Twitter hack: Access to huge accounts just to get Bitcoin? And more tech today!

Your tech news digest, by way of the DGiT Daily tech newsletter, for Thursday, July 16.

1. Twitter hacked: Big names, small rewards, what’s really up?

Twitter’s major security breach last night was both stunning for its success and its limited rewards. What gives?

The hack:

• Playing out from just after 4pm ET, the hack went through major crypto Twitter accounts before accounts from Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian West, Michael Bloomberg, Barack Obama, and Joe Biden, tweeted the same message:

• The hack continued for more than an hour at least.
• Initial messages included requests to send $1,000 in Bitcoin to an address starting with bc1qxy2kg, to which $2,000 would be sent in return.
• Numbers from blockchain.com suggest as little as under 13 BTC was received, or around $100,000 in ill-gotten loot.
• Estimates are just that, though. The hackers might have sent themselves Bitcoin in advance to generate more excitement, so the quantity of money is more unknown than known and could be less.
• Many coin exchanges quickly blocked the address to prevent transactions.

Real-time:

• As it played out in real-time I took some notes, mostly scribbles that went from a belief that poorly secured accounts had been hacked, to checking if a major third-party tool had been hacked (eg. a service like HootSuite, but it was clean), to a growing belief that Twitter itself had been hacked given the breadth of the hack.
• The hacked accounts were basically too widespread, across too many accounts. Any one of Elon Musk, Bill Gates, Apple, or Jeff Bezos could theoretically be hacked. But a combined hack of them all looked much more like a problem at the provider, not the sources.

Remarkably low stakes:

• What was remarkable is how poorly the hackers were ‘rewarded’, playing as Bitcoin con-men rather than something potentially far more damaging.
• In theory, with control of such a variety of accounts, imagine stock market manipulation: Apple tweets it has bought Tesla, with Elon Musk then confirming it in a tweet of his own. Jeff Bezos declares Amazon will leave the USA. But the hack was done after the stock market closed.
• Politically too, national security is at risk. It’s not hard to imagine the Joe Biden account announcing he isn’t running for US President, or Obama confusingly announcing a new challenge, or worse, some kind of war footing starting via incendiary tweets.
• Not to suggest World War 3 could start from a tweet, but in states of confusion, bad decisions can be made.
• I’m not sure I agree with the ‘smart hack, dumb monetizing’ train of thought. Could this just be an unsophisticated opportunistic money grab? Or was this a stunt, and with theoretical access to the direct message inboxes of many high-profile accounts, more damage might emerge later.
• Could this prove the first wave from a new hacking system, a demonstration of some kind of ability, a diversion, or just the most whitecollar of crimes: Bitcoin.
• You get in real trouble by stealing physical gold from a vault. Stealing $100k in Bitcoin feels far more pedestrian.
• This seems like grifting Bitcoin is more a distraction than the real outcome.

Twitter’s response, and early reports:

• Twitter reacted by limiting tweets made by verified accounts on a wide scale, a sweeping move to stop further scam tweets or otherwise. A large portion of 359,000 accounts were unable to post, ranging from news sources to brands to people.
• Twitter later confirmed it had lost control of internal systems to hackers; its own employee tools contributing to the hack, potentially with internal well-placed employees being bought.
• Vice appears to have the earliest bead on what happened, with a report by Joseph Cox appearing to suggest social engineering of Twitter staff, which TechCrunch and Twitter itself later confirmed.
• “We used a rep that literally done all the work for us,” one of the alleged hackers told Motherboard.
• Another said “they paid the Twitter insider.”
• Given the hackers only cleared about 12.8BTC, would that be enough for a Twitter employee to go rouge? Did the hackers even make money on this?
• We don’t know much more at this point, but Twitter has promised to share all findings.
• Twitter CEO Jack Dorsey capped off the day, noting it was a “tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened”.
• Not a good day for Twitter, or trust. Many questions remain, including why hackers didn’t go for Donald Trump’s account, probably the most-watched in the world.

2. Samsung Dex could become a lot more useful with a wireless version of Dex looking possible (Android Authority).

3. Initial Peacock review: Its best feature is that it’s free; work to do on features and content (Android Authority).

4. Google has a Gmail redesign for business G-Suite users focusing on work chat, rolling out later in the year (Android Authority).

5. Long feature read: Google’s quiet experiments may lead to smart tattoos, holographic glasses (CNET).

6. Apple releases iOS and iPadOS 13.6, macOS 10.15.6, and watchOS 6.2.8. Car Key is now out, but everyone’s waiting for major iOS 14 release… (Ars Technica).

7. Zoom announces a 27-inch, $599 touchscreen device for remote workers with Zoom preinstalled. Oh how we laughed when Facebook released a device like this, but somehow with Zoom this does seem relevant for people who struggle with calls, or want a dedicated device to help focus on their computer, and not a video call screen. Or just want basic connectivity without hassle (The Verge).

8. The EU-US Privacy Shield data transfer ruling made today is not light reading but this is a good starting point explainer: Europe’s top court strikes down flagship EU-US data transfer mechanism (TechCrunch).

9. Iranian spies accidentally leaked a video of themselves hacking (Wired).

10. Shortlist announced for Astronomy Photographer of the Year competition (My Modern Met).

The DGiT Daily delivers a daily email that keeps you ahead of the curve for all tech news, opinions, and links to what’s going down in the planet’s most important field. You get all the context and insight you need, and all with a touch of fun. Plus! Rotating daily fun for each day of the week, like Wednesday Weirdness. Join in!