[HN Gopher] Twitter Hacking for Profit and the LoLs
___________________________________________________________________
Twitter Hacking for Profit and the LoLs
Author : feross
Score : 48 points
Date : 2020-07-22 20:43 UTC (2 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| kanobo wrote:
| It's been clear to me since their Failing Whale that Twitter is a
| reactionary company compared to its peers, it will wait until
| something explodes before they deeply address an issue. It makes
| for fun postmortems to read as an outsider, but I would be
| embarrassed to work there tbh. I can't believe for a company of
| their scale there were no safeguards in place already.
| roland35 wrote:
| What concerns me the most is that if this recent attack was
| accomplished by this outfit, it seems very likely state actors
| probably have infiltrated Twitter and may be sitting on
| information a bit more subtly.
| site-packages1 wrote:
| Question about these hacked accounts: Why pay money for some
| account like this when Twitter will presumably just return the
| account to the original holder?
|
| And assuming I'm giving Twitter too much credit: How would one
| even start to use a taken over account, assuming the new account
| has its own followers and history, it's not as if one could just
| change identities and start posting from a new account as
| onesself. It would be weird to ask all my friends to start
| following a new account because I've switched accounts?
|
| Sorry, I don't think I've ever really understood Twitter.
| kanobo wrote:
| The desire for premium usernames isn't unique to Twitter, there
| was a good Reply All episode that dived deeper in the
| motivations of people who will pay for those accounts:
| https://gimletmedia.com/shows/reply-all/v4he6k
|
| Also most accounts don't belong to famous people so I think you
| overestimate the willingness of Twitter to devote resources to
| do anything for most hacked accounts.
| Rotdhizon wrote:
| Your question holds the answer. It's very possible that any
| stolen account may not be returned to the owner. 1 letter
| accounts are worth 5 figure dollar amounts to people who are
| obsessed with online clout. Same goes for any other major
| social platform. IG, snap, Xbox, playstation network, etc. Most
| of the 1-2 letter and short "OG" accounts on IG are all either
| bought, traded, or stolen. Very, very few original owners exist
| in the space.
|
| There are also techniques people use to boost the chances that
| the original owners never get their account back. On Xbox for
| example, support looks at a few specific pieces of account info
| and their previous entries that only the real owner would know.
| So people just flood the account over and over and over with
| filler info until all those original entries are gone and the
| original owners suddenly have no ground to prove that they
| owned it. It's a vicious game and I'll never understand why
| some people are so extremely desperate for internet fame but
| there's a whole community based around it.
|
| What another commenter said is also spot on. A majority of
| these accounts are not owned by famous people, just random joes
| who got lucky or bought the accounts on forums. Unless you are
| famous, these platforms do not care about you. If you can't get
| your account back through the standard support options, there's
| no special options(usually) for you to get help like famous
| people have.
| slg wrote:
| It isn't clear these accounts are all being used in any high
| profile manner. For example the @L account mentioned in the
| article has 0 followers, follows 1 account, and has their
| tweets protected. I just started plugging letters in and saw
| that accounts @B, @C, @D, and @E are all suspended. And
| considering these accounts were seemingly hijacked by
| exploiting Twitter's inability to identify the original account
| holder, I'm not sure Twitter actually has a way to determine
| who that should be conclusively.
| cflewis wrote:
| He's doxxing people again that he _guesses_ are responsible, just
| like the last article. It leaves a very bitter taste. He 's not
| law enforcement. He should be handing these personal details to
| the FBI for investigation, not putting them on a souped-up-blog.
| kspacewalk2 wrote:
| O'Connor (the doxxed guy from the previous article) did admit
| to paying for a hacked Twitter account, and it was never
| claimed he is responsible for the hack.
| draugadrotten wrote:
| Admission of a crime should not be taken as truth. 134 people
| have admitted to being the person who shot the prime minister
| of Sweden, Olof Palme.
| the-dude wrote:
| He was doxxed, not beheaded. It is a blog, not a
| courthouse.
| mellow2020 wrote:
| Doxxing is fine because it's not murder? You don't even
| have the beginnings of a point.
| the-dude wrote:
| I think it is fine somebody is reporting on someone who
| admits to doing something shady. On a blog.
| whatdewyewexp wrote:
| What do you expect frOm this Guy? he's the go to for security
| info for people that don't understand computer security. He's
| good at using search engines and filling obvious breadcrumbs to
| sites that perpetuate fraud and basic hacks. he's the defacto
| standard for everyone that needs this kind of research put into
| layman's terms and that standard comes with a low bar.
| forgotmypwbctbi wrote:
| i agree with you. it also leaves bad taste in my mouth. he is
| taking on a lot of responsibility and seems unaware.
___________________________________________________________________
(page generated 2020-07-22 23:00 UTC)