After Twitter breach, lawmakers and experts concerned private messages were accessed
Category: News & PoliticsVia: perrie-halpern • 4 weeks ago • 77 comments
By: Ben Collins
Concern about access to direct messages stems in part from broader worries that they could be leaked as part of a campaign to influence the U.S. election in November.
Michael Coates, who was Twitter's top digital security official from 2015 to 2018, said that because the attackers appeared tohave been motivated by money, they may not have been particularly sophisticated.
"It would seem that somebody with that level of access would have been more advanced," he said. "But the fact that they did that, it does not make me think that it was a nation-state."
Coates, who is now the CEO of the cybersecurity company Altitude Networks, also said it still isn't clear whether the attackers were able to gain access to DMs.
"We should not presume it, but we should not rule it out, either," he said.
Twitter declined to discuss whether direct messages had been breached, pointing to the company's official Twitter account, which hasn't addressed direct messages.
Hostile foreign intelligence services from Russia, China and Iran have all targeted private messages of public figures to embarrass governments and try to sway elections in the past. Russia conducted a sweeping hacking and disinformation campaign in 2016 that targeted the Democratic National Convention and Hillary Clinton's campaign chairman, John Podesta. Emails acquired through those efforts were eventually released through the intermediary WikiLeaks.
Russian intelligence services have also used the cover of a Bitcoin scam in an attempt to obtain private information. In 2016, the GRU tried to mirror the appearance of a malware attack called Petya, which held the contents of users' computers hostage in exchange for bitcoins.The GRU's variation on the attack, dubbed NotPetya, was solely focused on collecting private information, and it used the Bitcoin scam as a cover to evade detection.
NBC News contributor Clint Watts, a former FBI special agent, said that the hack could have been conducted by criminal hackers but that it's not possible to know for sure with the information currently available.
"If you wanted to influence the election, you wouldn't get Twitter all spun up to clean up their platform four months out," Watts said. "But if you're going to do a hack and dump, then maybe."
Watts added that a Twitter direct message hacking campaign "isn't the same as DNC internal emails," because so many lawmakers have shifted to more secure messaging platforms, and that Bitcoin scams are frequently "just what you see at the surface."
But Twitter DMs "would be useful if they just wanted general blackmail on everybody," he said.