The creator of cURL reassured The Reg on Tuesday that he's not a billionaire rocket man giving away Bitcoins, no matter what his Twitter account claimed.
Daniel Stenberg, who maintains the widely used Swiss army-knife of network data transfer tools, had his verified Twitter account hijacked by person or persons unknown, its name and avatar was changed to that of Elon Musk's, and it was used to peddle a Bitcoin scam.
Speaking to El Reg shortly before he finally managed to convince Twitter to give him back control of his profile, Stenberg said he was “pretty confident” that none of his cURL work has been compromised or had malicious code sneaked into it. The hack appears very similar to a widespread one earlier this year in which Musk’s Twitter account was commandeered to con marks into handing over their stocks of the cryptocurrency in exchange for more in return.
“No, I have no idea how they got into my account,” Stenberg told The Register. “I feel pretty confident that they did not go through or breach any my local machines/accounts and that this is entirely done on the remote Twitter account. Other than that, it is a mystery to me how this happened.”
Security much? Twitter should have had a CISO to prevent Bitcoin hack, says US state financial bodyREAD MORE
Writing on his website, Stenberg said someone seized control of his Twitter account, which has 24,000 followers, while he was busy debugging cURL code – that person rapidly switched the account’s registered email address and password to lock him out before turning it into a Bitcoin scam.
“At 0042 in the early morning of November 16 (my time, Central European Time), I received an email saying that 'someone' logged into my twitter account @bagder from a new device. The email said it was done from Stockholm, Sweden and it was 'Chrome on Windows'. I live in Stockholm,” wrote Stenberg.
In short order he was forcibly signed out of all his other Twitter sessions, and realized that he had been hacked. At 0050 he reported it to Twitter; at 0051 he provided additional verifying information. He wasn't given back his account by Twitter until nearly two days later.
"At 20:56 on November 17 I received the email with the notice the account had been restored back to my email address and ownership," Stenberg wrote.
The digital joyride appears to have coincided with Bitcoin reaching $17,000 for one coin, a high it has not reached since January 2018.
Sorry for that little interruption. I noticed the hihack immediately and reported to twitter it after a mere 8 minutes, then I had to wait 45 hours and now I'm here again. https://t.co/vqSLZvvNVb pic.twitter.com/JBc4tfqD0Y— Daniel Stenberg (@bagder) November 17, 2020
The cURL maintainer speculated: “One of the more puzzling things that I can’t stop thinking about is how I got the notice email from Twitter saying someone had logged into my account *from Stockholm*. I mean, what are the odds that someone trying to hack my account would do that from an IP range that is geolocated in the same general area as I am? But I can't seem to make any sensible conclusions based on that, it just seems... too unlikely to be a coincidence.”
Indeed it may not be. A group of Dutch hackers who said they guessed US president Donald Trump’s Twitter password earlier this year reckoned that the site enforces geo-based controls as a form of authentication, having found and bypassed that feature themselves on Trump’s account by using a VPN.
For now, don’t transfer Bitcoins to strangers on Twitter. Not even if it’s an electric car salesman telling you to. ®