#17 - Six takeaways from the Twitter hack
Welcome to the new subscribers, and thank you all for the comments and feedback on my last newsletter — please keep them coming!
As I mentioned in my introductory post, my goal for this experiment is to sharpen my writing and thinking, to meet like-minded people, and to promote healthier discourse. If you know anyone who would be interested in the discussion, please forward this along or have them subscribe.
Six takeaways from the Twitter hack
So, uh, this happened:
The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
The chaos began when Tesla CEO Elon Musk’s Twitter account was seemingly compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates’ account was also seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address.
Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, among others, were also compromised and began promoting the scam.
This has got to be the worst social media hack of all time. Although we still don’t have a full picture of exactly what happened, I have six important takeaways (based on what we already know):
First, yes, this was terrible, but it could have been way worse. The hackers compromised prominent accounts to scam individuals into routing bitcoin (approximately $120,000 worth) to the hackers’ accounts. Imagine if the hackers had wanted to take the entire stock market for a ride. They could’ve just hacked into Elon Musk’s account and tweeted something crazy about Tesla (yes, something even crazier than “taking it private. Funding secured!”). Or, if they wanted to stir up geopolitical conflict, they could have hacked into Trump’s account and tweeted something crazy about China and nuclear war.
Second, a recurring theme throughout this newsletter has been that technology leverages creativity in both positive and negative ways, and everyone should have a more balanced perspective on technology. Of course, most people leverage technology for good. That said, to the technology lovers: We can’t rid the world entirely of bad actors, and for every great thing that technology has given us, there’s another side of the coin, where technology is used for evil. And to the technology haters, the opposite: It’s natural to focus on the negative outcomes like this Twitter hack, but we shouldn’t forget about all the great things that have come from innovation.
Third, the private sector heavily rewards entrepreneurs who take creative positive risks, but as far as I know, we don’t have rewards for entrepreneurs who brainstorm negative risks and mitigate them proactively. Sure, the government has people for risk mitigation, but there’s been an ongoing brain drain from the public sector to the private sector. What’s worse: Silicon Valley-ites infamously dump on downers who aren’t all gung-ho optimistic about the technological future. I, however, think we need to have these creative “downers” right inside the Twitters, Facebooks, and other tech companies of the world, to prevent downside risk. They should be integrated into product and infrastructure teams, always asking the question of what can possibly go wrong.
Fourth, this hack isn’t the first time something like this has happened to Twitter. Apparently, the hackers solicited Twitter employees, who have “god mode” admin access to accounts, to help with the hack. In 2019 two former Twitter employees were also charged with accessing the accounts of Saudi Arabian dissidents in 2015, and in 2017 a contractor deactivated the account of President Trump. Listen, it’s one thing for a company to suffer from a novel attack vector, but it’s quite another for a company to suffer from the same attack vector multiple times and flail in its response. This demonstrates not only a lack of creativity but a lack of prudence.
Fifth, Twitter’s band-aid solution was extreme, but it may be something we see more of. In response to the hack, Twitter apparently took the extraordinary step of blocking verified accounts (the ones with blue check marks) from tweeting. In my third point, I suggested that companies need to be proactive rather than reactive in mitigating risk. Twitter’s move here is completely reactionary and essentially admits: We have no idea what’s going on, so we’re just going to turn everything off. To be clear, I’m not exactly condemning this response. After all, if something bad is happening and you really don’t know why or how it’s happening, the tools you have at your disposal are necessarily blunt. A parallel here is Facebook’s recent proposed ban on political advertising in the days leading up to the election. The thinking is that, well, a halt on ads could defend against misleading election-related content spreading as people prepare to vote. If Facebook doesn’t know how misinformation is going to spread, and the damage is disproportionately large in the days before the election, then I guess it makes sense to shut the whole apparatus down? I’m not sure. Maybe more companies will start going down this route, but I’d still rather that companies take the preliminary step of creatively brainstorming what’s going to go wrong.
Sixth, and most controversially, you might actually be able to spin this hack as a good thing. Writer Byrne Hobart kinda’ makes this case. Essentially, assume that there are two types of bad actors going around hacking sites: (1) Those who hack for their own personal gain; (2) Those who want to watch the world burn. If you’re a type (1) hacking into Twitter (which is probably what these hackers were), then conducting a bitcoin scam may be the only payoff you have a reasonable chance to collect. Other ways of making personal profit may result in higher returns but are way too risky to pull off. Therefore, according to Hobart, “Bitcoin creates a sort of global bug bounty. If Bitcoin scammers hadn’t found this vulnerability, maybe North Korean hackers or the PLA would have.” In other words, bitcoin incentivizes hackers to find network vulnerabilities in search for (relatively) modest financial gains. The downside from these type (1) hackers is not nearly as bad as the downside from type (2) hackers, who may have pulled off some of the theatrics I described in my first point. To be honest, I’m not sure how much I buy Hobart’s argument. At the end of the day, hacking is still hacking, you’re still taking from other people, and I’d still rather that networks themselves brainstorm all attack vectors / implement their own bug bounties. Nevertheless, Hobart’s point is an interesting one.
📚 5 articles
Venture capital doesn’t build the things we really need. I’ve previously written that VC’s obsession with software-based businesses may be blinding them to riskier (but more impactful) investments into deep tech. This article dives into that idea a bit more.
Google is building holographic glasses, smart tattoos, and more! Extremely cool. There’s a lot of criticism that the big tech firms aren’t really innovating anymore and that they’re just milking their cash cows and copying / acquiring the innovative start-ups. While I think that’s true to some extent, this article shows that it’s not always the case.
De-escalating social media. An innovative idea to let Twitter users essentially attach “sorry, I was wrong” labels to their posts. The hope is that this would de-escalate conflict and misinformation on the platform while also providing opportunities for forgiveness and healthier discourse. This idea could be generalizable to all social media platforms.
An interview with a VC investing in “technical risk.” Early-stage investing inherently involves different types of risk. There’s execution risk—is this the right team? There’s market risk—will consumers (the market) be receptive to the product, and how will competitors respond? There’s regulatory risk—will the government clamp down on this? There’s technical risk—will this technical solution work? And more. The venture capitalist interviewed in the article (Ashmeet Sidana) is focusing on technical risk. The most interesting quote from the interview: “Silicon Valley is a tech investing ecosystem, but most of its participants aren’t solving hard technical problems. They have market insights or consumer insights. It’s the difference between Google and Facebook. Google figured out how to index better, how to better prioritize a sorting problem. Facebook was started with the consumer insight that people want to be connected with each other. I focus on companies based on technical insights. Most VCs don’t.”
Silicon Valley and the death of serendipity. If Silicon Valley became Silicon Valley thanks to fortuitous encounters between really smart people, will COVID-19 and the shift to remote work signal the end of Silicon Valley? Three comments here: (1) I’m not sure I accept the premise that serendipity forms the backbone of Silicon Valley. Yes, the article cites a couple of examples (Facebook and PayPal), but I don’t think these examples are generalizable for the entire industry. I think connections are way more important than serendipity. (2) Even if serendipity is the backbone, I don’t think remote work is a permanent trend that will affect the number / quality of chance in-person encounters. Most of the smart, young people I talk to hate remote work and are excited to get back to in-person work. Sure, maybe remote work appeals to older folk with more stable lives. But the entrepreneurialism and serendipity of Silicon Valley is mainly about attracting the big risk takers, not the ones looking to settle down. (3) Even if the big risk takers begin working remotely, I’m confident tech will find a solution to manufacture serendipity.