Brexit-supporting businessman Arron Banks has had his Twitter account hijacked and his private messages dumped online by person or persons unknown – and random script kiddies are trying to claim the credit for it.
Banks’ account was seemingly accessed two days ago, with @arron_banks on Twitter (since suspended) being used this afternoon to spread links to a Mega.nz download page hosting a dump of the Twitter account’s full archive.
Blame for the hack was briefly claimed by an account on the social network registered as @WhitePings, who alleged it was a successful SIM swap attack carried out by whoever operated the account. However, its operators simply took other people’s screenshots of the stolen data and claimed them as their own.
One showed raw JSON being viewed in either Microsoft Word or Open Office, which aside from the obvious plagiarism seems unlikely from people capable of carrying out a SIM swap attack. Unfortunately, @WhitePings was suspended before The Register could grab screenshots.
Coming during a general election campaign where Brexit is the number one issue, the illegal accessing of Banks’ account and publication of his private direct messages, sent to other prominent political and media figures, has piqued the interest of the political and media classes alike.
Banks used his personal fortune to help fund the UK Independence Party under Nigel Farage, later switching to funding the Leave.EU campaign group. The latter played a very prominent part in the 2016 referendum on Britain leaving the European Union, and was allegedly linked to dodgy data-crunching biz Cambridge Analytica. Banks’ company, Eldon Insurance, and Leave.EU were later fined £120,000 by the Information Commissioner’s Office for using people's personal data for politican campaigning for Brexit.
Twitter account archives are part of the social media platform’s policy to let users access more of the data they happily hand over to Twitter, as explained here.
Police, GDPR, legal threats
Avon and Somerset Police has confirmed that it is investigating, with a spokesman telling the BBC: "We're investigating whether any offences have been committed under the Computer Misuse Act after we received a report a Twitter account was compromised.”
Leave.EU’s comms chief Andy Wigmore, a friend of Banks and fellow anti-EU campaigner, tweeted this earlier:
Even in the midst of our departure from the bloc, the EU’s General Data Protection Regulation still serves some Britons well. Wigmore also said that “under the Computer Missuse Act we can and will come after you legally” if people download the data dump. El Reg is not completely sure how that works, or if he's heard of the Streisand Effect.
Fake news is already being spread
Political campaigners immediately leapt on purported leaks from the messages to bolster their claims Banks is some kind of inherently evil wrongdoer who cares for nothing in his pursuit of political power…
What's this? Nothing much. Just Arron Banks (Nigel Farage's top funder) dismissing Leave voters in North as "Northern Monkeys" who he doesn't give a toss about with 'man of the people' Dominic Raab.— Our Future, Our Choice (@OFOCBrexit) November 19, 2019
Banks is a fraud! #arronbanksleaks pic.twitter.com/9rJmm9W2kd
… however, this one is faked and access to the stolen data is not necessary to confirm the fakery. The arron_banks account (now suspended from Twitter) had the unique number 3390728889. Unique account ID numbers mean even if a Twitter user changes their username, the account itself can still be tracked.
Infosec boffins pour cold water on claims Home Office Brexit app can be easily hackedREAD MORE
The image in the above embedded tweet is saved here.
In that image, purporting to show raw JSON from Banks’ direct messages, the number for arron_banks checks out against the fields “senderId” and “recipientId” in two such messages. However, the receiving account number, 16373287, does not validate at all against two different account number-checking services.
Both messages share the same unique ID – 833613156532080837 – which is not possible for genuine tweets or direct messages, which are all assigned a unique numeral. Moreover, the timestamp for the upper message says it was sent at 13:40:422 on 2 November 2019, whereas the second message was apparently sent precisely five hours later (18:40:422) to within one hundredth of a second. The odds of this are wholly implausible.
Sensible folk would do excellently to follow this advice:
Dear all -— Mike Galsworthy (@mikegalsworthy) November 19, 2019
With #arronbanksleaks, just be careful.
It’s very easy to circulate screenshots that are not validated. Or get excited by content therein.
If there was a leak, it was illegal. There might also be significant disinfo deliberately circulated. Patience is a virtue.
Banks, via his Leave.EU political campaign, did not respond immediately to a request for comment. ®