SoylentNews is people
SoylentNews
Musk, Obama, Biden, Bezos, Gates—bitcoin scam hits Twitter in coordinated blitz:
Twitter accounts of the rich and famous—including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden—were simultaneously hijacked on Wednesday and used to push cryptocurrency scams.
As of 3:58 PM California time, the wallet address used to receive victim’s digital coin had received more than $118,000, though it wasn't clear all of it came from people who fell for the scam. It The bitcoin came from 356 transactions all occurred over about a four-hour span on Tuesday. The wallet address appeared in tweets from at least 15 accounts—some with tens of millions of followers—that promoted fraudulent incentives to transfer money.
“I’m giving back to all my followers,” one now-deleted tweet from Musk’s account said. “I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” A tweet from the Bezos account said the same thing. “Everyone is asking me to give back, and now is the time,” a Gates tweet said. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.
Other hijacked accounts belonged to Barack Obama, Apple, Kanye West, and a raft of cryptocurrency entrepreneurs.
[...] That so many social media accounts were taken over in such a short time and remained hijacked for so long is extraordinary if not unprecedented.
[...] As the hijackings continued, Twitter said that while it investigated, it was suspending the ability of many but not all Twitter users to tweet or respond to tweets. Accounts belonging to verified users were unable to use the platform except to send direct messages. Instead they got a message that said: "This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now. Please try again later." Unverified accounts worked normally.
If it looks too good to be true...
Also at: AlJazeera, BBCTech, CNET, MITTech, SecurityWeek, and Threatpost.
(Score: 0) by Anonymous Coward on Thursday July 16 2020, @03:34AM (21 children)
The instant an ad went up twitter would have been notified, recommended everyone change their passwords, and investigated the potential security breach. That would have ruined the sale.
(Score: 4, Interesting) by NotSanguine on Thursday July 16 2020, @04:41AM (20 children)
Exactly. This exploit (and a big one it was) is now burned. And for what? Chump change into some bitcoin wallet which is about to be under a microscope for quite some time?
Something about this doesn't make a whole lot of sense.
It may well be that whoever is responsible was just too unimaginative to think of using a breach like that for anything other than a dated scam.
Then again, it could be that the breach was used for some other useful purpose, and the amateurish scam was just a diversion.
Or it could be a completely different scenario.
Like I said, this thing raises many questions.
Hopefully we'll get some answers. Or maybe even some better questions!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1, Insightful) by Anonymous Coward on Thursday July 16 2020, @06:37AM (19 children)
It wasn't an exploit, it was social engineering. And it looks like *shocker* Twitter doesn't exactly have the best and brightest working for them so this is not going to be the end of this. You can't patch stupid.
Beyond this, you're giving *way* more weight to the relevance of Twitter than there is to it. And this is probably due to the media. Twitter doesn't get people elected or any of that nonsense. Look at the aggregate of media on Trump, as the obvious example, and 99% of it was *extremely* negative. He didn't win in spite of the media propaganda, he won because of it. It all turned a geriatric and somewhat awkward TV guy with bad hair into some outsider edgelord speaking truth to power.
Twitter is basically a zoo where half-wit monkeys throw shit at each other and measure their dick size in followers. Nothing, even that said by extremely high visibility accounts, has any real impact. I think the only people that would want to buy access to the accounts would do so just to troll, and they're not gonna pay $100k for that. In terms of overall valuation, this was probably - by a wide margin - one of, if not the single most, valuable ways to monetize this.
(Score: 0) by Anonymous Coward on Thursday July 16 2020, @06:58AM (2 children)
I think the nattering on Twatter led politicians in many nations to move to a lockdown of the healthy, rather than go with saner policy that in some cases was already prepared. Even though most normal people wouldn't make life decisions based on what someone on Twatter said, the politician class is all on board out of perceived necessity.
(Score: 0) by Anonymous Coward on Thursday July 16 2020, @07:29AM
Yeah, the politicians made their decisions based on twitter feeds :|
(Score: 3, Insightful) by Anonymous Coward on Thursday July 16 2020, @09:02AM
Ah but now you're getting into much more fundamental issues of democracy.
If we had an open and inclusive democracy from the earliest days of our nations, we wouldn't have electricity today. Sound absurd? Think about how absurd electricity sounds. Let's put up, at immense cost, hundreds of thousands of giant wooden poles all around the country. And in between these poles let's string up extremely high power lines that will kill anything, human or animal, that touches one of those wires and anything else. And we know on occasion the poles will give way and the wires all also fall. And when this happens we know they will potentially cause fires, local damage, and even kill people - especially young people who might be more inclined to play around them. Won't anybody think of the children!? And we do this for what? At the time the main purpose of electricity was lighting. You're going to destroy the country and cause countless deaths, including of the children, so the rich won't have to have their servants light their oil lamps at night? How cruel can you be!?
