As the dust settles from the Twitter hacking of high-profile public figures from Joe Biden to Jeff Bezos, the estimated $118,000 gained by the hackers seems like a comparatively small price to pay for a scheme like this. The financial nature of the efforts – along with their lack of political connotation – has led to speculation the hackers were “criminals rather than government operatives.”
This does not mean that we are immune to more harmful, malicious, and politically inspired outcomes.
In-Short: The recent and very public hacking of Twitter’s internal systems has exposed a hard truth: the infrastructure underpinning the Internet and cyberspace is incredibly vulnerable to attacks that have significant real-world implications.
Hacking Twitter: According to Twitter, this was a social engineering attack that saw the hackers gain access to the accounts using Twitter’s own internal administrative tools.
Using these accounts, they encouraged people to send money to a BitCoin Wallet with the understanding that if they did so, they would get their money doubled.
The success of these attackers in gaining access to these Twitter accounts is immensely concerning.
- A useful framework for comparison is to look at the vulnerability of ‘traditional’ critical infrastructure such as electricity grids, water treatment plants, and telecommunication systems to hacking.
- Vulnerabilities in that infrastructure have inspired a discussion about the necessity of increased regulation and security measures. This most recent attack forces us to ask: should social media also be treated as critical infrastructure?
It could have been worse.
- While the Twitter hackers appear to have been driven by financial motivations, the hack represents a dangerous preview of what could happen in the upcoming US Presidential elections.
- Already, fake messages claiming that the US government would enforce pandemic restrictions with soldiers have been sent to millions of mobile phones and social media users. If such messages were to be posted from the real accounts of government officials, the consequences could be disastrous.
- We also saw Twitter’s lockdown of verified accounts cause the Illinois National Weather Service to be unable to send updates as a tornado approached.
Meanwhile: Joe Biden, one of two candidates in the upcoming US Presidential election, had his social media successfully hacked. Jeff Bezos, the wealthiest man in the world and a hugely influential figure was as well. These two alone have significant audiences – and they were not the only accounts compromised.
What might happen if actors with different intentions gained similar access?
Social media messages are not inert – they can lead to serious social consequences. The role these messages can play in generating social movements for political purposes is well documented, but so is their potential to incite violence.
- Violence as part of the Rohingya genocide in Myanmar was exacerbated by posts on social media.
- WhatsApp, which is owned by Facebook, has struggled to fight hoaxes that have been linked to lynchings in India.
- Terrorist movements including the ‘Boogaloo’ movement have emerged and grown exponentially through social media.
Other social media companies are also vulnerable.
- In 2018 hackers stole the data of 28 million Facebook users in an attack that could have allowed the hackers to post from the compromised accounts. One of those compromised accounts belonged to Facebook’s CEO and founder Mark Zuckerburg.
- 41% of Canadians view Facebook as “the most toxic site they use,” and over 30% are reluctant to post on social media for fear of being harassed.
Authoritarian governments across the globe consistently use social media to spread disinformation in ways that raise questions about how social media companies operate.
- Disinformation on the COVID-19 pandemic is rampant on social media. An estimated 45% of tweets related to ending pandemic restrictions in the US were posted by bots. These bots, which are automated programs that attempt to mimic the behaviour of real people online, have been amplifying narratives and conspiracy theories that have been linked to Chinese and Russian government disinformation campaigns.
Meanwhile, social media companies are struggling to counter these disinformation campaigns, as banned content continually gets reposted, edited, and moved between platforms. Their efforts have also been stifled by the scale of the issue and the need to facilitate free expression online.
The Twitter attack demonstrated that takeovers of major companies’ internal systems and infrastructure is possible and that these attacks, especially if staged by advanced persistent threat (APT) groups linked to states, can have serious security, social and political implications.
- Twitter lost $1.3 billion in market value following the hack due to fears it would undermine Twitter’s reputation as the main social media platform of public figures.
- Concerns about financial manipulation, extortion, and exploitation of sensitive information are well-within the range of reasonable.
- And the hack brings up serious questions about how social media companies are protecting the accounts of their users, especially high-profile ones, from malicious actors.
The woeful under-protection of our cyber-infrastructure has real-world impacts on everyone’s lives – on and off-line.
- Vulnerabilities in the border gateway protocol (BGP) that routes Internet traffic across the globe remain, despite years of hijackings and improper routings that have impacted users, companies like Google, and even the US government.
- Cyber-attacks on internet-connected energy grids are no longer hypothetical. Ukraine’s energy grid was targeted by Russian-linked APT groups in 2015 and 2017. And North American grids have proved vulnerable to these threats as well.
- Even the charging stations for electric vehicles have been identified as being so insecure that hackers could use them to disrupt Canada’s electrical grids.
A serious “what if?” question, therefore, needs to be asked: what would have happened if the Twitter hack had been driven by political goals?
The Bottom Line: Critical infrastructure was once viewed as being limited to electrical grids, power plants, and the financial system. Yet the Twitter hack raises the question of if social media platforms should also be treated as critical infrastructure, due to the critical role they play in our everyday lives and societies.
- Your Data Can and Will Be Used Against You | Op-Ed
- Privacy & Surveillance During the Recent Black Lives Matter Protests
- The Growing Threat of Far-Right Terrorism in Canada