Fin dePencier is a liberty activist based in Toronto, and incoming contributor to Christian Watson’s podcast, Pensive Politics.
On July 15th, In one of the most confounding compromises of internet security the world has ever seen, 130 Twitter accounts, including Elon Musk, Bill Gates and Barack Obama were hacked, displaying a message soliciting donations to a black-hole bitcoin address. But stealing just over $100,000 of bitcoin doesn’t even register as significant in comparison to the gravity of America’s most important political social media platform being breached in such alarming fashion. If the hacker’s primary intention was to steal money, they could have tweeted misleading information about American equity markets and profited off the reaction, for example. Little is known about this catastrophe, including who was behind it, but the bitcoin was purely a smokescreen. By asking the questions: who has the incentive, who has the capability, why is this happening now, a shortlist of suspects can be compiled.
The victims of this hack were mostly elite from the private sector, companies themselves, and former government officials like Barack Obama. Curiously, not a single sitting government official had their account commandeered. Rep. Jennifer Wexton (D-Va.), founder of the Congressional Task Force on Digital Citizenship told The Washington Post, “This data breach in particular underscores just how troubling it is to have a president who dictates policy ad hoc over Twitter and practices the opposite of responsible digital citizenship,” The prospect of a hacker sending out a phony military threat from the President’s account, something he has voluntarily done many times, is terrifying.
Hackers reportedly got access through a backdoor that allows Twitter to tweet on someone’s behalf, a ridiculous security flaw that doesn’t have any justifiable utility. Brian Krebs, a cybersecurity journalist who worked at The Washington Post from 1995-2009 talked to a hacker operating under the pseudonym Lucky255. Lucky took over the hacker account @6, formerly belonging to Adrian Lamo. Lamo is famously known for hacking the servers of the New York Times, Microsoft, as well as reporting whistleblower Chelsea Manning to US authorities. “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” said lucky. Twitter has some serious questions to answer about its internal policies.
“Why, if this was a bitcoin scam, would Twitter be unable to stop the tweets? It’s not a bitcoin scam man, that is speculative. This is way more sophisticated than that,” Said veteran journalist Tim Pool, an expert in the field who famously interrogated Twitter CEO Jack Dorsey and one of Twitter’s top lawyers, Vijaya Gadde on the Joe Rogan Experience. The tweet from Binance’s account appeared at 2:13 pm, Obama’s tweet appeared at 2:35, Warren Buffets tweet at 5:27. Most of the tweets occurred around 5:30. The fact that Twitter’s engineers couldn’t stop this intrusion hours after it was first initiated means that Twitter’s most fundamental functions of content regulation were compromised. “These attackers were the equivalent of stealing a McLaren F1, taking it for a joyride and then crashing it into a telephone pole 4 minutes later…There is so much more damage that could have been done,” said Alex Stamos, former Security Chief at Facebook. He’s right, the hack was an unprecedented security breach, and the culprit could have unleashed absolute mayhem. The sophistication of infiltration combined with the hackers’ refrain strongly indicates that this was the work of a state or state-sponsored intelligence agency. Who else would do this just to show they have the power?
Just one day before the hack, President Trump signed the Hong Kong Autonomy Act (HKAA), a piece of legislation that will completely transform how U.S foreign and economic policy treats Asia’s recently deceased financial center. The law imposes incredibly punitive sanctions on virtually anyone who aided or participated in the Chinese Communist Party’s encroachment on Hong Kong, and also stipulates in section 4, some of which included below, that such people will have their assets seized:
Sec. 4. All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person, of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in:
(a) Any foreign person determined by the Secretary of State, in consultation with the Secretary of the Treasury, or the Secretary of the Treasury, in consultation with the Secretary of State:
(i) to be or have been involved, directly or indirectly, in the coercing, arresting, detaining, or imprisoning of individuals under the authority of, or to be or have been responsible for or involved in developing, adopting, or implementing, the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Administrative Region;
Two days before the hack, the United Kingdom banned Huawei, the state-owned telecom provider which former Canadian Prime Minister Steven Harper described as “an extension of the Chinese surveillance state.” The Trump administration has successfully convinced every member of the intelligence-sharing alliance, “The Five Eyes” to ban Huawei from installing telecom infrastructure in their countries, except for Canada. because 5G is the bootloader for two revolutionary technologies: blockchain and artificial intelligence, China is doing everything in its power to salvage Huawei’s future as a 5G provider around the world.
