The $TWTR hack: a lack of imagination
Twitter is probably the most interesting company in the world today. I mean that from both a strategy perspective and from an investment perspective. From a strategy perspective, I'm not sure there's ever been a company created so much value for its users and captured so little for itself (I liked the chart below from the excellent Not Boring newsletter's "If I ruled the Tweets" post).
Twitter's inability to capture value for itself turns it into something of a blank canvas for users, investors, and strategists. Everyone knows that Twitter creates much more value than it captures, and everyone is equally convinced that if Twitter just made the small changes that they want, Twitter would capture enormous value and the stock would triple / user experience would improve significantly (as usual, my friend modest proposal put it better than me: Twitter is lucky because it has 160m passionate product managers (its users) willing to work for free). Sometimes these suggestions are simple (create an edit button, ban the Nazis, better DM search), but the suggestions can also get downright bizarre (the highest monetization I could think of? Sell access to politician's data / use habits to foreign governments. Sure, it's illegal, but how much money would China pay to control what Trump sees on Twitter or see how he interracted with different accounts / tweets?).
But I don't want to talk about any of that. Instead, I wanted to quickly talk about the Twitter hack from last night, because it's endlessly fascinating to me. From a business perspective, I think it confirms what a clown car Twitter is, and I wouldn't be surprised if this is the event the results in a CEO swap. Jack returned to Twitter as CEO in 2015; he's been there for 5 years and Twitter's internal systems are still such a mess that it was vulnerable to a mass hack of their most important accounts. Combine that with a lack of financial progress in five years plus an activist shareholder, and I think Jack's days are quickly numbered.
That's interesting (as is the fact the market seemed more concerned by Twitter fact checking Donald Trump than all of their largest accounts getting hacked / shut down), and I may have more to say as the ramifications of the hack become more clear. For now, I just wanted to discuss the hack itself.
What fascinates me about the hack is the complete lack of imagination behind it. The real crime here wasn't hacking Twitter; the real crime is how little money the hackers got (again, modest proposal put it best: these guys should be arrested as the most incompetent crooks of all time).
As I start writing this, it's ~9 AM EST. I'm going to set a timer for five minutes, and below I'm going to write all of the different ways I would have minted a fortune if I was the hackers:
- The easiest would have been doing this during trading hours and manipulating a market. The hackers had Uber's account info; just buy some short term call options on LYFT and have UBER's account tweet that they're exploring a hostile takeover of LYFT. Or use Elon's account to do something crazy; buy Tesla puts and tweet from Elon's account "We believe this charge of fraud from the state prosecutors are #fakenews, and I am resigning from Tesla to focus all of my time exposing the deep state conspiracy behind it).
- That's small time. Why not swing some elections? It sounds like the hackers couldn't get access to Donald's tweets, but don't let twitter know you hacked them and then the day before the election have a bunch of accounts tweet insane things. Have every candidate whose account you can take control of tweet something explicitly racist. Do it ~24 hours before the election and I guarantee you could swing enough voters to move a ton of elections (they'd hear about / see the initial tweet but maybe wouldn't see or wouldn't believe the cover up). Worst case, you could make huge bets on Predictit or something to make money, but I bet you could find some rival government or politicians who would pay a fortune for that.
- Again, you've got access to a variety of corporate accounts. Just take over their customer service function and steal their customer's credit card info / personal info.
- Go for a longer con: take over control of some verified accounts that clearly don't tweet or log in much (Warren Buffett comes to mind). Instead of tweeting something crazy that immediately gets picked up, just start sliding into people's DMs casually and use that to scam people out of a ton of money / move markets.
- Just sell access to their DMs. How much would TMZ have paid for access to Kanye's DMs?
Ok, I'm out of time (I actually ran ~45 seconds over finishing the last one; sorry!). I'm sure there are much more complex and sneaky things the hackers could have used to make way more money than this. But that's what's so crazy about this attack: it took me five minutes to think up five things that would have been way more successful at monetization than what the hacker's did. Some of the suggestions I guarantee could have made tens of millions of dollars (minimum).
Why were the hackers so unimaginative here? Executing an attack like this requires a great deal of foresight and technical skills; it's hard to believe the hackers would put this plan in motion (which, at minimum, would have taken weeks to plan) so successfully with such a poor monetization strategy. Maybe they were just doing the hack for the LOLs and didn't really care about monetization. Maybe they simply thought people would be way more gullible. Or maybe this is just the first step of the hack and the real payoff is something we haven't heard of (they used the confusion to do something crazier in DMs, or they have more access to twitter and this was just a test run)?
I don't know. But what I do know is, right now, I'm hugely disappointed by the lack of imagination here.