We still don't know if the hackers didn't steal all the DMs to sell on the dark web. They basically can prove without a shadow of a doubt to anyone that they were the hackers involved (by sending BTC from the publicized address). That removes any questions of authenticity for potential DMs and is likely to increase the price. They or someone else they resell to can then go about the blackmail aspects of the whole thing.
If they didn't mean the BTC address to be an authenticity stamp after the fact it seems silly to not have varied it to get around blocks.
edit: They can also use it for blackmail even if there's no incriminating DMs. By making up fake DMs and then using the authenticity stamp to "prove" they were authentic. Could cause quiet a bit of chaos if released in the right way and be worth something to someone.
I doubt Apple or Bill Gates have very many incriminating Twitter DMs. Kanye is a non-factor, nobody serious cares what a, respectfully, manic-depressive is DMing about.
Elon Musk might have some suspect DMs, but honestly I think his crazy Twitter behavior is priced into TSLA already.
I think this assumes that only the obvious accounts were affected (basically any that sent out the tweet about the scam). It's quite possible many accounts were accessed more quietly.
If they were stealthily looking for dirt, why would they draw so much attention to the compromise? There’s no way Twitter wouldn’t examine all of the accessed accounts now and the “this process access” theory is both sketchy in general (Guccifer 2.0 publicized the idea of putting forgeries into a dump to make them seem legitimate) and wouldn’t apply in this case since these are different accounts.
I don't think there was a way to hide this from Twitter once it was executed, since each hacked account got a password reset email. Assuming that you can't hide it from Twitter, then it's a fine strategy to make sure that everyone, especially potential customers of the hacked DMs, knows that you hacked these accounts.
If you're looking for dirt, you want to be the only one with the dirt to maximize potential for selling or blackmailing with said dirt. If you've found an exploit and exfiltrated the dirt that you care about, you might want to ensure that the exploit gets patched to stop others from being able to gain access to the dirt.
I would think it's more likely to be used as blackmail material, where they threaten to release them publicly if they aren't paid.
In that case, it's irrelevant what the public thinks of them, all that matters is what the blackmailed individual's ability to pay and what they thinks about the public seeing them.
Put another way, maybe Musk's DMs being leaked doesn't actually change anything, but maybe Musk feels like it changes a lot for him, either personally or professionally. That's worth money to someone with the DMs.
It's possible (though perhaps unlikely) that there are DMs that could get him 'cancelled'. I would guess that is the leverage that DM-blackmailers would use.
Sure, but I was actually commenting on how it doesn't have to be DMs that will get him cancelled. It only has to be DMs that look bad enough that he thinks something like that might happen. Or even some smaller thing.
If you're Musk with his money and resources, what's $10k or $20k to keep knowledge out of the public that you slept with your friend's or some random famous person's wife, or cheated on your girlfriend? The amount of money something like that is worth is relative to available money to the person and what the personal cost is to spend it. How much does it hurt Musk to spend $100k? Would he spend that much to try to keep knowledge of someone woman pregnant with his child getting an abortion? I think probably, if he thought he could keep the fact he paid secret if it came out later, since that would only make any story worse (regardless of how he feels about abortion, paying a lot to keep it secret is just fuel for any criticism while also being worthwhile for anyone that wants privacy).
This assumes they could only access DMs of people that sent out the spam (which includes Biden). In reality they could have pulled Trump and friends' DMs also, who have a history of using twitter for official use and seem to have questionable operational security.
Like I said, you don't need incriminating DMs, you just need the threat of incriminating DMs and enough authenticity proof to cause chaos. I can imagine certain governments who would pay money to have incriminating DMs about Joe Biden be released right before the election.
It's enough proof to convince enough people to cause issues. The media lacks depth and loves click bait stories. Timing is key but there is an election coming up soon and Hilary got hurt when her emails got leaked.
If they didn't mean the BTC address to be an authenticity stamp after the fact it seems silly to not have varied it to get around blocks.
edit: They can also use it for blackmail even if there's no incriminating DMs. By making up fake DMs and then using the authenticity stamp to "prove" they were authentic. Could cause quiet a bit of chaos if released in the right way and be worth something to someone.