What really happened with the Twitter hack? The 6 biggest theories
It was Elon Musk’s 4:17 PM ET tweet that seems to mark the beginning of the Great Twitter Hack:
I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!
In an attack that’s affected everyone from Elon Musk to Joe Biden, Barack Obama, Warren Buffet and even Apple, the internet has been abuzz with what really could have happened to allow someone – or some group – such access to such significant Twitter accounts.
While Twitter is scratching its head and saying nothing much of value, screenshots have been going around the internet showing the hackers’ access to various accounts’ admin panels:
A Motherboard report seems to suggest that the hack was a result of a Twitter employee providing access to the hackers. The associated Bitcoin wallet that was tweeted out has now gained more than 12 BTC, which is equivalent to roughly $110,000 at the time of writing this article.
However, the rollout of the hack, and the rather disappointing purpose (an amateurish Bitcoin scam) has led many observers to have doubts. Considering the scope of the attack, many in the tech community are searching for the bigger issue.
So let’s take a look at the 6 biggest theories surrounding the hack, and what it could mean for all of us.
#1 It was a state-sponsored attack
Twitter’s own Support tweets have fueled speculation that this attack came from a state-sponsored actor:
Specifically, defining this as a “coordinated social engineering attack” by “people” (not just one) targeting Twitter employees (not just one) seems to imply that it was sophisticated in its execution. This isn’t particularly far-fetched either: In November 2019, two ex-Twitter employees were charged by the Department of Justice for spying for Saudi Arabia.
That level of sophistication, however, does not match very well with the anticlimactic tweets supporting a simple Bitcoin scam. While the proposals vary for why a certain government might have launched an attack on the social media platform, there seems to be a consensus – or confusion at least – of why such an opportunity was wasted on something so relatively insignificant.
After all, a state-sponsored group that had access to American celebrities’ accounts – veritable royalty in the country – could with some coordination cause a lot of havoc, especially right before the US presidential elections.
But that leads us into our next theory.
#2 This was a cover for a bigger hack
Much like the final Game of Thrones season, the ending doesn’t really make sense here – all that buildup, for this?
But what if this is just a cover – a clever misdirection – for something bigger? But speculation aside, the actual nature of this “bigger” hack is difficult to comprehend without understanding the scope of the hack.
If the attackers were able to gain access to the entire backend system, it’s possible they could do a lot of damage. This includes focusing all our attention on the Bitcoin scam – and tweeting out deleted tweets to keep the moderators busy – while they simultaneously scam millions of unaware users, cause civil unrest in another part of the world by coordinating a fake news campaign, or cover up some atrocity happening at the same time that would be drowned out by the Bitcoin scam saga.
On the other hand, if the attackers had some foreknowledge that verified accounts would be suspended for a while – the same verified accounts that have become trusted sources for real-time breaking news – they’d have a considerable amount of time to perform these bad acts or cover up ongoing terror.
But with the post-mortem for the attack not scheduled to arrive for at least a few days, we’re still in the land of speculation when it comes to the scope and possibilities of the hack.
#3 The real goal was the DMs
There is some discussion that this hack was a last-ditch attempt to use a vulnerability that would soon be patched by Twitter’s upcoming API update, which they had hinted at in a July 14 tweet:
According to this theory, with the impending mid-July API change, the hacker had a short amount of time to achieve the real goal: get the personal DMs (direct messages) from these accounts.
The hacker would then be able to perform simple blackmail, if the DMs or tweets contain sensitive messages (remember Anthony Weiner), or to sell these sensitive messages to interested parties.
However, this theory has a particular thorn in its side: which of these celebrity accounts would actually contain sensitive DMs? With most public profiles from major influencers being run by assistants or social media managers, it’s unlikely that there’s much sensitive information-sharing going on in there.
Perhaps someone like Elon Musk would have some interesting stuff in his DMs, but given his eccentric character, it may not mean too much.
#4 This was a proof of concept for a future hack
Another juicy theory is that this hack is instead a test or a proof of concept for a bigger client from an independent or state-sponsored hacking group.
Again, the bone of contention here is that the climax was disappointing, and it was a pretty lame effort on the part of this “sophisticated” hacking group. But if this were simply an audition for a larger job, or a test for something bigger to come later (see point number 2 above), either on Twitter or another platform, then this already insane year will indeed be one for the books.
#5 This was aimed at harming Twitter’s reputation
Twitter’s current positioning as unfiltered direct news has become increasingly important in a polarized world where the mainstream media channels are accused of being fake news. However, in order to filter out the truth from the BS, verified accounts are generally trusted more.
This hack seems to have thrown a wrench in those beliefs, seeing as the verified accounts were the ones used to spew this scam. When Twitter is founded on an issue of trust, and the verified accounts are deemed either untrustworthy, or rather able to be made untrustworthy, the victim becomes the entire platform.
Any company suffering a breach or hack loses some reputation points in the process, but those issues of global polarization and “fake news” accusations could make this a sticking point for Twitter.
In this theory, that was the entire purpose of the attack.
#6 It was an amateur hacker that got lucky
Lastly, and one that cooler heads seem to favor the most is the simplest Occam’s razor-esque belief that it was just an amateur hacker that got lucky. He or she discovered a vulnerability and, due to a lack of creativity or experience, came up with a quick Bitcoin scam to exploit the vulnerability.
The consensus here, then, to explain the disappointing third act to such a promising attack, is that one shouldn’t attribute to malice what can be attributed to incompetence. In this theory, there is no “bigger attack” or shadowy group pulling the puppet strings here – it’s just plain old stupidity or inexperience – if one can call getting 12 BTC (valued at around $110,000) in a few short hours “stupid.”
However, that doesn’t really explain Twitter’s statement that it was a “coordinated social engineering attack” involving multiple people targeting multiple employees, or the Verge’s coverage that implies it was coordinated on the “inside.”
On the other hand, it could explain why the hacker(s) used a dead rapper’s Twitter account (XXXTentacion) or the non-tweeting Apple account to tweet out the Bitcoin scam.
Also, with Twitter’s pithy top-range $20,160 bounty payout for ethical hackers (not including the taxes they’d have to pay), the amateur hacker may have decided that it’s better to go the wrong way and earn more money.
Whatever the true situation may be, we won’t really understand until Twitter provides a detailed post-mortem of the attack. Even then, many questions will remain unanswered until the Twitter employee, hacker, or hacking group is charged or identified, which may not happen too soon.