
July 15 Twitter Attacks - samberry
https://discsec.net/july-15-twitter/
======
motohagiography
The attacks as described forfeited a giant amount of leverage. It was like
breaching a bank vault and just stealing some rolls of coins. By doing
something high profile, the attackers gave up any shot at persistence inside
the infrastructure, and didn't even show any forethought on political options.
It's like some employee's kid using their parents device got hacked by his
schoolmates. However, we can probably surmise that if people this dumb are
inside the platform, smarter attackers are in there too.

~~~
lliamander
I think the real purpose had to do with capturing the DMs of high-profile
people for blackmail or other nefarious purposes.

~~~
eslaught
But if that was your goal, why wouldn't you just remain silent and allow your
targets to continue to use the platform? Presumably a live data feed is
strictly better than one than one that immediately dries up.

~~~
marcinzm
The attack requires changing the email and disabling mfa, the target and
Twitter would know pretty quickly. You also have no way to prove to outside
parties that you actually had control the account afterwards. This way there
is trivial proof that you had control of the account by simply sending some
btc from the address.

------
easterncalculus
I am definitely convinced that there is something more to this story that we
don't know about yet. Insider access like this is expensive - too much for the
bitcoin they made. The direct messages of the accounts involved could be
priceless. People really do talk about such private things over sites like
Twitter, and it's all so low return for what is easily one of the largest blue
check account breach incidents. The scale of this is too much to ignore to me.

~~~
abhorrence
Insider access may not be as expensive as you think. Some of the lowest paid
employees (e.g. customer service like roles) at tech companies have relatively
broad access to systems. Those employees routinely underestimate both the
likelihood that they’ll be caught, and what the consequences will be.

~~~
WrtCdEvrydy
To be honest, the bar to being tried is pretty high... you can always claim
someone stole your phone with your 2FA (if it's being used) and that you
reused a password.

Getting fired is likely but someone getting paid a couple of dollars in India
could flip you for $10,000 just as well as someone in the US could flip you
for $1,000,000.

~~~
abhorrence
It depends on the type of employee. Customer service agents typically don’t
work from home (apart from our current situation of course). They often don’t
have access to their equipment outside of working hours. This makes it quite a
bit more likely that they’ll be charged with some sort of crime.

When you’re someone making near minimum wage in the US, at a job you don’t
particularly like, I think the number ends up being significantly lower than a
million.

------
rozab
I am convinced the supposed hackers, as identified by krebsonsecurity, are
patsies. The purpose of the attack was to undermine confidence in Twitter as a
platform, which is why the attack was intentionally amateurish.

~~~
AnimalMuppet
[Me dons tinfoil hat.]

It's a false flag operation. Trump realized that his tweets have become a
political liability, so he had this done so that he can claim that someone
hacked his account and posted all this weird stuff on it.

[Me takes off tinfoil hat.]

More seriously, what would the point be? Stock price manipulation? Making
users think about moving to another platform? Political? International
espionage?

[Edit: Since everyone seems to have missed it, the part inside the "tinfoil
hat" blocks was _not_ intended to be taken seriously. I expected it to be
interpreted as a /s, but apparently it was not.]

~~~
nurettin
That hat appears to have lingering effects.

~~~
yetanta
Its cheap tin foil it got in their hair

------
kylewins
There is a few stories from the book "Sandworm" which government hacker teams
infiltrated a system and used cheesy bitcoin heist as a cover up for the real
purpose.

------
GaryNumanVevo
I was leaning towards this being some sort of state-sponsored business, but
typically they aren't going to draw this much attention to themselves.

It seems pretty easy to infiltrate Twitter as a state sponsored spy, however.
[https://www.npr.org/2019/11/06/777098293/2-former-twitter-
em...](https://www.npr.org/2019/11/06/777098293/2-former-twitter-employees-
charged-with-spying-for-saudi-arabia)

------
freddyym
> Somebody with the ability to pull off such a sophisticated attack would
> surely be above a low-income bitcoin scam. Personally, I think the scam is a
> mere cover-up for something much darker.

This. These bitcoin-type scams have around for ages and people are getting
used to them. With this much power (aka number of accounts) why bother with
such a low effort con. Though I don't like this talk as it fuels pointless
conspiracy.

------
jwilk
Archived copy that works with JS disabled:

[https://archive.md/QRxju](https://archive.md/QRxju)

~~~
samberry
Thank you - my site has been suspended for 24 hours after too many hits at
once.

