The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal.
The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate.
“At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement given to the WSJ. New York Gov. Andrew Cuomo is also having the state’s Department of Financial Services investigate the attack, the report states. “Foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can,” Cuomo said, according to the New York Post.
Twitter says its own internal employee tools were compromised as part of the attack
New York Attorney General Letitia James also opened an investigation following this morning’s news that lawmakers on both sides of the aisle have begun calling for Twitter to provide more transparency about how the attack was carried out. “Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.”
The attack, which involved hackers taking control of popular accounts with millions of followers to tweet out a bitcoin scam, was the work of a group of unknown individuals. Twitter now says the group used social engineering techniques of some type to gain control of internal company tools. Those tools allowed the hackers to gain access to the accounts, although Twitter has not specified how exactly this happened.
In the aftermath of the account takeovers, which lasted for more than two hours, Twitter had to resort to extreme measures to mitigate the fallout, including disabling the ability for verified accounts to send new tweets and locking down all of the affected accounts and even some accounts that were not targeted by the hackers. The company is still working to restore access to locked accounts as of this afternoon.
Motherboard reported yesterday that the hackers did not in fact breach any Twitter systems, but instead allegedly paid a Twitter employee to reset the email addresses associated with the affected accounts, thereby giving unauthorized access to the hackers who then tweeted out the cryptocurrency scam tweets. Twitter has not openly disputed this account of the event, but it is currently unclear how much, if any, of the story is an accurate representation of what happened. The company is still investigating and has not yet shared its full findings.