- Several massive Twitter accounts were hacked Wednesday by bitcoin scammers asking for money, claiming they would return senders double the amount in an effort to provide financial relief during the coronavirus pandemic.
- Compromised accounts included those of Barack Obama, Joe Biden, Kim Kardashian West, Kayne West, Jeff Bezos, Bill Gates, and Elon Musk.
- Hackers reportedly gained access to an internal tool by bribing a Twitter employee with money. They were then able to change emails associated with the accounts and reset passwords.
- The hack has prompted many to ask how general privacy and even United States national security could potentially be affected, with Senator Josh Hawley (R-MO) asking Twitter CEO Jack Dorsey to provide more information about the attack.
- Thursday, the FBI and the New York State Department of Financial Services both opened investigations into the hack.
Bitcoin Hackers Gain Control of Huge Accounts
Twitter suffered its largest hack ever on Wednesday, which some fear could have far-reaching national security implications.
In fact, on Thursday, the FBI opened an investigation into the hack. The same day, at the direction of Governor Andrew Cuomo, the New York State Department of Financial Services launched its own investigation.
“The Twitter hack and widespread takeover of verified Twitter accounts is deeply troubling and raises concerns about the cybersecurity of our communications systems, which are critical as we approach the upcoming presidential election,” Cuomo said.
The list compromised accounts include those of Kim Kardashian West, Kanye West, Elon Musk, Jeff Bezos, Apple, and Uber, It even includes those of former President Barack Obama and presumed Democratic presidential nominee Joe Biden.
Most of those accounts, which were all hacked near-simultaneously, tweeted some variation of the same message: “I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000! Only doing this for the next 30 minutes! Enjoy.”
Shorter messages were posted on accounts like Kardashian-West’s.
Though it’s highly unlikely that such wealthy and high profile figures would directly ask their followers for money in this way, the requests were coming from their personal, verified accounts (AKA, accounts with that coveted, blue checkmark next to their names). Thus, many fell for the scam, and hackers are estimated to have stolen as much as $120,000 as part of the scheme.
As the hack was happening and more verified accounts were compromised, Twitter became so worried and concerned that it did something unprecedented: temporarily disabling all verified accounts from directly tweeting.
While that prevented hackers from continuing to post tweets asking for money, it also had some unintended consequences. For example, the National Weather Service in Lincoln, Illinois was tweeting about a severe thunderstorm at the time, however, the verified account soon found itself unable to post updates. That then forced it to resort to retweeting its bot account, which is not verified.
How Did the Hack Happen?
If reports about how hackers breached Twitter’s security system are true, that exposes massive security flaws at the company.
According to Motherboard, which is owned by Vice Media, hackers convinced a Twitter employee to help them hijack the targeted accounts. In fact, according to leaked screenshots and two anonymous sources who took over those accounts, Motherboard alleges that the employee in question was bribed into—at least indirectly—handing over an internal tool that allowed them to hack into the accounts.
“We used a rep that literally done all the work for us,” one of the sources told Motherboard.
In a statement on Wednesday evening, Twitter Support said, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
According to a Twitter spokesperson who spoke to Motherboard, the company is also investigating whether that employee hijacked the accounts themselves or if they gave hackers access to the tools.
As to how those hackers actually gained access to the accounts, Alan Woodward, a cybersecurity expert at the University of Surrey, told Business Insider, “It looks like the way this was done was by using the tools inside Twitter to reset contact details and then trigger password resets.”
Essentially, those hackers likely gained access to the internal, high level tools then used them to change the email addresses associated with those accounts. From there, the hackers would have sent password reset requests, granting them full access to the accounts.
Such a strategy is difficult to counter (How many times have you reset your own password just because you couldn’t remember it?).
Twitter could always get rid of the internal tool that allows employees to reset passwords, but as Woodward noted to Business Insider, if the company did that, people might end up getting locked out of their accounts forever.
He suggested having Twitter require more than one employee to sign off on the password reset function.
“If you allow such tools to exist (and it’s difficult to see how you’d not) then the only way to stop them being misused by an individual is to have a process in place to make sure you need two people internally to make it function,” he said.
What Else Did Those Hackers See While in the Accounts?
The idea that hackers could make their way into the account of a former president or that of a major presidential candidate is scary in itself, but it also raises several key questions: What else did they see? What information did they manage to access?
For example, Twitter does not encrypt private messages. Anyone who logs into an account can see the messages sent to and from that account. That’s not to suggest Obama or Biden have something to hide, but such a fact is a gaping privacy concern.
