Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search

 

What We Can Learn From Twitter’s Big Hack

 

We at NortonLifeLock Labs are committed to keeping consumers safe online and helping them make wise decisions about their security, identity and privacy. Therefore, we take the integrity of information shared online incredibly seriously – especially now that we are headed towards an election. As part of our efforts in this space, we are focusing our research on activities that prey on people and exploit the difficulty of assessing the legitimacy of information online, including detecting scams and disinformation networks. To that end, we recently released BotSight, a tool that can detect certain types of social bots and show those findings inline to Twitter users.

Last Wednesday, the Twitter accounts of numerous high-profile politicians, billionaires, and other notable figures were taken over by attackers to fraudulently solicit Bitcoin from their followers.

While the details of precisely how the attack was carried out are still a little murky, it is clear that the attackers managed to net a little over $118,000 for an attack lasting a few hours.

More interesting than the specifics of this attack are the vulnerabilities in the social media ecosystem that it exposed: we trust (perhaps too much) the authenticity of the messages on social platforms, especially from accounts of famous individuals, likely assuming that such accounts would be highly secured and “impenetrable”. Reality has however demonstrated that we should always consume online content with great caution.

Imagine if this hack had taken place on November 3, 2020, during the US election. Imagine if the attacker, during prime polling hours at 5 PM, had taken over Joe Biden’s account and tweeted that he had conceded to President Trump, and asked his supporters not to cast any more ballots. Imagine if Governor Gretchen Whitmer of Michigan tweeted that polling places were unsafe in the Detroit metro area and people should avoid them until further notice. Imagine if the official Twitter account for the Philadelphia Police Department had tweeted there was a bomb threat at some polling location.

For this week’s attack, 2 hours to fix the problem may seem very fast. But on election day, 2 hours of disinformation could seem like an eternity. This attack underscores the very real danger of social media and its potential impact on democracy. And this scenario is not unique to Twitter – next time it might be Facebook or Instagram. All social media companies are vulnerable; or in fact, it is us who are vulnerable and social media is just the platform.

Regardless of whether the attack was a result of malicious insiders, or insiders being compromised through phishing, this raises the question of how and why we trust the contents of a Tweet. Can anyone inside Twitter create a new Tweet on behalf of a high-profile account? And how do we defend not just the person who posted the Tweet, but the people reading it?

Some possible solutions would be to develop stronger authenticity guarantees around Tweets (1), have Twitter flag certain accounts as possibly hacked and alert the public while they investigate, and educate the public about these types of threats.

In the Tweet below, Twitter displays the device used to post the Tweet (Twitter Web App). However, it doesn’t check whether this device, in fact, belongs to Jeff Bezos. Twitter can borrow a technique from cryptography called “digital signing” to fix this. This technique, if implemented carefully, would allow each user to mathematically prove that a Tweet was sent from their own device, and would make forging Tweets much more difficult. Each device, when registered, would create secret random data, called a certificate, in the device’s protected trusted enclave. The certificate would be stored by Twitter in a special structure, called a ledger, for the world to see – but since the certificate is random, this would not violate a user’s privacy. This certificate would be used to sign all the Tweets a person sends, automatically, inside the Twitter app. When you see a signed Tweet, your Twitter app could then automatically check the Tweet’s authenticity by verifying the certificate exists on the ledger and belongs to the same person that created the Tweet.

While this has a few downsides, like not allowing Tweeting from a random web browser, it might make sense to implement for a few accounts of special significance, like public figures or users with massive followings (2).

Second (and more easily), Twitter could create an annotation on an account that it believes might have been compromised, which would take special privileges to set and remove. This annotation would be displayed to all users viewing any of that account’s Tweets, notifying them that the messages stemming from that account might not be authentic. This would be a more effective strategy than just repeatedly taking down offending Tweets.

Finally, we all have to be wary since there is only so much the social media companies can do to protect us from misinformation. We must understand that there is a significant possibility this, or something like it, will happen again. Because the next time an attack of this scale happens, the consequences might not be $118,000 of stolen Bitcoin, but an election.

While some tools, like NortonLifeLock Labs’s BotSight, are capable of detecting certain types of social bots, it’s ultimately up to each person to be critical of the information we read and determine whether the information is real or fake.

As the election looms closer, we all need to be aware that in the information war, the real targets are not Twitter, or Facebook, or Google. The real targets are us.

Footnotes

1. Emails can be signed using a per-device key, which is checked against a blockchain of known keys. Tweets can be equipped with the same security

2. Even for the case of a random browser, you could use an existing device to automatically communicate with Twitter and sign the Tweet with the owner’s permission. This would be a little difficult to do correctly but might be the correct solution long-term.

NortonLifeLock Labs™ is the cornerstone of NortonLifeLock’s thought leadership in Cyber Safety, leading the company’s future technology and guiding the consumer cybersecurity industry around the globe. The Labs team, sitting within the office of the CTO, includes leading threat and security researchers aimed at protecting customers against known and new threats and delivering consumer-focused innovation in the space of security, privacy and identity. Through these efforts, we continually improve our industry-leading protection and detection capabilities to help keep consumers Cyber Safe, while also delivering innovative prototypes with test-friendly features so adventurous users can learn and offer feedback.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.

