On the afternoon of July 15, the Twitter accounts of many prominent U.S. political leaders and business leaders were hacked to defraud Bitcoin. Obama, Biden, Bloomberg, Bill Gates and Warren Buffett have all been targeted.
The transfer amount is doubled?
Starting from the afternoon of July 15, the Twitter accounts of Obama, Biden, Bill Gates and others have successively issued a tweet with similar content, claiming that if someone transfers money to their Bitcoin account address, they will be within 30 minutes. Refunded in double amount.
When more and more American celebrities started tweeting similar content, the Twitter company found an anomaly. Soon, they urgently froze all authenticated user processes and tweeting, and launched an investigation. However, the company’s shares fell more than 3% in after-hours trading following the incident.
As of press time, more than 12 users have transferred money to the bitcoin account address provided by the hacker, with a total defrauded amount of up to 110,000 US dollars. It is reported that Bitcoin exchange Coinbase has blocked any users from sending money to the account address.
Two-factor authentication + strong password protection is not enough?
It is understood that many of the hacked Twitter accounts have used two-factor authentication and strong passwords. Logically, sending tweets by hacking an account is not feasible. So how exactly are these fraudulent tweets sent?
During the investigation, it was discovered that the hacker’s tweets were posted using Twitter’s web application.
A web application is an application that can be accessed through the web. As long as this application is used, users can directly access various applications through the browser without installing additional software.
The benefits of this webapp are obvious. With it, users can download fewer applications, thereby greatly reducing hard disk space. In addition, the characteristics of various applications can be directly executed on the server and then automatically communicated to the client, so the steps of updating the app are also omitted. Not only that, because they run in a web browser window, they are also convenient to use across platforms.
However, its shortcomings are also obvious. On the one hand, many network applications are not open source and can only rely on services provided by third parties, so they cannot provide customized and personalized services for users. And in most cases, users can’t use it offline, so they lose a lot of flexibility; on the other hand, because they are completely dependent on the application service provider, once the company goes bankrupt and the server stops being used, users can’t get back their previous data.
Similarly, provider companies have greater control over software and functionality. In theory, companies could also retrieve any user information, raising privacy concerns.
Where is the road to network information security?
This isn’t the first time hackers have targeted a high-profile Twitter-related attack.
In 2016, a group of hackers called OurMine hacked Twitter CEO and co-founder Jack Dorsey. The hacker group has also taken over the social media accounts of Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg.
In September 2019, the Twitter account of Twitter CEO and co-founder Jack Dorsey was hacked. After taking control of the account, the hackers posted a series of highly offensive and racist tweets, one of which was also related to a bomb threat.
Later, Twitter also temporarily suspended the ability to tweet via text. However, earlier this year, just before the Super Bowl, the official Twitter accounts of more than a dozen NFL teams were also hacked.
In the face of continuous hacking attacks, CNN also made two recommendations for Twitter accounts:
Use verification code
In general, users are better off using two-factor authentication. But even two-factor authentication doesn’t guarantee you’re safe from SIM swapping, and hackers can also intercept SMS verification codes, rendering authentication ineffective.
In addition to SMS verification, Twitter already offers several other more secure verification methods. The Google Authenticator app and physical security tokens are both good options.
replace phone number
Right now, the only way to turn off “Text Tweets” is to delete your phone number from Twitter’s user profile. However, there’s a problem with this approach: it prevents you from using two-factor authentication.
Residents in the US can replace your phone number with a Google Voice-generated number. This voice phone number is independent of the mobile operator’s management, so hackers can’t control your phone number.
In cyberspace, an account represents a living person. Every statement reflects the thoughts of the account subject, and it is also the mapping of real behavior in the online world. For political and business celebrities, once their social accounts are controlled by hackers and publish some inappropriate remarks, the resulting negative effects are immeasurable.