Quake3World.com Forums
     General Discussion
        Twitter got pwned
Post new topicReply to topic
Login | Profile | | FAQ | Search | IRC




Previous topic | Next topic 
Topic Starter Topic: Twitter got pwned
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-15-2020 09:42 PM           Profile   Send private message  E-mail  Edit post Reply with quote


https://www.engadget.com/twitter-crypto ... 05921.html

Quote:
In its first detailed statements since someone took over a number of high profile accounts Wednesday afternoon, Twitter posted a thread explaining “what we know so far.” While rumors have swirled about what may have caused a compromise that gave hackers access to Twitter accounts for Elon Musk, Bill Gates, Barack Obama, Apple, Kanye West and others, the company stated “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

[...]

Twitter also said that it’s investigating “what other malicious activity they may have conducted or information they may have accessed.” Based on the hackers ability to completely take over accounts, and the number of accounts they accessed, there’s speculation that they could have broken into virtually anyone’s account to see information stored as drafts or direct messages. We’ll continue to update this post as we learn more about what happened.

LOL all these huge social media companies have the most lax security. They seem to get caught with their pants down over and over again. I know they're big targets, but some of this shit is pretty basic.
Top
                 
seremtan
Etile
Etile
Joined: 19 Nov 2003
Posts: 34537
PostPosted: 07-15-2020 11:22 PM           Profile Send private message  E-mail  Edit post Reply with quote


Quote:
social engineering attack


Twitter employees are all WFH atm so my money's on housemates or partners using their laptop while they're in the shower or taking a dump
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 43443
PostPosted: 07-15-2020 11:55 PM           Profile   Send private message  E-mail  Edit post Reply with quote


This doesn't surprise me in the least.
I'm in the information security business. We build and sell software to (mostly) municipalities which helps them improve awareness among employees and help them becoming compliant with various information security related standards.

We also do mystery guest visits to see how easily we can access classified information by entering their office in person, without the required security clearance. Spoiler: ridiculously easy. If you knew how easy it is to get a full security clearance access pass from someone like a receptionist is mind boggling. Just act like you belong there and no questions are asked (other than if you've already had a slice of cake because Bob from accounting is celebrating his birthday).

A fun one is also when we send phishing mails to employees to test how an organization and its employees respond to that (after consultation with the responsible people in the organization itself of course. They ask us to do it). We measure various statistics, including click-through rates and the number of people literally leaving their login credentials at a (to them) unknown website. The results are often shocking.

The stuff I've seen happen is depressing. Most people don't have a clue what they're dealing with.
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-16-2020 02:13 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Tell me about it. I've stopped wearing my ID when doing insurance inspections and just keep it in my car. Nobody ever bothers to ask for it, even when the front desk hasn't been made aware of my visit. The number of times I've been allowed into server rooms, boiler rooms, and restricted areas with no questions asked is concerning. I was given free reign to wander around a decommissioned nuclear missile silo once without anyone accompanying me, and a hydroelectric power station, wastewater treatment plant.... Usually it's the daycare centers that are on top of their shit, more than anyone else.
Top
                 
xer0s
Digital Nausea
Digital Nausea
Joined: 10 Feb 2001
Posts: 24481
PostPosted: 07-16-2020 05:08 AM           Profile   Send private message  E-mail  Edit post Reply with quote


I wonder what juicy nibs they found in the user’s DMs...
Top
                 
xer0s
Digital Nausea
Digital Nausea
Joined: 10 Feb 2001
Posts: 24481
PostPosted: 07-16-2020 05:10 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Didn’t seem like a great scam though. Why not pump and dump some low hanging shitcoin?
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-16-2020 10:18 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Yeah, anyone savvy enough to know how to use Bitcoin isn't going to fall for an entry-level scam like that. :confused:
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 43443
PostPosted: 07-16-2020 12:20 PM           Profile   Send private message  E-mail  Edit post Reply with quote


I bet there's plenty of low hanging fruit there.
If it didn't work they wouldn't be doing it.
Top
                 
Mat Linnett
Shambolic
Shambolic
Joined: 11 Apr 2000
Posts: 7900
PostPosted: 07-16-2020 01:23 PM           Profile   Send private message  E-mail  Edit post Reply with quote


