Santa Hacker Visits Twitter in July

thumbnail

That day in mid-July began with our favorite Twitter blue check accounts offering to double our money. Of course, Santa Claus in July. Why not?

We immediately spied that our good friend, Democrat presidential aspirant Joe Biden, had tweeted that he was a generous and nice guy. He promised to send anyone $2,000 if you sent him $1,000. Always on the lookout for a sweet deal, we sent generous Joe one dollar. We’re sad to report that as of now, two weeks later, we’re still waiting for our $2 from Joe. That wrecked our plans to hit Publix on Friday and take advantage of the store’s weekend deal – three cans of tuna for $2.

We later learned, to our great discomfort, that other blue check tweeters like Elon Musk offered to double our Bitcoins: send one Bitcoin and get two Bitcoins back.

Then it got worse. The blue check Twitter accounts of Bill Gates, Jeff Bezos, Apple, Bill Gates, Uber and others had been hacked, urging everyone to send Bitcoin to a bitcoin wallet address and they would see their bitcoin doubled. Of course…Ho! Ho! Ho!

He’s making a list
And checking it twice;
Gonna find out who’s naughty and nice.
Santa Claus is coming to Twitter…

Exercising rare caution rather than our usual wild investment strategy, we cancelled plans to sent $2 million in Bitcoins and the deed to our house to the blue check Twitter account of North Korea’s Kim Jong-un.

Twitter admitted that Santa Hacker was able to take control of Twitter accounts, some with millions of followers, and broadcast the good news of doubling your bitcoin digital cash. All you needed to do was send your Bitcoin to a bitcoin wallet.

Twitter was forthcoming – sort of – and said that Santa Hacker gained control of an “internal Twitter admin tool” to achieve access to big kahuna Twitter accounts who share the coveted blue check next to a name. The blue check is reserved for big, important people who are of public interest. Everyone else is an insect.

Twitter further admitted that Santa Hacker implemented a “social engineering attack” to gain “access to internal systems and tools.”

Huh? What’s that?


Hello, Twitter Security

Security experts define a social engineering attack as manipulating people to divulge confidential information. So, Twitter is packed with workers who can be tricked into giving away sensitive information. That’s good to know. It all boils down to the well-known fact that the weakest link in any security chain is people. Always.

Examples of a social engineering attack includes phishing. An email, for example, may trick a user to click on a fake website and divulge personal information like credit card numbers or social security information.

Another social engineering trick is building trust with a person by pretending to be an employee in a company.

Victims can also be baited by a scammer offering free music or goods in return for login information.

After analyzing all this social engineering stuff, we can speculate that the Twitter hack went something like this:

Ring. Ring-a-ring. Ringringring

Twitter Drone: Hello, Twitter security.

Hacker: Hey, dude. Jack Dorsey your Twitter president here. I forgot my password to sign in. If you tell me your password so I can login, I’ll send you a roll of toilet paper, signed by Justin Bieber, and a coupon for Starbuck crab cakes and a vanilla latte.

Twitter Drone: Wow! Okay, the password is PASSWORD.

Hacker: Oh, and go to this website and enter your bank account number and password so I know it’s you.

Twitter Drone: Do you want my big bank account or the little one?

Hacker: All of them. And sign your car title and mail it to Orphans Who Need Cars at the Denver address on your screen.

Twitter engineers earn about $130,000 per year. Apparently, that’s not enough to buy a Starbucks gift card. They need to  visit Tor to scrounge for a free cup of vanilla latte.


FBI Finds Circus Elephants Behind Hack

Twitter admitted that the hackers targeted 130 people and changed 45 passwords. The crack FBI cybercrime team also noted that all the peanut butter cups in the vending machine were gone, lending credence to the suspicion that the hackers might own pet squirrels or circus elephants.

Twitter punished the guilty employees’ stock holdings by dropping 4% in after-hours trading and taking away their Trump voodoo dolls and stickpins.

Twitter tried to calm anxious investors and customers worried about Twitter security by stating: “We’re embarrassed, we’re disappointed and we’re sorry.” Twitter pledged to improve security measures by installing Swahili keyboards, making it more difficult for employees to communicate with potential hackers. Twitter also released an apology, which you can listen to here:

I’m Sorry by Lil Uzi Vert


The Letter Q is Banished

Twitter responded to the hack by panicking and freezing verified accounts. When that didn’t help, Twitter also locked the accounts of any user who attempted to change a password in the last 30 days.

Twitter could have frozen the verified accounts that used the password 123456 and suggested that users try to use a tougher password like ABCDEF. But that would have dropped Twitter traffic by 90% and irritated advertisers.

The social media giant reassured users that messing with their accounts didn’t necessarily mean that their accounts were compromised or that they were under suspicion of hacking. That wasn’t true, though, for any Twitter accounts using the letter Q.

Twitter suspended 17,000 accounts with the letter Q to enhance security. Twitter recommended that users not use the letter Q in any tweet to avoid summary suspension. It’s recommended that tweeters use an ampersand in the place of the letter Q until further notice. Vietnamese dipthongs are also allowed as substitutions. The other letters of the alphabet are safe for now, pending further investigation.

Twitter security experts also recommended that people who own Bitcoins sew them into a vest and hide the vest in a closet.


At Twitter, Everyone is an Insect

This latest Twitter fiasco has raised concern among politicians (who else?) that hackers taking over Twitter blue check accounts could create chaos. Let’s imagine, for example, that Warren Buffett’s account is hacked and this tweet appears: Sold all Berkshire Hathaway stock. Bought dogecoin. Woof!

People with a thimble of common sense will see the hack joke. Those who have no thimbles will see Santa in July.

What we learned from this latest Twitter car wreck is that Twitter’s verified process to earn the coveted blue check doesn’t mean much. The blue check confers no special protection to those anointed with Twitter knighthood. They don’t get dubbed with the Queen’s sword. No pages wait to lock on armor. No invitations to courtly banquets are offered. And there isn’t much security.

No, it’s just a checkmark colored blue plastered on your forehead. Maybe the blue check users are just insects, too.

 

 

 

One thought on “Santa Hacker Visits Twitter in July

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top