For about an hour from 2am on Sunday, Prime Minister Narendra Modi’s personal Twitter handle falsely announced to the world that India had accepted the bitcoin cryptocurrency as legal tender.
During this period the price of a bitcoin surged from Rs 37.24 lakh to Rs 37.35 lakh before falling again. When the tweet was removed at 3.18am, the price was around Rs 37.2 lakh.
Twitter, however, asserted that its systems had not been breached, indicating that the hacking happened at the account holder’s end.
This is the second time in a little over a year that a Twitter handle associated with the Prime Minister has been hacked to promote bitcoins.
In September last year, tweets had been posted from @narendramodi_in seeking contributions to the PM Cares fund in bitcoins.
An expert told The Telegraph that “someone who makes millions in trading (cryptocurrencies) won’t mind spending a few thousands to hack” a Twitter account to influence the values of cryptocurrencies, which are based on sentiments and not the fundamentals of the economy.
Sunday’s now-deleted tweet from @narendramodi, which has 73.4 million followers, said: “India has officially accepted bitcoin as legal tender. The government has officially bought 500 BTC and distributing them to all residents of the country.”
Various Twitter users have shared screenshots of the tweet — along with which a scam link was shared — with most putting the time after 2am.
A Twitter spokesperson told this newspaper: “We have 24x7 open lines of communication with the PM’s Office and our teams took necessary steps to secure the compromised account as soon as we became aware of this activity. Our investigation has revealed that there are no signs of any other impacted accounts at this time.”
The company, however, stressed that @narendramodi “was not compromised due to any breach of Twitter’s systems”.
Twitter’s preliminary probe thus indicates poor gate-keeping by those who run @narendramodi, the Twitter handle of Modi’s personal website, narendramodi.in
The Prime Minister’s Office tweeted at 3.18am: “The Twitter handle of PM @narendramodi was very briefly compromised. The matter was escalated to Twitter and the account has been immediately secured. In the brief period that the account was compromised, any Tweet shared must be ignored.”
This was re-tweeted by the BJP’s national IT department head Amit Malviya, who is listed on narendramodi.in as “the Chief Compliance Officer, Nodal Contact Person and Resident Grievance Officer for the Narendra Modi App”.
The app is one of the platforms, like the Twitter handle, that are linked to this website.
Data security veteran Pawan Kumar Singh said social media accounts are hacked in four common ways. These include “zero days” or vulnerabilities in systems discovered by hackers which they wait to use at an opportune moment; the compromise of any of the social media accounts of a single user which the hacker then uses to access other social media accounts; “machine access” or getting control of the device used to access the account; and “insider threats” which involve somebody working for the social media platform getting targeted, as seen in a global scam in July last year.
“Cryptocurrency is a sentiment-based business and the value of such currency is not based on logic,” Singh said.
“If Elon Musk tweets the picture of a dog, then dogecoin’s value may rise. Someone who makes millions in trading won’t mind spending a few thousands to hack, if that leads to a windfall gain.”
Cryptocurrencies like bitcoin or dogecoin — which has the logo of a dog — represent a digital payment system that doesn’t rely on banks to verify transactions.
Singh said: “Two-factor authentication, that is, logging in with an OTP is a way for users to make their social media handles more secure. As such, social media is not a secure medium as social media companies have to practically share whatever information intelligence services of the countries they are based in demand from them.”
Mukesh Choudhary, a Jaipur-based cybersecurity technologies specialist and consultant for law-enforcement agencies in several states, said the mobile or email address through which Modi’s Twitter account was created may have been used on some other website as well, and the hacker may have exploited this.
“If the database of that other website was leaked and the passwords used were the same in both the conditions, then there’s a possibility that the attacker may have misused that leaked data and hacked into Mr Modi’s Twitter account using a hit-and-trial method,” he said.
Another possibility is that the mobile devices or computers of members of the team that manages Modi’s Twitter account were hacked, Choudhary said.
“Either someone directly targeted their devices using undetectable malicious software or his team may not have been in compliance with cybersecurity policies and may have downloaded software that had spyware embedded with it, leading to compromise of their devices,” he said.
In July 2020, around 130 high-profile Twitter accounts were hacked as part of a bitcoin scam. These included accounts of current US President Joe Biden, former US President Barack Obama, tech giants Elon Musk, Bill Gates and Jeff Bezos, media mogul Michael Bloomberg, investment guru Warren Buffett, celebrities Kim Kardashian and Kanye West, and companies such as Apple and Uber.
Tweets from these accounts asked people to send bitcoins to a cryptocurrency wallet that would fetch double the return.
Twitter had then claimed that the perpetrators had “targeted certain Twitter employees through a social engineering scheme” to gain access to these accounts.
A 19-year-old from Britain, a 22-year-old from the US and a juvenile were arrested by America’s Federal Bureau of Investigation.
Additional reporting by G.S. Mudur