Wednesday's mass breach of many high-profile Twitter accounts has left many observers worried that hackers could use the platform to help disrupt November’s presidential election.
That both Joe Biden and Barack Obama’s accounts were both compromised indicates that the platform is highly vulnerable not just to fraudsters directing users towards bitcoin scams, but also agents of disinformation who might use false messages from reputable figures to disrupt the election both during the campaign and on polling day.
And just as worryingly, Twitter itself struggled to mount a quick response to the fake posts, taking them down slowly while temporarily blocking all verified accounts from tweeting at all.
The implications for the election on 3 November are severe.
Besides trusted figures, blue-tick local and state authorities could be disrupted, meaning that false messages about where to vote and when could easily be distributed across key states to try and warp the electorate’s behaviour.
And by exploiting trusted accounts, if only briefly, hackers could potentially use the platform to spread disinformation far wider and more quickly than was done in 2016, when Russian-backed anonymous accounts seeded and amplified false stories across the network.
Those tactics are expected to be repeated and even exceeded this year across social networks, but the use of credible accounts with millions of followers to propagate well-crafted disinformation would change the game significantly.
Equally, even the prospect that this could happen may erode trust in not just those accounts, but Twitter in general, meaning counter-disinformation efforts would struggle to retain the credibility they need to cut through to an electorate whose trust in media is already extremely low.
And the concern about what might be done with these accounts goes well beyond the election.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack)
As former secretary of labour Chris Lu pointed out, “As the Twitter accounts of prominent people/companies are hacked, let’s take note of how troubling it is for a president to announce policy decisions (including military threats) on a platform susceptible to intrusions.
“We’re one hack away from a major international incident.”
Meanwhile, Twitter’s own description of what happened raises alarm bells because it confirms not only that hackers gained access to numerous accounts, but that they did so by using the company’s own systems – which they presumably accessed with the help of an insider.
As Twitter said in an update on the incident, “we detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here.”