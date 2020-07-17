But while the scope of the incident was huge in itself, impacting the accounts of Barack Obama, Joe Biden, Bill Gates, Elon Musk, Kanye West, Kim Kardashian West, and Warren Buffett, it could just be the tip of a huge iceberg with vast security implications. Cybersecurity experts and policymakers are now concerned that the bitcoin scam may mask a far more troubling data breach involving the personal communications of the world's most powerful people.

It is still unclear what the attackers' ultimate goals were. But the little that has been revealed about hacking so far has already raised serious concerns by policy makers, security experts and some close to Twitter. With the level of access they enjoyed, hackers could have triggered a sell-off in the financial markets, issued false policy statements, or disrupted entire presidential campaigns.

"If Ivanka (Trump's) account tweeted the hypothetical extreme, & # 39; I am very proud of my father tonight for making difficult decisions; nuclear war is never easy, but we will win it & # 39 ;, that would be … troublesome, "said a former Twitter employee, speaking on condition of anonymity to discuss a former employer.

Neither Ivanka Trump's account nor President Donald Trump's account appears to have been affected by the hack; the White House declined to comment on the matter Wednesday afternoon. White House press secretary Kayleigh McEnany said Wednesday that Dan Scavino, White House director of social media, has been in "constant contact" with Twitter for the past 18 hours to keep the president's account safe.

"The president will remain on Twitter," McEnany told reporters confirming that the president's account was never hacked and remains secure.

Others in DC, including one of the President's sons, were still struggling to post on the platform on Thursday as a result of the radical and drastic measures Twitter took to emergency shutdown many accounts, including all verified ones. Twitter later relaxed the measure, but as of Thursday afternoon, accounts belonging to Virginia Democratic Senator Mark Warner and Donald Trump Jr. were unable to tweet.

On Wednesday night, Twitter offered a preliminary explanation for the hack. He blamed a "coordinated social engineering attack" on some of his employees who had access to "internal tools and systems", Twitter said

Hackers "used this access to take control of many highly visible accounts (including verified ones) and tweeted on their behalf," Twitter additional . "We are investigating what other malicious activity they may have engaged in or information they have accessed and will share more here when we have it." Twitter declined to comment for this story.

The hackers who controlled the accounts posted fake tweets urging Twitter users to send money to multiple bitcoin wallets, promising that users would receive double the refund. Instead, the hackers seemed to simply take the money and run, with more than $ 116,000 entering wallets on Thursday morning. All bitcoin transactions are visible in a public book, making the hack an even bigger sight.

Those wallets will be radioactive forever as law enforcement agencies see them for withdrawals or transfers that could be traced back to the original attackers, said Kenn White, director of security for software database company MongoDB.

"Those addresses (bitcoin) will be examined more closely than any in history," he said.

For such a disruptive hack, the money involved pales in comparison to the kind of million-dollar payments that hackers can routinely expect from other types of financially motivated attacks. In addition to being relatively small in financial terms, the gains from this week's Twitter attack are negligible in light of how deeply hackers appear to have penetrated Twitter's systems.

"If you've stolen a Ferrari, why are you just driving around the block?" White said.

As the crisis unfolded Wednesday night, Republican Missouri Sen. Josh Hawley, one of Silicon Valley's top critics, sent a letter to Twitter CEO Jack Dorsey.

"Millions of its users rely on their service not only to publicly tweet but also to communicate privately through their direct message service," Hawley wrote. "A successful attack on your system's servers poses a threat to the privacy and data security of all its users."

The Federal Trade Commission is also likely to investigate, opening the door to possible fines or other penalties, according to David Vladeck and Jessica Rich, two former directors of the agency's consumer protection bureau.

Twitter's own investigation is still ongoing, and it's unclear what data the hackers may have accessed. Twitter also has not disclosed who may have been behind the attack or any information about the selected employees. Two U.S. intelligence officials told CNN Wednesday night that it is still too early to know whether the attack was the work of a nation state or a state-sponsored actor.

But some security experts are preparing for the worst. By using the hijacked accounts to fuel a bitcoin scam, the attackers publicly announced their successful attack, ensuring Twitter would respond quickly and block them, said Theresa Payton, former White House chief information officer under President George W. Bush.

While that could indicate nothing more than a notoriety move and rapid cash theft, he said, the hackers may have downloaded account information for later release, which could include private messages, photos, phone numbers and addresses. of e-mail. That would be detrimental enough at any time, but during a critical election year in which trust in platforms and their handling of information remain key concerns, what is at stake could not be greater.

"Will they come back later with a 'dump and dox' campaign or a blackmail situation?" Payton said. "We only know about the accounts that changed with that message. What about all the other accounts that didn't change with that message?"

– Michelle Toh contributed to this report.