Twitter Scam Address Blacklisted

Coinbase stopped around 1,100 customers from sending bitcoin to hackers who gained access to high-profile Twitter accounts last Wednesday. The attackers hacked over 100 Twitter accounts in a massive coordinated bitcoin scam.

According to Twitter, the hackers convinced some of the company’s employees to use internal systems and tools to access the accounts and help the hackers defraud users into sending them bitcoin.

According to Forbes, Coinbase and other cryptocurrency exchanges were able to stop some customers from sending bitcoin to the hackers by blacklisting the hackers’ wallet address. Coinbase says it prevented just over 1,000 customers from sending around $280,000 worth of bitcoin during last Wednesday’s attack. Roughly 14 Coinbase users sent around $3,000 worth of bitcoin to the scam’s bitcoin address before the company moved to blacklist it.

The cyber attack involved 130 accounts -- 45 of which were used to urge people to send them BTC. Data belonging to eight accounts was also downloaded and stolen; however, Twitter does not believe the hackers were able to access cleartext passwords and so mass password resets are not required.

Twitter is working with law enforcement to investigate the incident. The company is also conducting a forensic review of all impacted accounts.

Related: Twitter Hack: Coinbase Blocks $280,000 in Bitcoin theft

Twitter Hack Highlights Security Concerns

This month the theme at Ethics Forum has been personal privacy and Big Tech. On Thursday, July 16, Twitter announced that 130 Twitter accounts were hacked in what constitutes one of the biggest security breaches of the social media platform.

The accounts that were hacked include high profile figures such as Barak Obama, Joe Biden, and Elon Musk.

Twitter reported, “For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”

The first public signs of the intrusion came around 3 PM EDT on Wednesday, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money.

The hack actually began on Tuesday night, when several verified Twitter accounts began tweeting out posts asking users to send them money through bitcoin. The hackers targeted employees with access to internal systems and tools in what the company described as a successful “coordinated social engineering attack.” The hackers raised the equivalent of over $115,000.

There is evidence that this attack was perpetrated by individuals who have specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account.

KrebsOnSecurity reports a security source at one of the largest U.S.-based mobile carriers, who said the “j0e” and “dead” Instagram accounts are tied to a notorious SIM swapper who goes by the nickname “PlugWalkJoe.” Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists.

Twitter has made this statement: "We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can."

Twitter removed any tweets across its platform that included screenshots of its internal tools, and in some cases temporarily suspended the ability of those accounts to tweet further.

Another Twitter account — @shinji — also was tweeting out screenshots of Twitter’s internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying “follow @6,” referring to the account hijacked from Lucky225.

Related reading: Twitter Says 130 Accounts Targeted; Twitter Hack: What Went Wrong; Regulation of Big Tech; Personal Privacy and Data Collection; Notre Dame-IBM Launch Tech Ethics Lab; Penalties for Prosecuted Cyber Crimes

Regulation of Big Tech

When Bill Gates says it is necessary to regulate the Tech Sector, Americans should take this seriously. He appeared on "The David Rubenstein Show: Peer-to-Peer Conversations" on June 24, 2020.

“Technology has become so central that government has to think: What does that mean about elections? What does that mean about bullying?” Gates said in the interview at the Economic Club of Washington, DC. “So, yes, the government needs to get involved.”

Americans have concerns about personal privacy due to technologies that can collect massive amounts of data. According to a 2019 survey of the Pew Research Center, most Americans feel that they have little control over how their personal information is collected and used by businesses and government. About 6 out of 10 persons sampled believed that "it is not possible to go through daily life without having their data collected."

In other countries more than 80% of the people surveyed say the power of big tech companies should be limited. Those countries include Germany, India, Indonesia, Thailand and New Zealand.

Countries disagreeing the most with regulation of big tech companies include Nigeria and Japan. More than 40% of people surveyed in those nations say they didn't think those companies need more restrictions. 

About 74% of respondents worldwide agree with this survey statement: "Technology is displacing our jobs." 

Globally, about 77% say they worry that their internet privacy is at risk. 

85% of those sampled agree with the statement that "the world needs a global set of internet standards.

Related reading: Personal Privacy and Data Collection; Notre Dame-IBM Launch Tech Ethic Lab; How to Keep Your Personal Information Secure; From the Office of the Director of National Intelligence; Threats to Facebook's Future

Personal Privacy and Data Collection

Concerns about personal privacy and data collection continue as more advanced technologies are applied. This issue is not going away. Federal protections are held up by partisan politics and the reality that legislation cannot keep pace with technological advances. The laws enacted today are likely to be obsolete within a matter of months.

According to a 2019 survey of the Pew Research Center, most Americans feel that they have little control over how their personal information is collected and used by businesses and government. around 6 out of 10 persons sampled believed that "it is not possible to go through daily life without having their data collected."

The survey discovered that 70% of those sampled believe that their personal data is less secure now than five years ago.

In general, we want protection from entities that seek to gain financially from our information, but we also want the government to effective use data to track potential terrorist activity. The Pew survey found that 49% say it is acceptable for government to collect data about all Americans to assess who might be a potential terrorist threat.

Nobody is fooled by the lengthy privacy notices from banks and financial services. They are written by lawyers who are retained by the companies to protect them from legal liability rather than to inform users as to how their personal information might be shared. The term “privacy notice” gives the impression that the organization is going to protect personal information instead of how it is going to disclose that information.

In the absence of a comprehensive federal data privacy and data security law, individual states fill the gap. An example is The California Consumer Privacy Act (CCPA) which took effect on 1 January 2020. The California Consumer Privacy Act requires that companies "notify users of the intent to monetize their data, and give them a straightforward means of opting out of said monetization."

For now, these are the best practices for protecting personal information: 

Be alert to impersonators and scammers.
Safely dispose of personal information.
Keep security software updated.
Lock your computer to avoid security breaches when not being used by you.
Avoid phishing emails.
Be wise about Wi-Fi use, especially in public venues such as coffee shops.

Do not click on social media surveys.

Never share personal information by email or on social media.

Change passwords every 6-8 months and keep these private.

Related reading:  Notre Dame-IBM Launch Tech Ethic Lab; How to Keep Your Personal Information Secure; From the Office of the Director of National Intelligence