As Woodward noted, even for regular users, there’s currently no way to defend themselves against this type of attack.
But it’s not just privacy. The people behind the accounts that were hacked have massive influence and sway. While his account did not appear to be hacked in this attack, many have raised concern about what kind of power hackers could exert if they were able to comandeer President Donald Trump’s Twitter account.
On top of being the leader of the country, Trump is frequently known to attack political enemies—including foreign leaders. Many, including Senator Josh Hawley (R-MO), fear the national security implications Trump’s Twitter account could pose in the wrong hands.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” Hawley said in a letter to Twitter CEO Jack Dorsey as the attack was unfolding.
“As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
Hawley asked Dorsey to provide detailed information on the attack, including information regarding Trump’s account.
“Did this attack threaten the security of the President’s own Twitter account?” Hawley asked in a series of questions.
So far, it is unknown how or if Dorsey has responded to Hawley, though Dorsey did make a personal statement on Wednesday.
“Tough day for us at Twitter,” Dorsey said. “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. [Love] to our teammates working hard to make this right.”
This isn’t the first time the accounts for high profile names have been hacked on Twitter. In fact, even Dorsey’s account was hacked last year. That same hack also targeted other massive online personalities like James Charles and Shane Dawson were also hacked last year.
See what others are saying: (Business Insider) (Axios) (The Verge)
Black Mirror or Reality? Microsoft Granted Patent for Tech That Lets It Create Chatbots of Dead People
- Microsoft has been granted a patent that would allow it to create artificial intelligence chatbots of dead people using “voice data, social media posts, electronic messages, written letters, etc.”
- As Microsoft noted in its patent proposal, chatbots could also be created to imitate living people — opening the door for users to train a digital version of themselves to be used after they die.
- In the patent filing, Microsoft also suggested creating 2D or 3D models of chatbot subjects by studying images and videos of them.
- Online, many noted the similarities between Microsoft’s patent and a 2013 episode of Black Mirror in which a woman creates an AI version of her deceased boyfriend.
Microsoft Granted Controversial Patent
The United States Patent and Trademark Office has granted Microsoft a patent for technology that would allow it digitally revive dead people.
If implemented, Microsoft would use information like “voice data, social media posts, electronic messages, written letters, etc.,” to create artificial intelligence chatbots meant to replicate the person.
In its filing, Microsoft noted that the person could be “a friend, a relative, an acquaintance, a celebrity, a fictional character, a historical figure, a random entity, etc.”
Microsoft also noted, “the specific person may also correspond to oneself (e.g., the user creating/training the chat bot), or a version of oneself (e.g., oneself at a particular age or stage of life).”
As The Independent pointed out, that opens up the door for living users to be able to “train a digital replacement in the event of their death.”
But it doesn’t stop there. Microsoft has also suggested creating 2D or even 3D models of the person by studying images and videos of them.
Has Life Finally Become an Episode of Black Mirror?
Online, many noted the similarities between Microsoft’s patent and a 2013 episode of Black Mirror in which a character, played by Hayley Atwell, revives her recently-deceased boyfriend through an AI chatbot. As the episode progresses, that AI — played by Domhnall Gleeson — eventually becomes an exact replica android of her boyfriend.
“More people that need to remember Black Mirror is a warning sign, not a product manual,” said Tama Leaver, an internet studies professor at Curtin University in Australia.
Indeed, many critics have interpreted the episode, which focuses on the grief felt by Atwell’s character because of her loss, as an examination of “our own mortality and our desire to play God.”
“It shines a spotlight on our desperate need to reverse a natural and necessary part of life without considering the consequences on our emotional well-being,” Roxanne Sancto said in a review for Paste Magazine.
In fact, series creator Charlie Brooker said part of his direct inspiration for writing the episode was based on Twitter and the question: “What if these people were dead and it was software emulating their thoughts?”
See what others are saying: (The Independent) (IGN) (Indie Wire)
JoJo Siwa Fans Caution Against Labeling the Star’s Sexuality
- JoJo Siwa was featured in two TikTok videos Wednesday that many felt signaled her as a member of the LGBTQ+ community.
- One showed her dancing and lip-syncing to Paramore’s “Aint It Fun,” along with members of the TikTok group Pride House LA. Siwa specifically mouthed the lyric “Now you’re one of us,” which is also the caption of the post.
- The second video showed her lip-syncing to Lady Gaga’s “Born This Way,” a song that has long been heralded as an LGBTQ+ anthem.
