And there is no accounting for disaffected workers, as Twitter learned in 2017 when an employee deactivated President Donald Trump’s account before it was quickly restored.
Identifying potential Twitter employees to target wouldn’t be difficult for the hackers, given the way most smartphone apps hungrily vacuum up location and other contextual data from users -- data which is often then sold on to marketing companies. Anyone frequenting the same coffee shops and businesses or entering and leaving a workplace at particular hours can give away clues about themselves.
Cybersecurity experts can only speculate until Twitter itself reveals what happened and where the failures occurred, but even this kind of show of force -- a demonstration by hackers to earn credibility or gain infamy -- isn’t convincing them that a Bitcoin scam was all there was to the operation.
With U.S. elections looming, the cyber landscape is ripe for a major attack. Stas Protassov, co-founder and president of global technology firm Acronis said the attack was “too prepared to be just a cryptocurrency scam.”
“We don’t believe that’s all the hackers went into once they got access,” he said in an email. “The attack is too big and too noisy and likely covering a bigger play. We’ve yet to see the full impact of what this was about.”
Tobac also raised the possibility that the attack could have been a distraction while hackers harvested private direct messages and any other confidential data to be able to deploy at a more critical time. So while the initial disruption to Twitter’s service appears to have been patched over and the company is gradually restoring normal operation, the lingering effects of this breach might have much wider effects than Wednesday’s spectacle.
“Maybe they were doing something insidious and this was just a cover up,” she said. “There’s no way for us to know, we can just speculate.”
Whatever happened, Twitter must be completely candid about the cause of attack once it’s established, Tobac said. “This was such a public meltdown that if they’re not completely transparent it would damage their brand further.”
This article was provided by Bloomberg News.