Russia may have used Twitter as a tool of international espionage. An article published today in Time describes an official report that circulated through the intelligence community, claiming agents of the Russian government sent malware-laced Twitter messages to more than 10,000 employees of the US Department of Defense.
“Depending on the interests of the targets, the messages offered links to stories on recent sporting events or the Oscars, which had taken place the previous weekend,” the Time report reads. “When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow’s hackers to take control of the victim’s phone or computer — and Twitter account.”
It’s a new tactic for Russian groups, which have more typically relied on phishing to spread malware and Twitter accounts for political influence. Sometimes, those campaigns involved adopting a specific persona. Time also describes a Russian soldier based in Ukraine, masquerading as a 42-year-old American housewife in order to influence political debates.
Networks of bot accounts have been a persistent problem on Twitter over the course of the election. In October, analysts detected a network of zero-follower accounts impersonating American teens to retweet pro-Trump sentiments. The FBI is reportedly investigating similar networks of Twitter bots as part of its probe into influence on the 2016 election.
Twitter-based malware was a particular concern in the early days of the Trump administration, when the President insisted on using Twitter from a consumer-grade Samsung Galaxy S3. Had a foreign agent sent a malware-laced reply to the president, it would have been trivial to compromise the phone. More recently, the president has begun tweeting from an iPhone; it’s unclear if any security modifications have been made to the phone.