Report on examination of Twitter’s July 15, 2020 Cybersecurity Incident and also the implications for choice Security
On July 15, 2020, a 17-year old hacker and his accomplices breached Twitter’s network and seized manage of dozens the Twitter account assigned to high-profile users. For several hours, the people watched when the Hackers brought out a publicly cyberattack, through seizing one high-profile account after ~ another and also tweeting out a “double your bitcoin” scam. The Hackers took end the Twitter accounts of politicians, celebrities, and entrepreneurs, consisting of Barack Obama, Kim Kardashian West, Jeff Bezos, and also Elon Musk, as well as Twitter accounts of several cryptocurrency carriers regulated through the brand-new York State department of jae won Services. And for several hrs Twitter appeared unable to protect against the hack.

You are watching: How to hack twitter account 2016

In financial value, the Hackers stole end $118,000 worth of bitcoin. But much more significantly, this occurrence exposed the vulnerability the a an international social media platform through over 330 million full monthly active users and also over 186 million daily energetic users, consisting of over 36 million (20%) in the joined States.<1> In short, Twitter dram a main role in how we communicate and also how news is spread. More than fifty percent of U.S. Adults acquire their news from society media “often” or “sometimes.”<2>

Given that Twitter is a publicly traded, $37 billion modern technology, it was surprising how quickly the Hackers to be able to permeate Twitter’s network and also gain accessibility to internal tools permitting them to take it over Twitter user’s account. Indeed, the Hackers used simple techniques much more akin to those the a traditional scam artist: phone call calls whereby they pretended to be from Twitter’s Information an innovation department. The extraordinary accessibility the Hackers obtained with this simple method underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences. Notably, the Twitter Hack did no involve type of of the high-tech or advanced techniques frequently used in cyberattacks – no malware, no exploits, and no backdoors.

The effects of the Twitter Hack expand far past this garden-variety fraud. There are well-documented examples of social media being offered to manipulate markets and also interfere through elections, frequently with the basic use that a single compromised account or a team of fake accounts.<3> In the hand of a danger adversary, the same accessibility obtained by the Hackers–the capacity to take regulate of kind of Twitter users’ account–could reason even better harm.

The Twitter Hack displayed the require for strong cybersecurity come curb the potential weaponization of significant social media companies. However our windy institutions have not captured up to the brand-new challenges make by society media. If policymakers emphasis on antitrust and content moderation problems with big social media companies, their cybersecurity is likewise critical. In other industries that room deemed critical infrastructure, such together telecommunications, utilities, and also finance, us have established regulators and regulations to ensure that the public interest is protected. Through respect come cybersecurity, the is what is needed for large, systemically crucial social media companies.

This Report evaluate the facts surrounding the Twitter Hack, the factors why it occurred, and what might be excellent to prevent future incidents. The Report additionally recommends actions for boosted cybersecurity oversight of big social media companies.

Part II of this Report describes background information around Twitter’s platform, the ever-expanding influence of society media communication such together Twitter, and how this influence continues to affect markets and the national conversation around elections and disinformation. It additionally describes the Department’s role in protecting consumers and also the financial services industry.

Part III sets forth a in-depth timeline that the Twitter Hack. This contains a summary of vital events and also Twitter’s response.

Part IV details the Twitter Hack’s affect on the Department’s cryptocurrency licensees and also their timely initiatives to protect their customers from the fraud. It also describes the considerable threat cryptocurrency fraud poses come the industry.

Part V addresses the cybersecurity weakness at Twitter that made the Twitter Hack possible. This consists of a absence of leadership, vulnerability to society engineering, and also a fail to address the brand-new vulnerabilities resulted in by the pandemic-driven transition to mass far working.

Part using identifies best practices that resolve the weaknesses the Twitter Hack exposed. The Report recommends details steps cryptocurrency companies can take come combat similar fraud. The Department likewise recommends cybersecurity steps that will mitigate the likelihood the a similar cyberattack will certainly succeed.

Part VII makes referrals for improving our society’s defenses against cybersecurity lapses that deserve to lead to society media manipulation. That addresses the need for a regulation and a regulator focused on large social media companies’ cybersecurity resiliency.

<1> J. Clement, Twitter: number of Monthly energetic Users 2010-2019, Statista (Aug. 14, 2019), (noting the in at an early stage 2019, Twitter averaged over 330 million complete monthly energetic users); Twitter, Inc., Q2 2020 Letter to shareholders (July 23, 2020), (stating that Twitter averaged over 186 million daily energetic users, of i beg your pardon 36 million (nearly 20%) to be in the united States).

<2> Elisa Shearer and Elizabeth Grieco, Americans space Wary the the duty Social Media Sites pat in carrying the News, Pew Research facility (Oct. 2, 2019).

The new York State department of financial Services

Governor Andrew M. Cuomo and the new York State Legislature created the room in 2011 together the mergers of the former Banking and also Insurance Departments, and widened the Department’s purview to encompass “the regulation of brand-new financial solutions products,”<4> by establishing “a contemporary system of regulation, rulemaking and adjudication” responsive to the demands of the banking and also insurance sectors and new York consumers and residents.<5> As component of its mission, the room protects new York consumers and businesses versus fraud and also cybersecurity dangers in connection with jae won products and also services, consisting of those related to cryptocurrency.

The Department has instituted critical cybersecurity standards for worldwide financial institutions that room models because that regulators worldwide. In 2016, the Department introduced its first-in-the-nation cybersecurity regulation that requires all financial establishments to implement a risk-based cybersecurity program and also to report type of attempted or enforcement unauthorized accessibility to their details systems.<6> The regulation has served together a design for other regulators, including the U.S. Federal trade Commission (“FTC”), multiple states, and also the nationwide Association of insurance money Commissioners (“NAIC”). In 2017, recommend the NAIC top top its Data Security design Law, i beg your pardon is based upon’s cybersecurity regulation. Eleven says have adopted the version Law and also the U.S. Treasury Department has urged all says to take on the design as shortly as possible.<7> In 2019, the FTC suggest amendments to its Safeguards preeminence under the Gramm-Leach-Bliley Act to include more detailed data security requirements that were expressly based upon’s regulation.<8> The Conference of State financial institution Supervisors has proposed a Nonbank model Data Security regulation that is also based expressly on’s cybersecurity regulation.<9>

Under the management of Superintendent Linda A. Lacewell, the department in 2019 became the very first state or commonwealth financial regulator in the nation to develop a Cybersecurity division to safeguard consumers and also industries from cyber threats. recruited Justin Herring, the former chief the the Cybercrimes Unit at the U.S. Attorney’s Office because that the district of brand-new Jersey, to command the Cybersecurity Division. As the Superintendent has repeatedly stated, cybersecurity is the best threat to industry and also government, bar none.

The department is also committed to providing safe, stable, and also open markets to those connected in virtual money business task (“VCBA”). In 2015, brand-new York promulgated its pioneering virtual money regulation to define VCBA and set forth the licensing and supervisory schemes.<10> come date, the Department has authorized over two dozen entities to conduct VCBA in brand-new York and also with brand-new Yorkers. The patent is seen as the gold traditional for cryptocurrency companies and also is typically included in the companies’ marketing materials as a sign of credibility through proposed counterparties, investors and also customers.

Superintendent Lacewell additionally formed the Department’s research study & Innovation division in 2019 come advance brand-new York’s place as a an international hub of financial innovation, consisting of fintech, insurtech, and also cryptocurrency. Led by Matthew Homer, the division works to ensure that brand-new Yorkers have actually safe access to the cryptocurrency marketplace and also that new York remains at the facility of technical innovation with forward-looking regulation.

Consistent v its management in protecting new Yorkers, the department is an integral part of the new York State Cybersecurity Advisory Board. Since 2013, the Department’s Superintendents have actually co-led the Advisory Board v the Governor’s landscape Security policy lead. The Board, made up of experts, advises the Governor’s management on advances in cybersecurity and recommends protections for new York State’s an essential infrastructure and information systems, including election security and also operations.

