[HN Gopher] Twitter Hacking for Profit and the LoLs ___________________________________________________________________ Twitter Hacking for Profit and the LoLs Author : feross Score : 48 points Date : 2020-07-22 20:43 UTC (2 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | kanobo wrote: | It's been clear to me since their Failing Whale that Twitter is a | reactionary company compared to its peers, it will wait until | something explodes before they deeply address an issue. It makes | for fun postmortems to read as an outsider, but I would be | embarrassed to work there tbh. I can't believe for a company of | their scale there were no safeguards in place already. | roland35 wrote: | What concerns me the most is that if this recent attack was | accomplished by this outfit, it seems very likely state actors | probably have infiltrated Twitter and may be sitting on | information a bit more subtly. | site-packages1 wrote: | Question about these hacked accounts: Why pay money for some | account like this when Twitter will presumably just return the | account to the original holder? | | And assuming I'm giving Twitter too much credit: How would one | even start to use a taken over account, assuming the new account | has its own followers and history, it's not as if one could just | change identities and start posting from a new account as | onesself. It would be weird to ask all my friends to start | following a new account because I've switched accounts? | | Sorry, I don't think I've ever really understood Twitter. | kanobo wrote: | The desire for premium usernames isn't unique to Twitter, there | was a good Reply All episode that dived deeper in the | motivations of people who will pay for those accounts: | https://gimletmedia.com/shows/reply-all/v4he6k | | Also most accounts don't belong to famous people so I think you | overestimate the willingness of Twitter to devote resources to | do anything for most hacked accounts. | Rotdhizon wrote: | Your question holds the answer. It's very possible that any | stolen account may not be returned to the owner. 1 letter | accounts are worth 5 figure dollar amounts to people who are | obsessed with online clout. Same goes for any other major | social platform. IG, snap, Xbox, playstation network, etc. Most | of the 1-2 letter and short "OG" accounts on IG are all either | bought, traded, or stolen. Very, very few original owners exist | in the space. | | There are also techniques people use to boost the chances that | the original owners never get their account back. On Xbox for | example, support looks at a few specific pieces of account info | and their previous entries that only the real owner would know. | So people just flood the account over and over and over with | filler info until all those original entries are gone and the | original owners suddenly have no ground to prove that they | owned it. It's a vicious game and I'll never understand why | some people are so extremely desperate for internet fame but | there's a whole community based around it. | | What another commenter said is also spot on. A majority of | these accounts are not owned by famous people, just random joes | who got lucky or bought the accounts on forums. Unless you are | famous, these platforms do not care about you. If you can't get | your account back through the standard support options, there's | no special options(usually) for you to get help like famous | people have. | slg wrote: | It isn't clear these accounts are all being used in any high | profile manner. For example the @L account mentioned in the | article has 0 followers, follows 1 account, and has their | tweets protected. I just started plugging letters in and saw | that accounts @B, @C, @D, and @E are all suspended. And | considering these accounts were seemingly hijacked by | exploiting Twitter's inability to identify the original account | holder, I'm not sure Twitter actually has a way to determine | who that should be conclusively. | cflewis wrote: | He's doxxing people again that he _guesses_ are responsible, just | like the last article. It leaves a very bitter taste. He 's not | law enforcement. He should be handing these personal details to | the FBI for investigation, not putting them on a souped-up-blog. | kspacewalk2 wrote: | O'Connor (the doxxed guy from the previous article) did admit | to paying for a hacked Twitter account, and it was never | claimed he is responsible for the hack. | draugadrotten wrote: | Admission of a crime should not be taken as truth. 134 people | have admitted to being the person who shot the prime minister | of Sweden, Olof Palme. | the-dude wrote: | He was doxxed, not beheaded. It is a blog, not a | courthouse. | mellow2020 wrote: | Doxxing is fine because it's not murder? You don't even | have the beginnings of a point. | the-dude wrote: | I think it is fine somebody is reporting on someone who | admits to doing something shady. On a blog. | whatdewyewexp wrote: | What do you expect frOm this Guy? he's the go to for security | info for people that don't understand computer security. He's | good at using search engines and filling obvious breadcrumbs to | sites that perpetuate fraud and basic hacks. he's the defacto | standard for everyone that needs this kind of research put into | layman's terms and that standard comes with a low bar. | forgotmypwbctbi wrote: | i agree with you. it also leaves bad taste in my mouth. he is | taking on a lot of responsibility and seems unaware. ___________________________________________________________________ (page generated 2020-07-22 23:00 UTC)