Modern democracies, particularly ours, have trended towards trying to create safety bubbles. Not because it's a good idea for society, but because it's a good idea for reelection. Imagine a politician takes a position, any position, which can be *perceived* as less safe than another position. Now come election time his opponent can frame the incumbent as being reckless or even actively hating the group(s) affected by taking the *perceived* less safe position. I say *perceived* because that's all that matters. It doesn't even matter if the actual decision is indeed more safe. For instance with these lockdowns we've seen dramatically increasing rates of deaths of despair due to suicide / drug overdose / etc. How does the total affect on deaths compare and contrast against a cautious reopening? Doesn't matter - because that's hard and complex and so doesn't really work in a democracy. And of course, what if you don't take safety as a key metric? For instance, thousands of kids have been killed and injured on playgrounds. So shouldn't we ban playgrounds? Obviously not. They're an important part of recreation, growth, and development for kids. Yet indeed a number of districts have indeed already started restricting playground equipment such as swings.
I'm increasingly suspecting that the ancient Greeks were right. For those who may not know, Greek philosophy leaves us little more than brutal criticism of democracy, their own invention and the resultant collapse of their society alongside countless abhorrent decisions including the 'murder by vote' of Socrates himself, still considered one of the greatest minds of all time. But I think one of the most telling things about the problems of democracy is that that Ancient Greeks write of the consequences of democracy from thousands of years ago, as if they were living today. Here [wikipedia.org] is a section of criticisms from one pamphlet of the times:
- Democratic rule acts in the benefit of smaller self-interested factions, rather than the entire polis.
- Collectivizing political responsibility lends itself to both dishonest practices and scapegoating individuals when measures become unpopular.
- By being inclusive, opponents to the system become naturally included within the democratic framework, meaning democracy itself will generate few opponents, despite its flaws.
- A democratic Athens with an imperial policy will spread the desire for democracy outside of the polis.
- The democratic government depends on the control of resources, which requires military power and material exploitation.
- The values of freedom of equality include non-citizens more than it should.
- By blurring the distinction between the natural and political world, democracy leads the powerful to act immorally and outside their own best interest.
These are critiques that could have just as well been written by somebody experiencing the pangs of democracy today.
(Score: 5, Interesting) by NotSanguine on Thursday July 16 2020, @07:32AM (15 children)
As usual, you completely miss the point.
Twitter *was* exploited. That it was social engineering (a process issue) rather than a software flaw doesn't change that.
Whether it's fake tweets, stolen Direct Messages (DMs) or something else, there could have been (or may still be) significant damage to some people -- potentially not even the ones whose accounts sent the scam tweets. We don't know.
What's more, if you're slick enough to gain the access the miscreants did, it makes little sense to make an amateurish bitcoin scam your coup de grace.
Twitter's process failed, and they should be roundly criticized for it.
This bitcoin scam may just be a cover, especially since it was focused on the famous with millions of followers -- which means millions of people received said scam tweets, for some *other* nefarious purpose.
If these folks had the keys to the kingdom, so-to-speak, they could also have targeted other, less prominent accounts which were the actual focus of the breach.
Or maybe not. But as I said, it raises a bunch of questions.
Personally, I never use twitter. I think it's mostly a waste.
But I also don't let my *feelings* about the platform cloud my thinking. Twitter has 221 million users. How many of those folks are of interest to state security services, intelligence agencies, extremist groups and all manner of other bad actors?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: -1, Troll) by Anonymous Coward on Thursday July 16 2020, @09:24AM (14 children)
You still haven't raised a single question as you've yet to even imagine anything worth even remotely close to $100k. I mean think about what you're saying. Posting some fake tweets and looking at DMs? Again outside of LoLs there's just no value there whatsoever. Look at the DNC leaks to see what politicians send in private email, which people are going to treat as infinitely more secure than Twitter. And there was absolutely nothing in there for anybody remotely informed on political affairs. And for those who are uninformed it didn't matter because they remain uninformed mostly voluntarily.
(Score: 2) by NotSanguine on Thursday July 16 2020, @10:09AM (13 children)
What's more, if you're slick enough to gain the access the miscreants did, it makes little sense to make an amateurish bitcoin scam your coup de grace.
Twitter's process failed, and they should be roundly criticized for it.
This bitcoin scam may just be a cover, especially since it was focused on the famous with millions of followers -- which means millions of people received said scam tweets, for some *other* nefarious purpose.
