To quickly review what happened, a group of hackers gained access–apparently either by paying off, or spoofing, a Twitter insider–to a tool used to change the email address associated with a user account. They used the tool to take over the accounts of some very high-profile users, including Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, and Barack Obama, as well as accounts associated with cryptocurrency firms. The hackers apparently used the accounts only to try and scam people out of some bitcoin. But had their motives been political, it could have caused a whole different kind of damage.
For a time, the hackers were able to speak through the (digital) mouths of some of the most famous people in the world. It’s not hard to imagine a scenario where a hacker took control of such a voice at a crucial time during an election–say, in late October or even on election day–to say something to change votes or keep people away from the polls.
None of this was lost on people in political circles.
“The Twitter breach shows how social media companies and their users continue to be targets and vulnerable to hackers,” says Dan Lips of the conservative tech group the Lincoln Network. Lips was formerly policy director for the Senate Homeland Security committee.
“We should expect that adversaries, including foreign governments, are working around the clock to exploit vulnerabilities and to use sensitive information to disrupt the United States and the upcoming election,” he says. “Ahead of November, public officials and political campaigns should have their guard up and follow cybersecurity best practices.”
End-to-end encryption is one such best practice. One of the main upshots of Wednesday’s attack may be renewed pressure on Twitter to finally add that security feature to its direct-messaging system.
Encrypted DMs would not have prevented Wednesday’s attack, explains Evan Greer, deputy director of nonprofit digital rights group Fight for the Future. It’s possible that hackers could have accessed DM messages of users such as Obama and Musk if they had control of the accounts. But it raises additional concern about the possibility of intruders gaining access to millions of unencrypted tweets—especially since the hackers in this instance may had insider help.
It’s not hard to envision the right hacked DMs having an impact on the election in November–just as Clinton campaign chair John Podesta’s leaked emails were leveraged by the Trump campaign in 2016.
“We don’t really know what the hackers were after, but if it had been information, it could have meant massive leaks of private information,” Greer told me. “So it’s a parallel issue, but it’s one of the most important things that needs to be fixed.”
Greer says the main problem may be that Twitter employees have access on the back end to the accounts and the DMs. That makes them a target for hackers.
“I worry that they will just put a firewall up to prevent this particular attack from happening again without fixing a vulnerability that could lead to a much more devastating attack,.” Greer adds.
And DM encryption is an old ask of Twitter, as Senator Ron Wyden (D-OR) can attest:
Colin Delany, Epolitics.com
Twitter, like Facebook, needs to recognize that it is critical infrastructure for American politics””
Senator Richard Blumenthal (D-Connecticut) adds that Twitter was put on notice by the Federal Trade Commission way back in 2011 about its repeated security lapses and failure to safeguard accounts. “Count this incident as a near miss or shot across the bow,” Blumenthal says of Wednesday’s hack in a statement. “It could have been much worse with different targets.”
Many other digital communication platforms have added end-to-end encryption, including, recently, Zoom. Even Facebook offers end-to-end encryption to Messenger, through the Secret Conversations feature.
In a wider sense, Wednesday’s attack is causing some to look again at the power large social platforms now wield in politics, and the role they play in elections.
“Twitter has become another piece of crucial campaign infrastructure, like websites and voter databases,” campaign consultant and epolitics.com editor Colin Delany told me. “Twitter, like Facebook, needs to recognize that it is critical infrastructure for American politics.”
Big social platforms have been given their power by users, including famous and powerful ones.
“National leaders should . . . recognize the risks of relying on platforms like Twitter to announce national policy,” advises the Lincoln Initiative’s Dan Lips. He’s referring to Donald Trump, who sees Twitter as a direct communication channel to his users. Trump’s account (which was briefly deactivated by a rogue Twitter contractor in 2017) was conspicuously spared in the Wednesday attack.
It’s all about timing
Had the Twitter hack happened in a different year, in a different, pre-2016 political climate, it might not be so unnerving. But it happened at a very sensitive time. We may never in our lifetimes see an election more pivotal than the one coming in November. It represents the culmination of a fiery culture war, a referendum on Trumpism, and, history may show, a decision on whether to continue pursuing the democratic ideal the Founding Fathers envisioned 244 years ago. The country must make this choice in the midst of a devastating pandemic, and in a climate of angry partisanship that has been exacerbated by social media.
And finally, the incumbent candidate in this year’s election seems increasingly desperate and rudderless, with no clear strategy for closing the polling gap between him and his opponent. He’s just fired his campaign manager with four months to go in the campaign. And he told ABC News’s George Stephanopoulos he’d accept dirt on a political opponent from a foreign government without telling the FBI. In 2016, some of that dirt was obtained in a hack on DNC servers. In 2020 who’s to say it wouldn’t come from a hack on Twitter?