Twitter hacked by Bitcoin scammer trolls.... - Politics Forum.org | PoFo

Wandering the information superhighway, he came upon the last refuge of civilization, PoFo, the only forum on the internet ...

Talk about what you've seen in the news today.

Moderator: PoFo Today's News Mods

#15107845
@colliric

I have a REALLY hard to crack password and a second factor of token based authentication for my Twitter account (but even a hard to crack password can get stolen by hackers if they manage to crack into Twitter's servers and Twitter is not using any or weak hashing algorithms to store their users passwords). If you don't have my Yubikey, it would be very very difficult for any hacker to crack into my account.

Even if they managed to get my password, they still wouldn't be able to get in without my Yubikey in addition to knowing the password. Most people don't have two factor TOKEN BASED authentication on their Facebook or Twitter accounts. TOKEN BASED authentication is much stronger as a second form of authentication than using the Google Authentication App as your second form of authentication. I personally use Yubikey as my second factor of authentication. I keep a backup key under lock and key that way if I lose my first key I am not locked out my accounts forever.
#15107846
Normally I would appreciate the epic scope of such political and rich societal figures having their accounts hacked and troll posts being put up.

But unfortunately this was a robbery of the poor saps that aren't smart enough to figure out it's a scam.

I bet they netted more than that $150000 quoted figure. Probably much more.
#15107849
@colliric

Yes, but you also have to consider that if hackers can compromise the accounts of the rich and the powerful, what does that say about your security on the web? Hackers will go after people who are NOT rich and powerful not because regular people have any wealth to take but the hackers can use their accounts to launch other attacks on more higher value targets, which could be traced back to your account. Whether the investigators are smart enough to figure out you weren't the one who launched such attacks might be another story. So, that's the reason why non-important people like us have to take action in keeping our accounts as secure as possible too. Even Hollywood movie stars had their most personal and private videos (personal sex videos they made with their partners) were hacked from the iCloud and posted all for the world to see.
#15108631
@colliric

Think of it this way colliric. One of those accounts that was compromised was Former President Barack Obama's account. What if that account was used by those hackers to spread misinformation about nuclear war from Former President Barack Obama's compromised Twitter account? They could have done that if they wanted to. It also brings into question the security of Trump's Twitter account. If Former President Barack Obama's account was hacked on Twitter who is to say that Trump's account couldn't be hacked too? I think people seriously under-estimate the damage these hackers have already done and can continue to do.
#15108688
@Igor Antunov

It doesn't seem like in this case two factor authentication could have stopped the hackers from cracking into those accounts GIVEN they had access to Twitter Admin tools. Twitter Admin tools can disable two factor authentication on user accounts that have them activated.

It might have helped if those Twitter Admin tools themselves had some token based two factor authentication or perhaps multifactor authentication itself. That way for hackers to be able to gain access to those Twitter admin tools they would actually have to have in their physical personal possession the token to use in addition to the password to be able to access those admin tools.

For a third factor of authentication I would require a biometric iris scan in addition to the token and password before anybody could get access to those admin tools. I suspect these hackers probably compromised a less privileged account and engaged in privilege escalation to get that access but I wonder if those Twitter admin tools had two factor or multifactor authentication in place before granting admin privileges to anybody.

Hence, why it was likely those hackers were able to get access to those admin tools when they likely engaged in privilege escalation from a less privileged account. That and a lack of implementing hardening guidelines on their systems.

But as the saying goes in cybersecurity it's not a question of if but when. I wonder how quickly they moved to contain these compromises and how effective their response was in containment and eradication of these compromises?

Edit:

I read that it was the classic social engineering attacks, probably using spear phishing that compromised a less privileged employee account or who knows maybe even a highly privileged employee account.
#15110945
@colliric

It appears that the "mastermind" behind the Twitter hack was a Florida teen. You got young people out there with serious IT skills. However, the young lack the maturity to know better that doing such a hack is very immature, childish and stupid. I am not surprised that it turned out that the mastermind behind the hack was a teen:

By David Fischer and Frank Bajak, Associated Press wrote:A Florida teen was identified Friday as the mastermind of a scheme earlier this month that commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin. Two other men were also charged in the case.

Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a news release.

Two men accused of benefiting from the hack — Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando — were charged separately in California federal court.

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.


https://bit.ly/2XhTdGw

EU is not prepared on nuclear war, but Russia,[…]

It is implausible that the IDF could not or would[…]

Moving on to the next misuse of language that sho[…]

There is no reason to have a state at all unless w[…]