Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Jack Dorsey has account hacked (bbc.co.uk)
70 points by stuartmemo 21 days ago | hide | past | web | favorite | 31 comments

From 'minimaxir: https://news.ycombinator.com/item?id=20842045

> It's worth noting the client is Cloudhopper: that has been compromised before.

> https://twitter.com/gruber/status/859857475146854402

Looking up the hashtag the attackers used, I came across this blog post alleging the problem being AT&T's: https://www.treyexgaming.com/index.php/2019/08/26/how-the-sa...

Food for thought.

Regardless of whether the alleged source of insecurity is what happened here, SMS-based authentication was a mistake.

It wasn't the first time: https://www.theverge.com/2016/7/9/12134754/ceo-jack-dorseys-... Maybe it's time to take security a wee bit more seriously Jack.

If it's this easy to hack Trump's Twitter account and say things that could trigger war, maybe we need to reconsider allowing elected officials to use social media as their official communications channel. Instead, they should have a government run portal where they relay whatever info they need to.

As if that portal would somehow be more secure?

Likely, yes. Perfect security might be impossible but I hear some people competent people remain in the DoD and NSA despite the administration's efforts.

Certainly it could be if security was an explicit design goal. Security is an afterthought for most social media companies since users getting hacked isn't typically a big deal; including in this case.

Notice, for example, that bank accounts are hacked much less frequently than twitter accounts.

I would bet that you could be more secure than Twitter if you eliminated a bunch of features.

Heck, you could make it a static website.

It would prevent internal issues and bias at Twitter, like when a rogue employee deleted Trump's account.

[1] https://www.independent.co.uk/news/world/americas/twitter-em...

Government-run portals are not immune to hacking.

Instead of Twitter then you just hack CNN and post a story that war was declared. Same thing.

> a government run portal where they relay whatever info they need to

This is wholly possible with the use of ActivityPub:


>If it's this easy to hack Trump's Twitter account and say things that could trigger war

I think before going to war with a super power, a country will check with various diplomatic channels if that was really what was said. In addition, if war could be triggered by a tweet, stuff isn't going so well anyway. With the possible exception of North Korea, I can't think of a single country that would go to war with the United States over any possible tweet by the President or anyone else, even if the tweet was real.

While it's unlikely North Korea would just launch missiles on that basis, is that really a gamble you want to take?

Imagine such exploit taking place at a moment of greater tension, and consider the fact that the President is already prone to erratic behavior online which his staff then attempts (or not) to conform to existing policy.

EDIT: right after reading this thread I glanced at the headlines, only to discover that intel analysts are (allegedly) upset that the following Presidential tweet included a snapshot of a till-then classified surveillance image. I offer this as an example of why traditional diplomatic and security norms may be more fragile than you suspect.



On its own, probably true.

If that tweet happened to drop at the same time as something like https://en.wikipedia.org/wiki/1983_Soviet_nuclear_false_alar..., who knows?

Agreed, with the addition that North Korea wouldn't go to war with the US over a tweet either.

> say things that could trigger war

I miss the shared understanding of sticks, stones, and words.

They probably mean tweeting something like "At 11:45 EDT, the United States will be launching a tactical missile strike against Iran's Natanz and Karaj nuclear reactors, unless the Ayatollah agrees to permanently cease their operations", not "Fatty Kim Jong-Un is a loser!"

I doubt it would actually start a war, but it could definitely cause problems, especially if they believe the tweet may have actually been a "testing of the waters" rather than a result of a compromised account.

That shared understanding has never existed in history. Intelligence and diplomacy has always been part of warcraft. The Spanish-American War and Pearl Harbor are two notable cases of war triggered by communications.

Words can also crash stocks, too.

Yes, but that's hardly a surprise.

Buying or selling a stock is a low effort action explicitly a predicting the future.

Specially if coming from high profile politicians and CEOs...

I think we need to reconsider the value of Twitter as a communications channel, along with the other social media platforms. They should not be taken so seriously.

Am I the old man yelling at the kids to get off my server yet?

Who would ever believe that a president would announce a first strike over Twitter before launching?

Who ever believes any of the random sewage that pours forth from that overgrown child's Twitter account, anyway?

> Who would ever believe that a president would announce a first strike over Twitter before launching?

Big if true!

Ok, now what if I were to tell you that a couple hacked tweets isnt ever going to cause a war?

People need to implement PGP for login and message signatures for showing authenticity.

Some sort of PAKE backed by U2F/WebAuthn would be worth considering.

PGP is not. https://latacora.singles/2019/07/16/the-pgp-problem.html

What about Nacl?

Sure, because 'user friendly' and 'PGP' are always used paired in sentences with positive sentiment.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact