Twitter hack highlights concerns about disinformation, election security
Cybersecurity experts say the massive Twitter hack that targeted prominent billionaires, politicians and other high profile users— including Amazon CEO Jeff Bezos, presumptive Democratic presidential nominee Joe Biden and former President Barack Obama — should be a wake-up call ahead of the November election.
Hacked accounts posted about what appeared to be a cryptocurrency scam, but cybersecurity experts say a future attack could be politically motivated with serious ramifications.
“If you time it right, those sorts of things can have a big effect,” said James Lewis, director of the Technology Policy Program at the Center for Strategic and International Studies. “What would be the effect if you had some sort of damaging tweet on Election Day, right? Are we prepared to deal with that? And the answer is probably not.”
Lisa Kaplan, founder of Aletha Group, was the digital director of Sen. Angus King’s (I-ME) 2018 reelection campaign and developed the campaign’s strategy for fighting disinformation.
“My hope is that organizations are starting to ask themselves, ‘What would we do if and when this happens to us?’,” said Kaplan in an interview with Yahoo Finance.
While experts are hopeful this latest hack will motivate campaigns to further prepare, they note this isn’t a new threat.
“We've seen so many wake-up calls. Hopefully it'll be a wake-up call for the campaigns cause they are targets and they know they’re targets,” said Lewis. “Whatever their strategy is now, they need to take a step back and ask how they make it stronger.”
Kaplan and Lewis told Yahoo Finance Wednesday night’s Twitter hack reminded them of the 2013 hack on the Associated Press that briefly moved financial markets.
“It is a huge risk,” said Kaplan. “Campaigns need to take a very proactive approach to this — and everybody needs to have a plan for what they're going to do if and when it happens to them.”
Prepare for ‘every possible risk’
Mick Baccio, a security analyst at Splunk who used to run cybersecurity for former Mayor Pete Buttigieg’s presidential campaign, said there is only so much campaigns can do if the social media companies themselves are targeted — but campaigns need to be prepared.
“Generally when you see something in large scale like that, you look at, ‘Hey, this is not us. This is Twitter,’ and that's when all of your tabletops come into play,” said Baccio in an interview with Yahoo Finance. “If X happens, what do you do? Just every possible risk or scenario that you can think of, you kind of game plan.”
Baccio said it’s important for campaigns to have contacts at social media companies and know what steps they’ll take if the companies or their accounts are compromised.
“Those private sector, public sector partnerships are critical just for the integrity of the election,” said Baccio.
Lewis said campaigns should also work with the companies to get an “extra layer of protection” on their accounts. Kaplan urged political campaigns to prepare for the worst, by doing more than monitoring mainstream social media platforms.
“By the time it's already trending on Twitter [or Facebook], you're on the backfoot,” said Kaplan. “Start doing real threat investigations to understand what's happening and be able to get those advanced warning signs that a group may be organizing in the more fringe platforms on the internet.”
Baccio told Yahoo Finance he’d like to see additional legislation or a federal agency created to deal with campaign cybersecurity.
Lawmakers want answers
Members of Congress are pushing for answers about the hack. Rep. John Garamendi (D-CA) tweeted he has “grave concerns” about the safety of elections after the incident.
“Now more than ever we have to strengthen our nation’s cyber security,” tweeted Garamendi.
I don’t have any bitcoin to offer you but I do have grave concerns about what today’s hack of @Twitter means for the safety of our elections and other critical infrastructure from hostile actors. Now more than ever we have to strengthen our nation’s cyber security.
— John Garamendi (@RepGaramendi) July 15, 2020
The top Republican on the House Oversight Committee, Rep. James Comer, requested information from Twitter on Thursday — and asked for a briefing about the hack no later than July 24. Comer wants to know about the origin of the attack, what Twitter is doing to prevent another similar incident and what additional training Twitter employees will have to do going forward.
Comer said security breaches on social media could “jeopardize our national security and disrupt the lives of millions of Americans.”
The hack happened hours after a House Oversight Committee hearing on cybersecurity preparedness. The Chairwoman of the committee, Rep. Carolyn Maloney (D-NY) tweeted that the incident shows the need for the U.S. to streamline the government response to cyber attacks.
Sen. Josh Hawley (R-MO) sent a letter to Twitter (TWTR) CEO Jack Dorsey early Wednesday evening as the hack was unfolding, urging him to work with the FBI and the Department of Justice to secure the site. Among other questions, Hawley wanted to know if the attack threatened President Trump’s account.
“The accounts targeted include those for Apple, Uber, Jeff Bezos, former President Barack Obama, and even the Democratic nominee for President. The list of affected accounts is growing by the minute. Some affected accounts are alleged to have been protected by Twitter’s two factor authentication,” said Hawley in the letter. “I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself.”
Jessica Smith is a reporter for Yahoo Finance based in Washington, D.C. Follow her on Twitter at @JessicaASmith8.
Read more:
The $600 boost in unemployment benefits expires soon. What comes next?
Majority of Americans think Congress should extend enhanced unemployment benefits past July: poll
Coronavirus response: What Washington has accomplished and what's next
Congressional watchdog finds 'significant risk' for fraud in Paycheck Protection Program