To recap the situation, at around 1pm on Wednesday, several celebrity accounts began tweeting out similar, odd messages regarding a Bitcoin giveaway.
As you can see in these examples, the affected accounts included Barack Obama, Jeff Bezos, Kim Kardashian and more. Twitter users quickly established that the accounts had been hacked, but not before around $300k worth of Bitcoin had been sent through to the listed address. The listed account number where people were to send Bitcoin was the same on all the tweets.
Upon recognizing the incident, Twitter locked down all verified accounts as it sought to assess the situation, while Twitter also took expanded action that wasn’t as publicly visible.
As explained by Twitter:
“Shortly after we became aware of the ongoing situation, we took preemptive measures to restrict functionality for many accounts on Twitter – this included things like preventing them from Tweeting or changing passwords. […] We also locked accounts where a password had been recently changed out of an abundance of caution.”
So what happened? How, exactly, did the hacker – or hackers – get access to these high-profile accounts.
“We believe attackers targeted certain Twitter employees through a social engineering scheme. […] The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
Twitter reported that 130 accounts in total had been impacted late Thursday evening, and it now says that fewer than half of them were subsequently utilized in the hack.
The explanation appears to align with a New York Times report on the incident – on Friday, NYT published details that it had gleaned from a group of hackers who’ve claimed responsibility for the hack. NYT was able to verify their explanations by matching their Bitcoin accounts with the address listed in the tweets.
According to the report, a hacker going by the name of ‘Kirk’ was able to gain access to Twitter’s administration tools by first being added to Twitter’s internal Slack channel, where the details he needed had been posted in various exchanges. With this newfound access to Twitter’s control panel, Kirk claims to have first sought to sell usernames in the gaming community, where single letter handles (like @y, for example) are particularly popular.
After recruiting other hackers to assist in his plan, Kirk began selling usernames on Wednesday morning, with the prices for the hacked profiles quickly rising rapidly throughout the day. Given that initial success, Kirk then turned his attention to taking control of celebrity accounts, through which he eventually claims to have netted around $180k from people that had been duped by the fake messages.
The New York Times reports that Kirk stopped communicating with them after word circulated that the FBI had become involved in the case.
Twitter’s account of its findings thus far largely matches up with this overview – though, given this, that would mean that private information from these accounts was accessible in the hack.
Twitter confirms this, noting that:
- Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
- In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.
That additional information would include DMs, which could be a significant concern for those involved.
There’s also this:
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.”
If the NYT’s report is correct, that would likely have been the accounts initially sold by the hackers.
In some respects, the fact that these were not verified accounts seemingly lessens the severity of such – but either way, the hackers were theoretically able to access sensitive information, and full Twitter details on past owners of the hacked accounts.
There’s no way to soften the blow here – this is a major breach of Twitter’s systems, which will erode trust in the platform for some time to come. If the details reported thus far are correct, the weakness here was human error, and that, in many respects, will always exist in all security chains. But still, as The Verge’s Casey Newton noted in his initial report on the incident.
“Twitter is, for better and worse, one of the world’s most important communications systems. […] After today it is no longer unthinkable, if it ever truly was, that someone could take over the account of a world leader and attempt to start a nuclear war.”
It may seem like a stretch, like it could never get to that point – and it may seem now like these were just some trouble-making hackers looking to make a quick buck. But the significance of the incident cannot be overlooked. Twitter will need to work hard to show that such a hack cannot happen again.
Which, based on this explanation, it probably can’t do, but it will need to improve its processes to provide assurance that it’s working to reinforce its systems.
There’ll be much more, no doubt, to follow on this.
Meta’s Developing and ‘Ethical Framework’ for the Use of Virtual Influencers
With the rise of digital avatars, and indeed, fully digital characters that have evolved into genuine social media influencers in their own right, online platforms now have an obligation to establish clear markers as to what’s real and what’s not, and how such creations can be used in their apps.
The coming metaverse shift will further complicate this, with the rise of virtual depictions blurring the lines of what will be allowed, in terms of representation. But with many virtual influencers already operating, Meta is now working to establish ethical boundaries on their application.
As explained by Meta:
“From synthesized versions of real people to wholly invented “virtual influencers” (VIs), synthetic media is a rising phenomenon. Meta platforms are home to more than 200 VIs, with 30 verified VI accounts hosted on Instagram. These VIs boast huge follower counts, collaborate with some of the world’s biggest brands, fundraise for organizations like the WHO, and champion social causes like Black Lives Matter.”
At first glance, you wouldn’t necessarily realize that this is not an actual person, which makes such characters a great vehicle for brand and product promotions, as they can be utilized 24/7, and can be placed into any environment. But that also leads to concerns about body image perception, deepfakes, and other forms of misuse through false or unclear representation.
Deepfakes, in particular, may be problematic, with Meta citing this campaign, with English football star David Beckham, as an example of how new technologies are evolving to expand the use of language, as one element, for varying purpose.
The well-known ‘DeepTomCruise’ account on TikTok is another example of just how far these technologies have come, and it’s not hard to imagine a scenario where they could be used to, say, show a politician saying or doing something that he or she actually didn’t, which could have significant real world impacts.
Which is why Meta is working with developers and experts to establish clearer boundaries on such use – because while there is potential for harm, there are also beneficial uses for such depictions.
“Imagine personalized video messages that address individual followers by name. Or celebrity brand ambassadors appearing as salespeople at local car dealerships. A famous athlete would make a great tutor for a kid who loves sports but hates algebra.”
Such use cases will increasingly become the norm as VR and AR technologies are developed, with these platforms placing digital characters front and center, and establishing new norms for digital connection.
It would be better to know what’s real and what’s not, and as such, Meta needs clear regulations to remove dishonest depictions, and enforce transparency over VI use.
