[HN Gopher] Who's behind Wednesday's epic Twitter hack?
___________________________________________________________________
Who's behind Wednesday's epic Twitter hack?
Author : MindGods
Score : 68 points
Date : 2020-07-16 21:58 UTC (1 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| TechBro8615 wrote:
| This is the most important point:
|
| > Also, it seems clear that this Twitter hack could have let the
| attackers view the direct messages of anyone on Twitter,
| information that is difficult to put a price on but which
| nevertheless would be of great interest to a variety of parties,
| from nation states to corporate spies and blackmailers.
|
| My understanding is the hackers used the admin panel to change
| the email addresses of the accounts, which means they could reset
| passwords and perform full account takeover. That means they
| could login as the user, and so it means they could read the
| user's direct messages.
| PiggySpeed wrote:
| Imagine combining this with a deepfake video.
| sillysaurusx wrote:
| _While it may sound ridiculous that anyone would be fooled into
| sending bitcoin in response to these tweets, an analysis of the
| BTC wallet promoted by many of the hacked Twitter profiles shows
| that on July 15 the account processed 383 transactions and
| received almost 13 bitcoin on July 15 -- or approximately USD
| $117,000._
|
| This could be mostly the attackers' own money. It's impossible to
| tell, but I haven't seen anyone explicitly mention this.
| nullc wrote:
| It might be better to assume that it's entirely the attacker's
| money until at least one actual victim steps forward.
| [deleted]
| chmod775 wrote:
| You'd have to be a special kind of stupid to "un-wash" your own
| bitcoins this way.
| sillysaurusx wrote:
| Possibly. The only reason this would be stupid is because
| Bitcoin has rapidly been centralizing. I suspect many
| exchanges might start blacklisting any wallet that has any
| transactions from this wallet.
|
| On the other hand, they can't really do that. At that point
| the attackers would be able to poison any wallet just by
| sending a small amount of BTC to it. Therefore it seems like
| the only penalty is that they'd have to re-wash their coins.
| paulpauper wrote:
| no, ppl really are that gullible.
| teknopurge wrote:
| It's not a hack when an employee holds the door open and gives
| use of an admin management tool to a third party.
|
| Likewise, it's not a bitcoin scam when bitcoin is the method of
| transfer, just like it's not a US-dollar scam every other time
| dollars are used in theft.
| barbecue_sauce wrote:
| Is bribery not considered a viable form of social engineering?
| ceo_tim_crook wrote:
| I wouldn't even call that social engineering, just fraud
| c00ls0sa wrote:
| Where was that mentioned? This wasn't a hack. A "life hack"
| maybe.
| bpfrh wrote:
| I would argue that it is not.
|
| Social engineering is when your target is unaware that what
| he does is wrong or will do damage.
| kingnight wrote:
| Bitcoin is sort of notable vs US-dollar in that it's
| significantly more of a novelty, and unlike the dollar, doesn't
| have same fraud recovery path.
| gruez wrote:
| >unlike the dollar, doesn't have same fraud recovery path.
|
| You mean _electronic_ us dollars? I doubt you 'd be able to
| recover physical us dollars if they were scammed.
| kingnight wrote:
| Yep, good point. But if someone stole this amount in cash
| through a hack or social engineering, I think that is even
| more notable :)
| Latty wrote:
| I think there is an argument for it being a hack in the sense
| that a secure system should try and limit internal abuse too.
| paulpauper wrote:
| The among taken in this scam is chump change compared to the
| YouTube scammers. YouTube is a vastly bigger website than twitter
| and way slower to respond to accounts begin stolen by scammers. I
| remember seeing an Ripple giveaway scam that in a single day made
| 100k with just a single account ,. And fake bill gates one made
| 40k. the list goes on and on. My guess is the total taken is in
| the $3-5 million range from youtube alone.
| chrisseaton wrote:
| What are these YouTube scams you're referring to? I'm not aware
| of them.
| crtasm wrote:
| And you don't even need to steal an account. When the
| Playstation 5 launch event was happening I searched for it on
| Youtube, clicked the top result and it turned out to be a
| scammer restreaming the real live event with graphics added
| saying Sony would double your BTC - just send to this address
| ___.
| strikelaserclaw wrote:
| man who falls for this stuff. i've been seeing "send me money to
| this account to get double that" scam for like 20 years, its hard
| to believe there are people who still don't know better.
| chrisseaton wrote:
| I too don't understand who's technical enough to know what
| BitCoin is but not technical enough to understand the scam.
|
| I think some people are possibly just sending the scammers some
| money for the banter? A sign of respect for the hack.
| paulpauper wrote:
| yeah but add verified twitter accounts from authority figures,
| add nice graphics, livestreams, etc. and it is very convincing
| for at least enough people to keep the scams going. Twitter and
| YouTube have millions of users. If just a tiny fraction of them
| send some BTC, that is a lot of $ given how valuable BTC is.
___________________________________________________________________
(page generated 2020-07-16 23:00 UTC)