Yeah, remember, when the Bitcoin craze hit a couple of years back, there were plenty of opportunistic purchases made by people who were otherwise technically incompetent.
I can easily imagine some of those wanting to make money on what they've otherwise seen as being a useless investment.
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-16-2020 05:10 PM           Profile   Send private message  E-mail  Edit post Reply with quote


I doubt making money off that scam was the intent of the hacker. We don't know what info they got in DMs and shit, they could be selling it on the black market for a ton more than the $100k they got from the scam itself.
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-17-2020 09:39 PM           Profile   Send private message  E-mail  Edit post Reply with quote


https://www.engadget.com/twitter-wednes ... 10194.html
So the hackers exported data on 8 non-verified accounts. I wonder where this goes....
Top
                 
Κracus
Lead Pipe Mafia
Lead Pipe Mafia
Joined: 15 Oct 2007
Posts: 5559
PostPosted: 07-20-2020 04:30 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Transient wrote:
Tell me about it. I've stopped wearing my ID when doing insurance inspections and just keep it in my car. Nobody ever bothers to ask for it, even when the front desk hasn't been made aware of my visit. The number of times I've been allowed into server rooms, boiler rooms, and restricted areas with no questions asked is concerning. I was given free reign to wander around a decommissioned nuclear missile silo once without anyone accompanying me, and a hydroelectric power station, wastewater treatment plant.... Usually it's the daycare centers that are on top of their shit, more than anyone else.



This is true, some sites are overly paranoid and give me a hard time every time I go even though they know I work for them and it's always schools and social development sites. Other sites don't even care, justice, jails, environment sites I just walk in and no one bats an eye. One time I was looking for a lost phone, I thought it might have been left at a rangers site so I dropped by and asked the receptionist if there were any government phones that would have been left at the front desk for IT to pick up, I told them I worked for the government. They didn't so I left, however, they also called the police on me. Their description, and I'm not making this up, was that "some guy in a pin stripe suit driving a car no government worker would drive showed up asking for government phones." The car was admittedly a bright red 370Z, not a common government workers car, and my "pin stripe suit" was a jeans and T-shirt with a sports jacket over top...

I got a call from my supervisor later that day asking if it was me.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 43443
PostPosted: 07-20-2020 04:56 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Κracus wrote:
I got a call from my supervisor later that day asking if it was me.

"No it wasn't me, but I definitely saw the perp. It was a middle aged angry white man with an extremely angular head riding an awfully ugly Harley Davidson with a Floridian license plate".
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-22-2020 05:51 PM           Profile   Send private message  E-mail  Edit post Reply with quote


https://www.engadget.com/twitter-confir ... 26043.html

Geert Wilders had his DMs accessed. I wonder if they found anything damning. Not that it can be much worse than some of the vile shit he's said publicly.
Top
                 
seremtan
Etile
Etile
Joined: 19 Nov 2003
Posts: 34537
PostPosted: 07-23-2020 09:55 AM           Profile Send private message  E-mail  Edit post Reply with quote


yeah but it's all in boogaloo speak so who cares?
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 43443
PostPosted: 07-23-2020 09:51 PM           Profile   Send private message  E-mail  Edit post Reply with quote


Us Dutch call it "kletspraat", which is an untranslatable term meaning something like nonsensical bullshit.
Top
                 
seremtan
Etile
Etile
Joined: 19 Nov 2003
Posts: 34537
PostPosted: 07-23-2020 11:38 PM           Profile Send private message  E-mail  Edit post Reply with quote


boogalese
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35043
PostPosted: 07-31-2020 11:27 AM           Profile   Send private message  E-mail  Edit post Reply with quote


https://www.engadget.com/teenager-arres ... 02700.html

So it looks like Twitter was pwned by a 17-year-old. Pathetic.
Top
                 
seremtan
Etile
Etile
Joined: 19 Nov 2003
Posts: 34537
PostPosted: 07-31-2020 12:37 PM           Profile Send private message  E-mail  Edit post Reply with quote


Quote:
Bognor Regis


:smirk:
Top
                 
Quake3World.com | Forum Index | General Discussion


Post new topic Reply to topic


cron
Quake3World.com
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group