On July 6th, 9 days before the hack, Secretary of State Mike Pompeo announced that the Trump administration was considering a ban on Chinese state-owned TikTok. The Democratic National Committee has forced their staffers to delete the app, and the Republican National Committee says this has been their policy for quite some time. Republican and Democratic communications teams need to effectively argue that Tiktok is significantly more dangerous than any of the American social media companies to justify their ban, already a hard sell before the hack considering the numerous privacy scandals U.S social media companies have been engulfed in. This happens right as bipartisan support for the banning of TikTok emerges. Large organizations will be re-evaluating the already flimsy assumption that U.S social media companies have the requisite security guarantees that we know don’t exist with Tiktok. The attack could force the Trump administration to shelve the Tiktok ban proposal, a major win for China, as well as force public officials to rethink having an account on Twitter, the paramount medium to circumvent legacy media channels and speak directly to followers. If China does see Tiktok as a goldmine of espionage intelligence gathering, it makes sense that they would do something drastic and offensive to maintain that asset.
In former national security advisor John Bolton’s new book, he said something approximating the following: “ I don’t remember a single moment during my tenure at the white house when the president didn’t make a move that wasn’t in service of helping his chances of re-election” Unfortunately for Trump, not every American voter differentiates between U.S intelligence having a backdoor into a platform and Chinese intelligence wholly owning one to pull data at will. Trump knows the prospect of banning Tiktok will be incredibly unpopular, especially with the army of millennials who have helped crown Tiktok as the most downloaded social media app in America. Supporters of the app will make the argument that ‘if we ban Tiktok we should ban Twitter too.’
The United States and China are undeniably in a new cold war. It is an intelligence war, a trade war, an information war, a biochemical war, and a technology war. It’s highly likely the July 15th Twitter hack was the latest in a series of offensives between the two countries. It could be a warning shot meant to intimidate the American government and indicate that it’s within China’s power to do something more consequential in the future. Analysts are implored to re-evaluate the significance of other recent bizarre twitter statements, like Elon Musk’s tweet that Tesla’s stock price was “too high imo. (in my opinion).” It’s possible this was an isolated hack that Musk wouldn’t have wanted to reveal to the world and Chinese Intelligence’s first warning that they had this power.
Another suspect could be a faction within the U.S intelligence community that has an interest in forcing regulation across the tech industry or catalyzing a mass exodus of government officials from the platform. Senior fellow at the Hoover Institution and Historian Niall Ferguson says that there are only two bipartisan issues in Washington D.C: opposition to China and regulation of the tech companies. Russian intelligence is another suspect. On July 17th, intelligence authorities from the U.S, the UK, and Canada all accused the Russian government-linked group APT29 of stealing COVID-19 vaccine research. Just today, the Justice Department released an indictment against Li Xiaoyu and Dong Jiazhi, two Chinese men who are accused of stealing terabytes of coronavirus research from 11 different companies on behalf of Beijing. Countries targeted included the U.S, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden, and the U.K.
Cyber-attacks will only get more malicious and more sophisticated. Hydro grids, medical records, sewage systems, and many more critical infrastructure components are all now digitized and susceptible. On May 9th, a major port in Tel Aviv, Israel was compromised by Iranian intelligence, disrupting operations. Israel also thwarted a cyberattack in April of this year where Iran attempted to tamper with an Israeli water supply by increasing the levels of chlorine to poisonous levels. “We will remember this last month, May 2020, as a changing point in the history of modern cyberwarfare,” said Israel’s National Cyber directorate Chief Yigal Unna.
There are three crucially important things to understand about the Twitter hack: it had nothing to do with siphoning Bitcoin, the culprit could have inflicted exponentially more damage, and this was very likely the work of an intelligence agency. Connecting the dots requires analysts to look at every aspect and motivating factor of the attack: why twitter, why those officials, why at this time, why the Bitcoin distraction. More dangerous and sophisticated cyberattacks await.