vague.

This Twitter breach was a throwback to the early years of hacking when youngsters showed off their hacking prowess with such stunning stunts.

Eugene Kaspersky, the eponymous founder and CEO of the well-known internet security firm, told me in a recent interview that these early hackers were “vandals and hooligans” who did it “just for fun”. Back then, he reminds us, hackers did it “just to prove they are able to develop this kind of code”.

Cybercrimes have evolved into vast criminal empires, with various sub-specialities. Some cybercriminals write code, others steal usernames and passwords, others sell all these bits of nefarious code and stolen identities. Some gangs, organise attacks on big firms, even have company-like characteristics like leave forms, Kaspersky says.

Cybercrime has had an underlying financial motive for many years and has now started emerging in attacks between countries – as hacks of Ukraine’s power grid demonstrated.

“Now we are living in a cyber storm,” Kaspersky says.

So what were the Twitter hackers really up to? Whose eight accounts were downloaded and why? Or was it merely some youngsters – one of whom told the New York Times he lived at home with his mother – who got lucky?

The hack has sent shockwaves through the world, as it should. It’s a timely reminder to beef up your own security – but also to remember that anything can be accessed if it’s online and digital.

This article first appeared in Financial Mail


About Author

Toby Shapshak is editor-in-chief and publisher of Stuff, a Forbes contributor and a Financial Mail columnist. He has been writing about technology and the internet for 20 years and his TED Global talk on innovation in Africa has over 1,5-million views. He has written about Africa's tech and start-up ecosystem for Forbes, CNN and The Guardian in London. He was named in GQ's top 30 men in media and the Mail & Guardian newspaper's influential young South Africans. He has been featured in the New York Times. GQ said he "has become the most high-profile technology journalist in the country" while the M&G wrote: "Toby Shapshak is all things tech... he reigns supreme as the major talking head for everything and anything tech."

1 Comment

  1. Pingback: Momentum Metropolitan hit by a cyber-attack but your data apparently wasn’t the target

Leave A Reply