[HN Gopher] Who's behind Wednesday's epic Twitter hack? ___________________________________________________________________ Who's behind Wednesday's epic Twitter hack? Author : MindGods Score : 68 points Date : 2020-07-16 21:58 UTC (1 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | TechBro8615 wrote: | This is the most important point: | | > Also, it seems clear that this Twitter hack could have let the | attackers view the direct messages of anyone on Twitter, | information that is difficult to put a price on but which | nevertheless would be of great interest to a variety of parties, | from nation states to corporate spies and blackmailers. | | My understanding is the hackers used the admin panel to change | the email addresses of the accounts, which means they could reset | passwords and perform full account takeover. That means they | could login as the user, and so it means they could read the | user's direct messages. | PiggySpeed wrote: | Imagine combining this with a deepfake video. | sillysaurusx wrote: | _While it may sound ridiculous that anyone would be fooled into | sending bitcoin in response to these tweets, an analysis of the | BTC wallet promoted by many of the hacked Twitter profiles shows | that on July 15 the account processed 383 transactions and | received almost 13 bitcoin on July 15 -- or approximately USD | $117,000._ | | This could be mostly the attackers' own money. It's impossible to | tell, but I haven't seen anyone explicitly mention this. | nullc wrote: | It might be better to assume that it's entirely the attacker's | money until at least one actual victim steps forward. | [deleted] | chmod775 wrote: | You'd have to be a special kind of stupid to "un-wash" your own | bitcoins this way. | sillysaurusx wrote: | Possibly. The only reason this would be stupid is because | Bitcoin has rapidly been centralizing. I suspect many | exchanges might start blacklisting any wallet that has any | transactions from this wallet. | | On the other hand, they can't really do that. At that point | the attackers would be able to poison any wallet just by | sending a small amount of BTC to it. Therefore it seems like | the only penalty is that they'd have to re-wash their coins. | paulpauper wrote: | no, ppl really are that gullible. | teknopurge wrote: | It's not a hack when an employee holds the door open and gives | use of an admin management tool to a third party. | | Likewise, it's not a bitcoin scam when bitcoin is the method of | transfer, just like it's not a US-dollar scam every other time | dollars are used in theft. | barbecue_sauce wrote: | Is bribery not considered a viable form of social engineering? | ceo_tim_crook wrote: | I wouldn't even call that social engineering, just fraud | c00ls0sa wrote: | Where was that mentioned? This wasn't a hack. A "life hack" | maybe. | bpfrh wrote: | I would argue that it is not. | | Social engineering is when your target is unaware that what | he does is wrong or will do damage. | kingnight wrote: | Bitcoin is sort of notable vs US-dollar in that it's | significantly more of a novelty, and unlike the dollar, doesn't | have same fraud recovery path. | gruez wrote: | >unlike the dollar, doesn't have same fraud recovery path. | | You mean _electronic_ us dollars? I doubt you 'd be able to | recover physical us dollars if they were scammed. | kingnight wrote: | Yep, good point. But if someone stole this amount in cash | through a hack or social engineering, I think that is even | more notable :) | Latty wrote: | I think there is an argument for it being a hack in the sense | that a secure system should try and limit internal abuse too. | paulpauper wrote: | The among taken in this scam is chump change compared to the | YouTube scammers. YouTube is a vastly bigger website than twitter | and way slower to respond to accounts begin stolen by scammers. I | remember seeing an Ripple giveaway scam that in a single day made | 100k with just a single account ,. And fake bill gates one made | 40k. the list goes on and on. My guess is the total taken is in | the $3-5 million range from youtube alone. | chrisseaton wrote: | What are these YouTube scams you're referring to? I'm not aware | of them. | crtasm wrote: | And you don't even need to steal an account. When the | Playstation 5 launch event was happening I searched for it on | Youtube, clicked the top result and it turned out to be a | scammer restreaming the real live event with graphics added | saying Sony would double your BTC - just send to this address | ___. | strikelaserclaw wrote: | man who falls for this stuff. i've been seeing "send me money to | this account to get double that" scam for like 20 years, its hard | to believe there are people who still don't know better. | chrisseaton wrote: | I too don't understand who's technical enough to know what | BitCoin is but not technical enough to understand the scam. | | I think some people are possibly just sending the scammers some | money for the banter? A sign of respect for the hack. | paulpauper wrote: | yeah but add verified twitter accounts from authority figures, | add nice graphics, livestreams, etc. and it is very convincing | for at least enough people to keep the scams going. Twitter and | YouTube have millions of users. If just a tiny fraction of them | send some BTC, that is a lot of $ given how valuable BTC is. ___________________________________________________________________ (page generated 2020-07-16 23:00 UTC)