Twitter Wouldn’t Be Hacked if It Were Backed by Blockchain Technology

Published at: July 18, 2020

Murphy’s law states: “Anything that can go wrong will go wrong.” It always happens with centralized services. A year ago, we saw how half a million Facebook accounts were leaked online, exposing personal data. We will see it many times more with other services. The recent Twitter hack underscores this once again. The accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Mike Bloomberg, Joe Biden, Barack Obama, among others, were hacked to push a fraudulent offer with Bitcoin (BTC).

Writing for the BBC, cybersecurity commentator Joe Tidy opined: “The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter’s platform itself.” All accounts were vulnerable; it was just a matter of choice for the hackers: Using celebrities is better to “endorse” scams.

The problem is that even if Twitter or any other service with similar architecture continues building the cybersecurity walls around its system, it will become more complicated and expensive, but not safer. The current paradigm of centralized services cannot offer a safer solution for users’ authentication.

I have recently written about new technologies that could protect data and digital identity, using the example of Australia and the European experience and how public key certificates could be protected with blockchain technology against distributed denial-of-service and man-in-the-middle attacks. Although my analysis was quite technical and thorough, perhaps it would be better to take a step back and comb through some general yet pertinent details that may enhance data protection.

Here is some terminology for you to use when asking your service provider, your online store or your government about whether they are protecting your personal data:

Decentralized identifiers, or DIDs, is a general framework by W3C with various methods to create and manage personal identifiers in a decentralized way. In other words, developers of online services do not need to create something new if they want to use the potential of decentralized technologies. They can utilize these methods and protocols.Selective disclosure protocol, or SDP, which was presented last year at the EOS Hackathon by Vareger co-founder Mykhailo Tiutin and his team, is a decentralized method for storing personal data (using DIDs) with cryptographic protection on a blockchain. With SDP, the user can disclose carefully selected pieces of information in any particular transaction.Self-sovereign identity, or SSI, is a concept that, in simple terms, allows users to be the sovereign owners of their personal data and identity, not third-parties. It implies that you can store personal data on your device, not on Twitter’s or anyone else’s server. To illustrate the power of the SSI concept, think about this statement: It is easier to hack one centralized system storing millions of accounts than to hack millions of personal devices. But the issue is much deeper. If we ever face a digital dictatorship, the root of this problem will be the absence of the right to control and prohibit third parties (including the government) to store and operate your personal data. The terrible experiment with Uighurs in China is a case in point. The citizens do not have the legal right to say no to the government collecting their personal data. Of course, the Chinese government created accounts without their consent to obtain records of what it considers to be inappropriate behavior.

To put things into perspective, let’s go through a hypothetical situation.

Use case: Alice and her digital identity

Alice generates her cryptographic pair: a private and public key. The private key encrypts transactions, using a digital signature; the public key decrypts them. The public key is used to verify whether Alice signed in, signed the contract, signed the blockchain transaction, etc.

To protect the private key, she will store it on a secure hardware device with PIN protection, for instance, on a smart card, a USB authentication token or a hardware cryptocurrency wallet. Nevertheless, a cryptocurrency address is a representation of a public key, meaning Alice can use it as her coin and token wallet.

Although the public key is anonymous, she can also create a verified digital identity. She can ask Bob to certify her identity. Bob is a certificate authority. Alice will visit Bob and show her ID. Bob will create a certificate and publish it on a blockchain. “Certificate” is a file that announces to the general public: “Alice’s public key is valid.” Bob will not publish it on his server the same way other traditional certificate authorities do now. If a centralized server were ever disabled in a DDoS attack, no one would be able to confirm whether Alice’s digital identity is valid or not. In the MITM attack someone can fake her identity. This would be impossible if the certificate or at least its hash sum were published on-chain.

With a verified ID, she can perform official transactions, for example, registering a company. If Alice is an entrepreneur, she may want to publish her contacts, such as a telephone number. Using a blockchain is a safer choice because when data is published on social media, a hacker can break into an account and replace it to redirect calls to another number. None of this would be possible on a blockchain.

If Alice goes to a liquor store, she can use her verified DID. The seller, Dave, will use his app to verify and confirm Alice’s DID instead of her paper ID. Alice does not need to disclose her name and date of birth. She will share with Dave’s app her identifier, which Bob certified, her picture and an “Above 21 y.o.” statement. Dave trusts this record because Bob is a certificate authority.

Alice can create various pseudonyms for online shopping, social media and crypto exchanges. If she loses her private key, she will ask Bob to update his record on the blockchain to announce that “Alice’s public key is invalid.” Therefore, if someone stole it, everyone who interacts with her public key will know that they should not believe transactions signed with this key.