© Scoop Media

 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines


Scoop Covid-19 Coverage: Auckland To Remain At Level 3 Restrictions, Rest Of NZ At 2 For 12 More Days


Auckland will remain at level three restrictions and the rest of the country at level two for 12 more days Prime Minister Jacinda Ardern announced.
She said this would be reviewed on August 21, but there was no indication yet anywhere was required to go to level four restrictions.
Ardern said a good start had been made in stamping out the infections associated with the Auckland family cluster and it appeared it had been picked up early. There was still no certainty about where the virus had come from, but it appeared to be new to New Zealand and not a sign the virus was dormant.... More>>

 

Government: Plan To Tackle Problem Plastics

Following the success of the phase out of single-use plastic shopping bags, the Government now has plans to phase out more single-use and problem plastics to reduce waste and protect the environment announced Associate Minister for the Environment ... More>>

ALSO:

Gordon Campbell: On The New Lockdowns, Leadership And Lebanon

As Melbourne has shown, the webs of urban life overlap so extensively that community transmission can be very hard to trace, let alone control. Each of the family members in the South Auckland family at the centre of the current outbreak will have had ... More>>


ALSO:

National: Emma Mellow As Auckland Central Candidate

Tonight the National Party has selected Emma Mellow to stand in the Auckland Central electorate for the 2020 General Election. Emma Mellow replaces retiring MP Nikki Kaye who first won the seat from Labour in 2008. Emma leads a team of communications ... More>>

ALSO:

Travel: Update On New Zealand And The Cook Islands Bubble

The Prime Minister of New Zealand Jacinda Ardern and the Prime Minister of the Cook Islands Henry Puna have welcomed the completion of phase one in the establishment of a travel bubble between New Zealand and the Cook Island. More>>

Election 2020: Labour Launch

E ngā mana e ngā reo Ngāti whātua ngā mana whenua o Tāmaki Makaurau, e tika te kōrero Ehara taku toa he toa (taki tahi) he toa (taki tini) No rēira tātou e huihui mai nei, ka ‘Hoake tonu tātou’ Thank you for that welcome. And thank ... More>>

Gordon Campbell: On Political Twins, And On Labour Extending Its Wage Subsidy Scheme

A quick quiz for the weekend. Which political party currently represented in Parliament issued a press release yesterday that contained these stirring passages: “[We have] long supported a free trade and free movement area between Canada, Australia, New ... More>>

ALSO:

Democracy 2.0: NextElection Partners With Scoop For Exciting Democracy Tech

Joint Press Release: NextElection, Scoop.co.nz, ScoopCitizen NextElection , a technology platform empowering democracy and Government accountability, and Scoop Independent News have partnered to strengthen citizen participation in the 2020 New Zealand General ... More>>

ALSO:


Covid-19: Poll On Management Approval

New Zealanders’ overall trust in the Ministry of Health and Government to manage the COVID-19 pandemic is at 82%, down from 91% during April. Overall distrust that the Ministry and Government will manage it in ways which best protect themselves More>>

Election 2020: National Releases 2020 Party List

National’s 2020 Party List is a strong mix of experience coming up through our Caucus, and new and exciting talent joining our team from communities across New Zealand, Party President Peter Goodfellow says. “The National Party is incredibly ... More>>

Horizon Research Limited: How Judith Collins Stopped The Bleeding

Horizon Research includes questions on voting from time to time in its surveys – for both forthcoming referenda and general elections. More>>

Your Vote 2020: Bringing Election Coverage To Viewers Across TVNZ Channels And Platforms

As New Zealand gets ready to head to the ballot box this September, 1 NEWS is bringing voters comprehensive coverage and analysis of this year’s General Election. TVNZ’s coverage will draw on the depth of experience held across the 1 NEWS team, says Graeme ... More>>

Economy: 30% Believe Households Worse Off, 298,000 Expect To Lose Jobs

64% of New Zealanders feel the economic position of their households is the same or better than a year ago – and 30% think it is worse or much worse, while 298,000 think they will lose their jobs in the next 12 months. Households’ perceptions ... More>>

State Services Commission: Findings Of Investigation Into COVID-19 Active Cases Privacy Breach

Deputy State Services Commissioner Helene Quilter has today announced the findings of an investigation into a breach of privacy regarding sensitive personal information. The investigation looked into who or what caused the disclosure of the information, ... More>>

International Security: New Zealand Suspends Extradition Treaty With Hong Kong

The New Zealand Government has suspended its extradition treaty with Hong Kong and made a number of other changes in light of China’s decision to pass a national security law for Hong Kong, Foreign Affairs Minister Winston Peters says. More>>

ALSO:


 
 
 
 
 
 

LATEST HEADLINES

  • PARLIAMENT
  • POLITICS
  • REGIONAL
 


 

InfoPages News Channels