Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

FBI Investigates Twitter Hack Amid Broader Concerns About Platform’s Security

Friday, July 17, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The Federal Bureau of Investigation launched a probe into the widespread hack of Twitter Inc. TWTR -1.09% that occurred Wednesday, amid growing concerns that the vulnerability of the company’s systems could pose broader risks to international security.

Lawmakers and security experts on Thursday said the attack, in which hackers commandeered numerous Twitter accounts, including for prominent figures such as Joe Biden and Bill Gates, pointed to an especially worrisome vulnerability heading into the U.S. presidential election, given Twitter’s importance as a platform for political discussion.

The hack lasted for hours, and security experts saw it as both severe and unusual. It exposed what they said was the problem of even midlevel company insiders’ access to Twitter data in ways that enable hackers to obtain such information or gain control of user accounts.

Security experts believe the attack might have focused on the company’s internal account-reset systems, which are used to help users regain access to their accounts after losing their phones or forgetting their passwords.

The attack allowed hackers to take over an array of accounts—others included those of Elon Musk, Kanye West, Barack Obama, and Apple Inc.—and post bogus messages requesting money be sent to cryptocurrency accounts. Twitter said about 130 accounts were targeted and that it was assessing whether those users’ nonpublic data was compromised.

The FBI said Thursday in announcing its probe that “at this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud.” The agency said Twitter is cooperating with the investigation.

Separately, New York Gov. Andrew Cuomo said Thursday the state’s Department of Financial Services would investigate the attack.

Twitter, which has some 166 million users, has said only that the hackers used “social engineering” techniques, where employees are tricked into clicking a link, divulging information or otherwise aiding outsiders. The company hasn’t said specifically how the attackers penetrated its internal systems and tools or how long they had access to them. The hackers might have accessed information or engaged in other malicious activity, Twitter said, adding that it has “taken significant steps to limit access to internal systems” while it investigates the incident. On Thursday the company said it didn’t believe user passwords were compromised.

Twitter was still grappling with the fallout more than 24 hours after the first attack began, with some users still unable to access accounts that the company locked protectively. The company also disabled the function of being able to download personal data from the platform.

Benjamin Block, director of rapid response for the Democratic Congressional Campaign Committee, said lockouts were an issue for “dozens” of candidates. “Twitter owes these campaigns an explanation of what occurred and what the company will do to keep their platform secure going forward,” he said. Twitter said it was working with account owners to restore access.

A U.S. official said the disruption could have national-security implications, given Twitter’s role in public discourse and government messaging. The platform is among President Trump’s favored means of communication, and federal and local agencies use it to share information about natural disasters and other emergencies, including the coronavirus pandemic.

White House press secretary Kayleigh McEnany said Thursday that Mr. Trump’s Twitter account hadn’t been jeopardized in the hack.

Whatever access the attackers gained by targeting Twitter employees gave them extraordinary power over the platform. The hackers appeared to be not only capable of posting tweets from virtually any account but were likely able to view private direct messages between accounts, experts said.

The attack isn’t the first high-profile incident in which Twitter’s internal systems were compromised. In 2017, Mr. Trump’s account was deactivated for 11 minutes when a customer-support employee erroneously disabled it during the employee’s last day working at Twitter, the company said at the time.

And late last year, federal prosecutors charged two former Twitter employees and a Saudi Arabian national with spying on some users of the platform who criticized Riyadh and providing that information to kingdom officials. One of them had used employee credentials to obtain email addresses, birth dates and other information about people who had published posts critical of the Saudi royal family, prosecutors said.

Twitter in 2011 agreed to a settlement with the Federal Trade Commission over a hack of its systems in 2009 that regulators said put users’ privacy at risk. The company faces potential fines for violations of that agreement.

The hackers in Wednesday’s attack posted messages from some of Twitter’s most popular accounts, asking money to be sent to cryptocurrency accounts. The attackers received at least 510 payments worth $121,000 in response to the scam, according to blockchain analysis company Chainalysis Inc.

Allison Nixon, chief research officer at cyber services company Unit 221b, said she was contacted by the FBI on Wednesday in connection with the Twitter hack. Chainalysis said it has been contacted by several federal law-enforcement agencies about the matter.

The extensiveness and nature of the attack raised alarms in Washington, where officials and lawmakers expressed concern that such a vulnerability could be used by malicious actors—and potentially a foreign government—for a range of activity that could be far more damaging than a bitcoin scam.

A Pew Research Center report released Thursday found U.S. lawmakers have increased their use of social-media platforms such as Twitter and Facebook Inc. in recent years. The typical member of Congress now has nearly three times as many followers on Twitter and tweets roughly twice as often as in 2016, Pew said.

“We’re just now getting to an understanding of how critical [social-media platforms] are to how our nation operates,” said Neil Jenkins, a former U.S. cybersecurity official and chief analytic officer at Cyber Threat Alliance, a nonprofit that works to improve sharing of cyber-threat data.

Mr. Jenkins, who worked to counter Russian interference in the 2016 election, said Wednesday’s attack showed federal agencies’ limited abilities to protect private companies that provide vital services from disruptive hacks. He warned that a well-timed attack on Twitter during the 2020 election could be especially calamitous, adding that state and local election officials rely on the platform to push back on disinformation and share reliable information with voters.

U.S. officials at the Cybersecurity and Infrastructure Security Agency were also in communication with Twitter about the hack, an administration official said. And the Senate Intelligence Committee, which has investigated how foreign governments weaponize social media to achieve geopolitical aims, has asked Twitter for a briefing about the disruption, according to an aide to Sen. Mark Warner of Virginia, the top Democrat on the panel.

“Social-media platforms have become central to political leaders communicating with constituents, media personalities interacting with their fans and brands engaging with their customers,” Mr. Warner said in a statement. “The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment.”

For others, the hack renewed longstanding concerns about Twitter’s security posture. Sen. Ron Wyden (D., Ore.), also a member of the intelligence panel, said he met with Twitter Chief Executive Jack Dorsey nearly two years ago and pressed the company to make the its platform’s private direct messages end-to-end encrypted—meaning it would be extremely difficult for a hacker or government agency to intercept and read them. Twitter direct messages remain unencrypted.

Though it couldn’t be learned whether the hackers gained access to direct messages in Wednesday’s breach, the vulnerability isn’t present on competing platforms, which Mr. Wyden described as an inexcusable security shortcoming. “If hackers gained access to users’ DMs, this breach could have a breathtaking impact for years to come,” he said.

Photo: Twitter said it believed the hackers targeted employees who had access to its internal systems and tools. Outside the company’s Manhattan office on May 13. PHOTO: JOHN NACION/NURPHOTO/ZUMA PRESS

Link: https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537?mod=tech_lead_pos3

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search