Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday July 16 2020, @12:45AM   Printer-friendly
from the TANSTAAFL dept.

Musk, Obama, Biden, Bezos, Gates—bitcoin scam hits Twitter in coordinated blitz:

Twitter accounts of the rich and famous—including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden—were simultaneously hijacked on Wednesday and used to push cryptocurrency scams.

As of 3:58 PM California time, the wallet address used to receive victim’s digital coin had received more than $118,000, though it wasn't clear all of it came from people who fell for the scam. It The bitcoin came from 356 transactions all occurred over about a four-hour span on Tuesday. The wallet address appeared in tweets from at least 15 accounts—some with tens of millions of followers—that promoted fraudulent incentives to transfer money.

“I’m giving back to all my followers,” one now-deleted tweet from Musk’s account said. “I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” A tweet from the Bezos account said the same thing. “Everyone is asking me to give back, and now is the time,” a Gates tweet said. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.

Other hijacked accounts belonged to Barack Obama, Apple, Kanye West, and a raft of cryptocurrency entrepreneurs.

[...] That so many social media accounts were taken over in such a short time and remained hijacked for so long is extraordinary if not unprecedented.

[...] As the hijackings continued, Twitter said that while it investigated, it was suspending the ability of many but not all Twitter users to tweet or respond to tweets. Accounts belonging to verified users were unable to use the platform except to send direct messages. Instead they got a message that said: "This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now. Please try again later." Unverified accounts worked normally.

If it looks too good to be true...

Also at: AlJazeera, BBCTech, CNET, MITTech, SecurityWeek, and Threatpost.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by khallow on Friday July 17 2020, @01:09AM (4 children)

    by khallow (3766) Subscriber Badge on Friday July 17 2020, @01:09AM (#1022681) Journal

    The hack was not a flaw or vulnerability in software or hardware. The miscreants contacted Twitter employees directly and tricked (or paid) them into giving up their credentials. That's what's called "social engineering."

    Now, imagine that you're sitting there working and 100,000 people call you and attempt to get you to give up your credentials. After how many calls will you recognize that there's something fishy going on? Hopefully on the first call, but that didn't happen here.

    Exactly. There's a lot of people skilled in social engineering. There isn't a lot of people skilled in finding flaws and vulnerabilities in software or hardware. That social engineering exploit had a short shelf life.

  • (Score: 0) by Anonymous Coward on Friday July 17 2020, @01:16AM (3 children)

    by Anonymous Coward on Friday July 17 2020, @01:16AM (#1022683)

    Exactly. There's a lot of people skilled in social engineering. There isn't a lot of people skilled in finding flaws and vulnerabilities in software or hardware. That social engineering exploit had a short shelf life.

    And that's why you claim that 100,000 *different* people/groups each, individually, performed this *specific* intrusion *yesterday*?

    You're a genius! I'll be sure to look you up whenever I have any InfoSec questions.

    • (Score: 1) by khallow on Friday July 17 2020, @01:32AM (2 children)

      by khallow (3766) Subscriber Badge on Friday July 17 2020, @01:32AM (#1022690) Journal

      And that's why you claim that 100,000 *different* people/groups each, individually, performed this *specific* intrusion *yesterday*?

      Sounds like someone needs to read some posts!

      • (Score: 2) by NotSanguine on Friday July 17 2020, @01:47AM (1 child)

        And that's why you claim that 100,000 *different* people/groups each, individually, performed this *specific* intrusion *yesterday*?

        Sounds like someone needs to read some posts!

        I did. Which is why I responded at all to *your* statement [soylentnews.org]:

        If it's you, 100k of your hacker buddies, and every competent crook on the planet.

        Which was what I initially responded to. And I *specifically* asked you about it in every. single. reply.
        I had to keep asking as you didn't answer the question.

        Or are you claiming that your SN account was hacked and someone else posted that?

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
        • (Score: 1) by khallow on Friday July 17 2020, @04:20AM

          by khallow (3766) Subscriber Badge on Friday July 17 2020, @04:20AM (#1022751) Journal
          Ok, what I did say and did mean to say was that there were hundreds of thousands, perhaps even millions of people with the skills to socially engineer their way into Facebook. So when someone first figures a way in via social engineering, they'll know that they're only the vanguard. Others can do what they did. It makes for a lot less incentive to preserve the exploit.