- The 17-year-old entertainer has not directly addressed speculations about her sexuality, prompting many to caution against labeling her.
JoJo Siwa TikToks Trigger Sexuality Speculations
JoJo Siwa fans are urging the public not to label the 17-year-old entertainer’s sexuality, especially when she has not explicitly done so herself.
The request came after Siwa became a trending topic Wednesday when many speculated that she had come out as a member of the LGBTQ+ community.
The speculations stem from two TikTok videos she was featured in. The first was posted on choreographer Kent Boyd’s account. It features him and other members of the TikTok group Pride House LA, which includes several stars from Disney Channel’s “Teen Beach Movie.”
It showed them all lip-syncing and dancing along to Paramore’s hit song “Ain’t It Fun.” Siaw specifically mouthed the lyric “Now you’re one of us.” That lyric was also the caption of the post.
Later in the day, Siwa posted a video on her personal TikTok account that featured her lip-syncing to Lady Gaga’s “Born This Way,” a song that has long been heralded as an LGBTQ+ anthem.
Part of the lyrics she sang along to were: “No matter gay, straight or bi, lesbian transgender life / I’m on the right track baby, I was born to survive.”
These posts really started all the rumors online, and things picked up when influencers like James Charles, Bretman Rock, and others expressed their support.
Many fans also left comments on the videos saying they were proud of her, and journalist Yashar Ali tweeted, “This feels like a big deal if it is what I think it is…JoJo Siwa is hugely popular with kids.”
“And as someone just pointed out, if it is what I think it is, she’s doing it at the height of her fame when she’s selling out arenas,” he continued.
Despite the wave of praise, other fans feel that it’s inappropriate and harmful to make speculations about anyone’s sexuality.
Many have even shared their own experiences coming out, reminding people not to label Siwa as anything until she explicitly chooses to share that information herself.
While Siwa hasn’t directly addressed any of the responses as of yet, she has retweeted a post that features her video, the pride flag emoji, and the caption, “@itsjojosiwa is on the right track, she was born this way.”
Still, others also noted that she has publicly asked Lady Gaga to collaborate with her in the past, so perhaps this is a signal about that happening soon.
Others believe it could also be Siwa’s way of signaling that she is an ally of the LGBTQ+ community.
See what others are saying: (Insider) (Metro) (Teen Vogue)
Google Investigates Top AI Researcher Who Was Looking Into a Previous Firing
- Google is investigating the co-leader of its Ethical AI team, Margaret Mitchell.
- While Mitchell has not been fired, her account has been locked because Google said she “exfiltrated thousands of files” and shared them with people outside of the company.
- In a tweet, Mitchell indicated that she had been “documenting current critical issues” related to the firing of another Google AI Ethicist in December.
- Sources reportedly told Axios that Mitchell had been specifically looking for messages that showed discriminatory treatment of that fired researcher.
Google Investigates Margaret Mitchell
On Tuesday, Google stated that it is now investigating the co-leader of its Ethical Al team, Margaret Mitchell.
Mitchell has reportedly not been fired, but her company email account has been locked.
According to Google, its security systems automatically lock employee accounts “when they detect that the account is at risk of compromise due to credential problems or when an automated rule involving the handling of sensitive data has been triggered.”
In this case, Google said Mitchell “exfiltrated thousands of files” and then shared them with people outside of the company.
Why Did Mitchell Begin Looking Through Files?
Mitchell’s investigation is related to the ousting of another top AI ethicist at Google, Timnit Gebru, who was fired at the beginning of December.
Before Gebru was fired, managers reportedly instructed her to withdraw an unpublished research paper upon her return from vacation. In an email to the internal listserv Google Brain Women and Allies, Gebru then voiced frustration at managers for allegedly making the decision without her input.
“You are not worth having any conversations about this, since you are not someone whose humanity (let alone expertise recognized by journalists, governments, scientists, civic organizations such as the electronic frontiers foundation etc) is acknowledged or valued in this company,” Gebru said in a critique of the decision.
Gebru’s firing led to such a massive outcry from Google employees that Google CEO Sundar Pichai pledged to investigate the situation.
On Friday, Mitchell indicated in a tweet that she was also looking into Gebru’s firing, saying that she was “documenting current critical issues from [Gebru’s] firing, point by point, inside and outside work.”
According to Axios, sources have said that Mitchell used automated scripts to siphon through messages that potentially document discriminatory treatment against Gebru.