SoylentNews is people
SoylentNews
Musk, Obama, Biden, Bezos, Gates—bitcoin scam hits Twitter in coordinated blitz:
Twitter accounts of the rich and famous—including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden—were simultaneously hijacked on Wednesday and used to push cryptocurrency scams.
As of 3:58 PM California time, the wallet address used to receive victim’s digital coin had received more than $118,000, though it wasn't clear all of it came from people who fell for the scam. It The bitcoin came from 356 transactions all occurred over about a four-hour span on Tuesday. The wallet address appeared in tweets from at least 15 accounts—some with tens of millions of followers—that promoted fraudulent incentives to transfer money.
“I’m giving back to all my followers,” one now-deleted tweet from Musk’s account said. “I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” A tweet from the Bezos account said the same thing. “Everyone is asking me to give back, and now is the time,” a Gates tweet said. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.
Other hijacked accounts belonged to Barack Obama, Apple, Kanye West, and a raft of cryptocurrency entrepreneurs.
[...] That so many social media accounts were taken over in such a short time and remained hijacked for so long is extraordinary if not unprecedented.
[...] As the hijackings continued, Twitter said that while it investigated, it was suspending the ability of many but not all Twitter users to tweet or respond to tweets. Accounts belonging to verified users were unable to use the platform except to send direct messages. Instead they got a message that said: "This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now. Please try again later." Unverified accounts worked normally.
If it looks too good to be true...
Also at: AlJazeera, BBCTech, CNET, MITTech, SecurityWeek, and Threatpost.
(Score: 2) by NotSanguine on Thursday July 16 2020, @10:09AM (13 children)
What's more, if you're slick enough to gain the access the miscreants did, it makes little sense to make an amateurish bitcoin scam your coup de grace.
Twitter's process failed, and they should be roundly criticized for it.
This bitcoin scam may just be a cover, especially since it was focused on the famous with millions of followers -- which means millions of people received said scam tweets, for some *other* nefarious purpose.
If these folks had the keys to the kingdom, so-to-speak, they could also have targeted other, less prominent accounts which were the actual focus of the breach.
Or maybe not. But as I said, it raises a bunch of questions.
Personally, I never use twitter. I think it's mostly a waste.
But I also don't let my *feelings* about the platform cloud my thinking. Twitter has 221 million users. How many of those folks are of interest to state security services, intelligence agencies, extremist groups and all manner of other bad actors?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Thursday July 16 2020, @03:23PM (11 children)
(Score: 2) by NotSanguine on Thursday July 16 2020, @06:48PM (9 children)
What gave you the idea that this was the case?
My understanding was that it was a targeted attack via social engineering, not some zero day exploit or known vulnerability. Not sure how 100k people get in on that action.
Please do elucidate.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Thursday July 16 2020, @11:24PM (8 children)
Sounds like a lot of people can do that.
(Score: 2) by NotSanguine on Thursday July 16 2020, @11:47PM (7 children)
You implied that 100k people *did so*. Is that your contention?
I mean, 30 or 40 thousand attempts wouldn't tip anyone off that something was up. But 100,000? No way.
Please.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @12:08AM (6 children)
Hence, the mention of the Tragedy of the Commons. Here's food, but it's not going to be there long once that massive number of people figure it out.
(Score: 2) by NotSanguine on Friday July 17 2020, @12:37AM (5 children)
You're talking out of your ass.
I assume it's from ignorance *this time*.
The hack was not a flaw or vulnerability in software or hardware. The miscreants contacted Twitter employees directly and tricked (or paid) them into giving up their credentials. That's what's called "social engineering."
Now, imagine that you're sitting there working and 100,000 people call you and attempt to get you to give up your credentials. After how many calls will you recognize that there's something fishy going on? Hopefully on the first call, but that didn't happen here.
How about two? Or five? I'd say that unless you're actually unconscious, you'd have to conclude that something odd was going one pretty quickly.
So, no. 100,000 people did not all execute this intrusion. It was one person/group that managed to sweet-talk their way into access to the internal management tools/systems.
I'm not sure where you got this 100,000 crackers with "access" to the intrusion, but it's not even a wild approximation of reality.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @01:09AM (4 children)
Exactly. There's a lot of people skilled in social engineering. There isn't a lot of people skilled in finding flaws and vulnerabilities in software or hardware. That social engineering exploit had a short shelf life.
(Score: 0) by Anonymous Coward on Friday July 17 2020, @01:16AM (3 children)
And that's why you claim that 100,000 *different* people/groups each, individually, performed this *specific* intrusion *yesterday*?
You're a genius! I'll be sure to look you up whenever I have any InfoSec questions.
(Score: 1) by khallow on Friday July 17 2020, @01:32AM (2 children)
Sounds like someone needs to read some posts!
(Score: 2) by NotSanguine on Friday July 17 2020, @01:47AM (1 child)
I did. Which is why I responded at all to *your* statement [soylentnews.org]:
Which was what I initially responded to. And I *specifically* asked you about it in every. single. reply.
I had to keep asking as you didn't answer the question.
Or are you claiming that your SN account was hacked and someone else posted that?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by khallow on Friday July 17 2020, @04:20AM
(Score: 2) by NotSanguine on Thursday July 16 2020, @07:29PM
Here's an interesting take on the breach. [fortenf.org] It posits that maybe the bitcoin scam was all they could figure out to do in the short time (how long before someone notices they can't access their twitter account any more) they had to effect some results.
Which does makes sense. It also implies that the miscreants were not well organized and this wasn't a focused hack on Twitter. If that's the case and they just got lucky, that could mean that it was all just what it seems.
I'd be really interested to know what "social engineering" was done to get to one of the folks with access to the internal management tools/systems.
It seems unlikely that this was just luck, finding one or more folks at Twitter who *just happen to have* access to those tools/systems. What's more likely is a targeted attack on specific individuals *known* to the scammers.
That implies a much higher level of organization/planning than some hack scammer lucking into the intrusion of the year.
If that was indeed the case, then such a group would have already known what they wanted to do with such access *before* they executed the breach.
Then again, a bunch of accounts for Bitcoin exchanges and related businesses were hijacked too. Maybe they were the initial targets, and they got way more access than they ever imagined?
As I said at the start of this thread, there are a lot of unanswered questions.
I don't know the details or the circumstances. I'd like to find out though.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: -1, Troll) by Anonymous Coward on Thursday July 16 2020, @04:04PM
I find it interesting that the best you can do is simply repeat your own mostly word salad conspiracy theory. The internet is melting people's brains.