Of course, this is a simplified scenario, but it is not unrealistic. Moreover, some of these processes already exist. For example, the Estonian e-Residency card is nothing more than a smart card with the user’s private key. With this card, you can remotely register a company in Estonia or even sign contracts. Being integrated into a larger market, Estonian digital signatures are recognized across the European Union. Unfortunately, its governments still do not protect certificates on blockchains.

Knowledge is power. Users should know that their cybersecurity is not only in their hands, as one might say. Software and social media giants ought to make the shift to improve security standards, and users ought to demand it.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Oleksii Konashevych is the author of the Cross-Blockchain Protocol for Government Databases: The Technology for Public Registries and Smart Laws. Oleksii is a Ph.D. fellow in the Joint International Doctoral Degree in Law, Science and Technology program funded by the EU government. Oleksii has been collaborating with the RMIT University Blockchain Innovation Hub, researching the use of blockchain technology for e-governance and e-democracy. He also works on the tokenization of real estate titles, digital IDs, public registries and e-voting. Oleksii co-authored a law on e-petitions in Ukraine, collaborating with the country’s presidential administration and serving as the manager of the nongovernmental e-Democracy Group from 2014 to 2016. In 2019, Oleksii participated in drafting a bill on Anti-Money Laundering and taxation issues for crypto assets in Ukraine.

Tags
Related Posts
Defending Bitcoin’s Integrity in the Great Twitter Hack
Bitcoin (BTC) has made global headlines again because of the recent Twitter hack, but this time, we need to work harder to protect Bitcoin’s integrity and the progress the industry has made. The coordinated social engineering attack compromised the Twitter accounts of high-profile figures and organizations like Microsoft co-founder Bill Gates, Tesla founder Elon Musk, Amazon owner Jeff Bezos, former United States President Barack Obama and 2020 U.S. presidential candidate Joe Biden, among many others, to ask for Bitcoin in fake “giveaway” posts. When the story broke, the New York Times, BBC and other mainstream media outlets were quick to …
Decentralization / July 22, 2020
Indian prime minister Modi's hacked Twitter account attempts BTC scam
The official Twitter account of Indian Prime Minister Narendra Modi got compromised earlier today, which was then used to share misleading information about the mainstream adoption of Bitcoin (BTC) and redistribution of 500 BTC among the Indian citizens. On Dec. 10, Modi said in a virtual event virtual summit hosted by US President Joe Biden that technologies such as cryptocurrencies should be used to empower democracy and not undermine it: “By working together, democracies can meet the aspirations of our citizens and celebrate the democratic spirit of humanity.” While the long-awaited Lok Sabha Winter Session, a parliamentary meetup intended to …
Adoption / Dec. 12, 2021
Crypto crimes are no excuse for taking away digital asset fungibility
The modern world has become too small for comfort. The truth is that technological advancement is a double-edged sword, which has the potential to enhance human lives drastically at many levels and disrupt them in the blink of an eye, shaping things on a global level to an extent yet not seen. Even though we enjoy fast progress in crypto services and digital asset fields, constant security breaches and hacks pose a severe threat to market participants. The very essence of safety in the modern world is questioned. Therefore, it’s about time we clarify the complex topic of fungibility in …
Decentralization / Sept. 26, 2020
Twitter CEO Jack Dorsey Still Believes Bitcoin Will Be Internet’s Currency
Co-founder and CEO of Twitter Jack Dorsey declared again that he believes Bitcoin (BTC) will be the internet’s native currency. Dorsey made his comments during an interview with American comedian and podcast host Joe Rogan published on Feb. 2. During the interview, Dorsey stated: “[Bitcoin] was something that was born on the internet, that was developed on the internet, that was tested on the internet…It is of the internet.” The Twitter CEO had made a similar claim before, noting in mid-May 2018 that he sees Bitcoin as a choice for the internet’s native currency. Dorsey is also the founder and …
Decentralization / Feb. 3, 2019
Needed: A massive education project to fight hacks and scams
The common narrative around the prevailing threats to mainstream adoption of cryptocurrencies is that regulators will put the kibosh on their legality, it has to get much easier for “ordinary” people to use, and the magnitude of its volatility has to be tempered. All of these are true. But there’s something perhaps just as consequential: scams, hacks, fraudulent exchanges, dumps and the like. Why? Every attack leaves a scar. And the scars are mounting fast. According to a study by Chainalysis, scammers got away with $14 billion worth of crypto in 2021, which represents hundreds of thousands — maybe millions …
Technology / May 21, 2022