If these folks had the keys to the kingdom, so-to-speak, they could also have targeted other, less prominent accounts which were the actual focus of the breach.
Or maybe not. But as I said, it raises a bunch of questions.
Personally, I never use twitter. I think it's mostly a waste.
But I also don't let my *feelings* about the platform cloud my thinking. Twitter has 221 million users. How many of those folks are of interest to state security services, intelligence agencies, extremist groups and all manner of other bad actors?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Thursday July 16 2020, @03:23PM (11 children)
(Score: 2) by NotSanguine on Thursday July 16 2020, @06:48PM (9 children)
What gave you the idea that this was the case?
My understanding was that it was a targeted attack via social engineering, not some zero day exploit or known vulnerability. Not sure how 100k people get in on that action.
Please do elucidate.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Thursday July 16 2020, @11:24PM (8 children)
Sounds like a lot of people can do that.
(Score: 2) by NotSanguine on Thursday July 16 2020, @11:47PM (7 children)
You implied that 100k people *did so*. Is that your contention?
I mean, 30 or 40 thousand attempts wouldn't tip anyone off that something was up. But 100,000? No way.
Please.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @12:08AM (6 children)
Hence, the mention of the Tragedy of the Commons. Here's food, but it's not going to be there long once that massive number of people figure it out.
(Score: 2) by NotSanguine on Friday July 17 2020, @12:37AM (5 children)
You're talking out of your ass.
I assume it's from ignorance *this time*.
The hack was not a flaw or vulnerability in software or hardware. The miscreants contacted Twitter employees directly and tricked (or paid) them into giving up their credentials. That's what's called "social engineering."
Now, imagine that you're sitting there working and 100,000 people call you and attempt to get you to give up your credentials. After how many calls will you recognize that there's something fishy going on? Hopefully on the first call, but that didn't happen here.
How about two? Or five? I'd say that unless you're actually unconscious, you'd have to conclude that something odd was going one pretty quickly.
So, no. 100,000 people did not all execute this intrusion. It was one person/group that managed to sweet-talk their way into access to the internal management tools/systems.
I'm not sure where you got this 100,000 crackers with "access" to the intrusion, but it's not even a wild approximation of reality.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @01:09AM (4 children)
Exactly. There's a lot of people skilled in social engineering. There isn't a lot of people skilled in finding flaws and vulnerabilities in software or hardware. That social engineering exploit had a short shelf life.
(Score: 0) by Anonymous Coward on Friday July 17 2020, @01:16AM (3 children)
And that's why you claim that 100,000 *different* people/groups each, individually, performed this *specific* intrusion *yesterday*?
You're a genius! I'll be sure to look you up whenever I have any InfoSec questions.
(Score: 1) by khallow on Friday July 17 2020, @01:32AM (2 children)
Sounds like someone needs to read some posts!
(Score: 2) by NotSanguine on Friday July 17 2020, @01:47AM (1 child)
I did. Which is why I responded at all to *your* statement [soylentnews.org]:
Which was what I initially responded to. And I *specifically* asked you about it in every. single. reply.
I had to keep asking as you didn't answer the question.
Or are you claiming that your SN account was hacked and someone else posted that?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @04:20AM
(Score: 2) by NotSanguine on Thursday July 16 2020, @07:29PM
Here's an interesting take on the breach. [fortenf.org] It posits that maybe the bitcoin scam was all they could figure out to do in the short time (how long before someone notices they can't access their twitter account any more) they had to effect some results.
Which does makes sense. It also implies that the miscreants were not well organized and this wasn't a focused hack on Twitter. If that's the case and they just got lucky, that could mean that it was all just what it seems.
I'd be really interested to know what "social engineering" was done to get to one of the folks with access to the internal management tools/systems.
It seems unlikely that this was just luck, finding one or more folks at Twitter who *just happen to have* access to those tools/systems. What's more likely is a targeted attack on specific individuals *known* to the scammers.
That implies a much higher level of organization/planning than some hack scammer lucking into the intrusion of the year.
If that was indeed the case, then such a group would have already known what they wanted to do with such access *before* they executed the breach.
Then again, a bunch of accounts for Bitcoin exchanges and related businesses were hijacked too. Maybe they were the initial targets, and they got way more access than they ever imagined?
As I said at the start of this thread, there are a lot of unanswered questions.
I don't know the details or the circumstances. I'd like to find out though.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: -1, Troll) by Anonymous Coward on Thursday July 16 2020, @04:04PM
I find it interesting that the best you can do is simply repeat your own mostly word salad conspiracy theory. The internet is melting people's brains.