But then again, much of what you see on Instagram these days is not real, with filters and editing tools altering people’s appearance well beyond what’s normal, or realistic. That can also have damaging consequences, and while Meta’s looking to implement rules on VI use, there’s arguably a case for similar transparency in editing tools applied to posted videos and images as well.
That’s a more complex element, particularly as such tools also enable people to feel more comfortable in posting, which no doubt increases their in-app activity. Would Meta be willing to put more focus on this element if it could risk impacting user engagement? The data on the impact of Instagram on people’s mental health are pretty clear, with comparison being a key concern.
Should that also come under the same umbrella of increased digital transparency?
It’s seemingly not included in the initial framework as yet, but at some stage, this is another element that should be examined, especially given the harmful effects that social media usage can have on young women.
But however you look at it, this is no doubt a rising element of concern, and it’s important for Meta to build guardrails and rules around the use of virtual influencers in their apps.
You can read more about Meta’s approach to virtual influencers here.
Meta Publishes New Guide to the Various Security and Control Options in its Apps
Meta has published a new set of safety tips for journalists to help them protect themselves in the evolving online connection space, which, for the most part, also apply to all users more broadly, providing a comprehensive overview of the various tools and processes that it has in place to help people avoid unwanted attention online.
The 32-page guide is available in 21 different languages, and provides detailed overviews of Meta’s systems and profile options for protection and security, with specific sections covering Facebook, Instagram and WhatsApp.
The guide begins with the basics, including password protections and enabling two-factor authentication.
It also outlines tips for Page managers in securing their business profiles, while there are also notes on what to do if you’ve been hacked, advice for protection on Messenger and guidance on bullying and harassment.
For Instagram, there are also general security tips, along with notes on its comment moderation tools.
While for WhatsApp, there are explainers on how to delete messages, how to remove messages from group chats, and details on platform-specific data options.
There are also links to various additional resource guides and tools for more context, providing in-depth breakdowns of when and how to action the various options.
It’s a handy guide, and while there are some journalist-specific elements included, most of the tips do apply to any user, so it could well be a valuable resource for anyone looking to get a better handle on your various privacy tools and options.
Definitely worth knowing either way – you can download the full guide here.
Twitter bans account linked to Iran leader over video threatening Trump
Iran’s supreme leader Ayatollah Ali Khamenei meets with relatives of slain commander Qasem Soleimani ahead of the second anniverary of his death in a US drone strike in Iraq – Copyright POOL/AFP/File Tom Brenner
Twitter said Saturday it had permanently suspended an account linked to Iran’s supreme leader that posted a video calling for revenge for a top general’s assassination against former US president Donald Trump.
“The account referenced has been permanently suspended for violating our ban evasion policy,” a Twitter spokesperson told AFP.
The account, @KhameneiSite, this week posted an animated video showing an unmanned aircraft targeting Trump, who ordered a drone strike in Baghdad two years ago that killed top Iranian commander General Qassem Soleimani.
Supreme leader Ayatollah Ali Khamenei’s main accounts in various languages remain active. Last year, another similar account was suspended by Twitter over a post also appearing to reference revenge against Trump.
The recent video, titled “Revenge is Definite”, was also posted on Khamenei’s official website.
According to Twitter, the company’s top priority is keeping people safe and protecting the health of the conversation on the platform.
The social media giant says it has clear policies around abusive behavior and will take action when violations are identified.
As head of the Quds Force, the foreign operations arm of Iran’s Revolutionary Guards, Soleimani was the architect of its strategy in the Middle East.
He and his Iraqi lieutenant were killed by a US drone strike outside Baghdad airport on January 3, 2020.
Khamenei has repeatedly promised to avenge his death.
On January 3, the second anniversary of the strike, the supreme leader and ultraconservative President Ebrahim Raisi once again threatened the US with revenge.
Trump’s supporters regularly denounce the banning of the Republican billionaire from Twitter, underscoring that accounts of several leaders considered authoritarian by the United States are allowed to post on the platform.
From Creation to Stellar ROI
Riley Hope On Women In SEO & Automotive Search
What Is A Google Broad Core Algorithm Update?
The HubSpot Blog’s 2022 Social Media Marketing Report: Data from 310 Marketers
Top Practices to Promote Your Business Using PPC
State of AI and Ethical Issues
How to Grow Your Customer Base
5 Tips For More Engaging & Impactful Branded Travel Content
5 Social Media Predictions Marketers Got Wrong Last Year
Google Ads Target CPA Not Going Away In 2022
WordPress 5.9 to Introduce Language Switcher on Login Screen
14 Top Reasons Why Google Isn’t Indexing Your Site
Pages That Look Like Error Pages Can Be Considered Soft 404s By Google
20 Tips and Best Practices
Here’s How Meta Is Changing Facebook Ads Targeting For 2022
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites …
Are Nofollow Links a Google Ranking Factor?
17 Actionable Content Marketing Tips for 2022
10 Things You Need To Know To Be Successful
How To Help Google Rank Products With Duplicate Descriptions
SEARCHENGINES2 days ago
Google Versatile Text Ads Are Responsive Search Ads?
SEARCHENGINES3 days ago
Microsoft Bing Testing Related Searches On Left Side Bar
SEO6 days ago
25 Unique SEO Tactics That Deliver Big Results
MARKETING4 days ago
5 Social Media Strategies that Boost Your SEO
SEARCHENGINES3 days ago
Google 1/11 Search Algorithm Update, Manual Actions Delayed, Core Update Specifics & Microsoft Bing IndexNow News
SEO4 days ago
5 Competitor Analysis Tools You Should Be Using
SEO1 day ago
Is It A Ranking Factor?
SEARCHENGINES5 days ago
Google Search Ranking Algorithm Update On January 11, 2022 (Unconfirmed)