
How the FBI tracked down the Twitter hackers - ohjeez
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/
======
uwuwuwu
Very alienating how they disclose names even before their guilt is proven in
court.

Also, I read they're considered adults because the crime was so serious. Come
on. Just send the BTC back and that's it. This shit is a proof-of-concept and
we should be thankful nobody started world war 3 on Twitter.

There's zero harm, just improved security at Twitter.

~~~
SahAssar
They willingly impersonated multiple people and tried to scam people based on
that. That is not zero harm. Are you really saying that someone that executes
a spearphishing attack on a company then uses that to take over accounts
within that companies services and then uses that to try to scam people should
just get a slap on the wrist?

There are at least two or three levels of this where any reasonable person
would have thought "This is getting really fucking criminal"

~~~
aeternum
This was likely a net benefit to US citizens. Much better that this kid
exposed these security holes. Imagine how bad it would be if a nation state
did this close to the election.

Spearphishing is a real problem and tech companies have no answer. An annual
employee training program isn't going to solve the problem. Simply making it
illegal isn't going to solve the problem.

~~~
SahAssar
> Much better that this kid exposed these security holes.

That's why we have responsible disclosure. It does not make it okay to exploit
security holes for profit.

> Spearphishing is a real problem and tech companies have no answer.

That does not make it okay to exploit it.

~~~
aeternum
>That's why we have responsible disclosure. It does not make it okay to
exploit security holes for profit.

I'm not aware of any bug-bounty or responsible disclosure method that allows
spear-phishing as the attack requires impersonation/fraud. Is there one?

~~~
SahAssar
Responsible disclosure does not equal bug bounty. Just because you found a
security hole does not mean you are entitled to a payout.

The responsible way to do this would be to prove the access to twitters
security team and not exploit it for personal gain. You can even just post it
publicly, just don't try to scam people and profit based on the exploit.

Do you think that just because there isn't a bug bounty for a specific exploit
that gives you a free pass to exploit it for personal gain?

------
opqpo
Those kids should get a prestigious cybersecurity job instead of going to
jail. They didn't harm anybody even though they had the power to do that.

~~~
Rebelgecko
Didn't they defraud people around the world of over $100,000? That seems like
harm to me

~~~
justSayin000001
If people were stupid enough to fall for that then I put the fault on them.

~~~
Rebelgecko
As a thought exercise, I'd encourage you to try and have more empathy for
those who are less capable.

I went through a somewhat similar experience with my grandparents. Although
the scam they fell for was a bit less obvious, it's a hard situation to go
through and realize that your loved ones have declined to such an extent
cognitively

~~~
justSayin000001
I am sorry! You are right! I automatically assumed everyone with
cryptocurrency understood the risks and benefits, but if this is to become
mainstream we need to educate people. I am sorry for making such assumptions
about people.