The Twitter Platform

Since approximately July 2006, Twitter has actually operated, a social networking and micro-blogging website that allows users come send “tweets”–brief to update of 280 (previously 140) personalities or less–to your “followers” (i.e., users who sign up to get such updates) via email and text. Twitter customers (either via the website or mobile application) have the right to follow other individuals, and also commercial, media, governmental, or nonprofit entities.<11> Twitter individuals can also send and also receive direct, non-public messages (“DMs”).<12>

Twitter maintains internal account administration tools to manage a broad range of worries relating come Twitter user accounts. Twitter worries authorized employees a username and also password to accessibility the internal account administration tools. A screenshot post on Twitter on July 15 verified an internal tool the Hackers accessed:<13>




Some of the interior tools incorporate nonpublic information around each Twitter user account, consisting of the account’s linked email address, phone call number, and also the net Protocol (“IP”) deal with for the user’s login location. In solution to user requests, authorized Twitter employees usage the inner tools, in part, to upgrade email addresses, reset forgotten or expired passwords, or allow or disable multifactor authentication (“MFA”), one extra great of protection requiring one auto-generated password to accessibility an account.

Twitter employees also use the internal tools come block or limit distribution of content of particular tweets or indigenous user accounts. Such limitations have the right to be enforced either in response to request from countries that prohibit content that violates local law, or to enforce hurt of the Twitter rule governing user conduct.<14>

Social Media’s power in Our modern-day Society

Twitter and other huge social media suppliers are popular, and also often provide beneficial services. Making use of Twitter, consumers can receive updates native friends and acquaintances, break news indigenous media outlets, or public safety and also emergency to update from government authorities. In instances, tweets invite users to click on links to various other websites, consisting of websites the consumers might use to achieve commercial products or services.

The Twitter Hack also highlights the risk connected with society media communication such as Twitter. As described below, it to be jarringly simple for a teenager and his young associates come hack Twitter and hijack account belonging to some of the most prominent people and organizations in the world. The Hackers focused on standard fraud. However such a hack, once perpetrated by well-resourced adversaries, might wreak far greater damage by manipulating public perception around markets, elections, and more.

In current years, Twitter and other social media platforms have been offered to affect financial markets, with terrible effects. For example, in 2013, the S&P 500 lost $136.5 exchange rate of worth minutes ~ hackers took end the associated Press’s Twitter account and falsely tweeted that two explosions at the White home harmed president Obama.<15> jae won criminals usage social media in “pump-and-dump” schemes to temporarily inflate the price of stocks v false or misleading tweets; as soon as they offer their shares and also stop fostering the stock, the resulting plunge in shares’ value harms unsuspecting investors.<16> multiple studies show that tweets affect trading volume and future market task whether their content is true or false.<17>

Social media can likewise disrupt elections and also public institutions. In July 2020, the office of the director of National intelligence announced that foreign nations–primarily China, Russia and also Iran–were attempting come interfere with democratic processes, using influence measures in social and traditional media.<18> This is consistent with a current Senate intelligence report, which found that Russian online influence operations during the 2016 elections to be designed come undermine confidence in democratic institutions and provoke social discord.<19>

Such influence is possible largely due to the fact that of Americans’ dependence on social media. In early on 2019, Twitter average over 330 million monthly active users.<20> through mid-2020, Twitter average over 186 million daily energetic users, the which practically 20% (36 million) were in the united States.<21> much more than fifty percent of U.S. Adults get their news from social media “often” or “sometimes." <22> In 2020, society media was one of the top-ranking resources of news because that Americans after ~ news apps and websites, especially amongst those under 50 years old.<23> Concurrently, public trust in the broader media ecosystem has actually been declining: a 2019-20 poll uncovered “low level of public to trust in the nation’s polarized media environment,” which opens up possibilities for misinformation to thrive.

See more: How To Gain Muscle As A Skinny Guy Series: How To Maximize Muscle Building


Given the prominence of society media platforms in communications globally and the history of prior attacks, occurrences like the Twitter Hack reveal the threats to the stability and integrity that elections, jae won markets and national security.