Twitter mass hacking: Bill Gates, Elon Musk, Jeff Bezos, Mike Bloomberg, Biden, Obama, more hijacked to peddle Bitcoin scam The Twitter accounts of Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, and other celebrities were briefly taken over on Wednesday, along with the accounts of various cryptocurrency businesses and affiliated executives, to promote a Bitcoin scam. Fellow twits were told by the A-list stars to transfer BTC to the celebs, …
No way all those people / companies used weak passwords and none of them were using 2FA.
Probably the only reason they didn't compromise Trump's account is Twitter probably has some extra layer of control on it due to the market moving potential if someone was able to tweet as him and claim we're declaring war on China or he's declaring nationwide martial law or whatever (especially because one couldn't be sure that either of those isn't something he would do...)
It's pretty appalling that so many accounts have been affected. I mean, clearly, internal accounts and tools have been compromised through spear phishing. And once in, it appears that there's no firewalling of access to accounts (it's as if every person with the tools has access to every account).
Twitter's red and blue teams (do these even exist) will be feeling pretty sheepish right now. I watched it happen in real time and saw how long it took for Twitter to respond at all.
Jack's got a lot of work to do, not just to work out exactly what happened, but to also restructure systems and teams to stop it happening again, and finally to minimise the scope for abuse if somebody in operations is successfully compromised again.
This event, and the way Jack et al react to it, could be what decides what Twitter's long term future looks like.
Probably the only reason they didn't compromise Trump's account is Twitter probably has some extra layer of control on it due to the market moving potential if someone was able to tweet as him and claim we're declaring war on China or he's declaring nationwide martial law or whatever
If they had, there probably would have piles of money flowing in from the Trump Faithful. Possibly even bankrupted some. What's strange to me is that there's no diehard Trump supporters in the lists I've seen.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools
Hi, I'm billionaire Elon Musk. I need to change my e-mail address to 1234567890@mailinator.net but I've forgotten my password and it won't let me.
No, not the hack but the 'cult of celebs' that seens to dominate so much of the media these days.
Thankfully, us fully paid up members of the GOM fraternity (Grumpy Old Men) and our sisters in the GOW sorority would have had nothing to do with this sort of shite.
We see the world through very cynical eyes. nothis is as good as it seems unless we grew it or made it ourselves.
There are times when being a 'Grumpy' pays off.
Membership is by invitation only and that comes via snail mail. None of this new fangled electronic wizzadry for us. Our records are etched into polished granite.
Have a nice day y'all! :) :)
Given how many accounts were compromised I'm betting the attack was automated. The scammers may have considered what compromising certain of the accounts could be worth, but were more interested in making sure they couldn't get caught than making the biggest possible score.
The problem with doing something like sending a tweet as Musk mentioning a recall of Model 3s is that in order to profit from that you'd need to make market transactions both before and after the tweet to cash in. You either need a LOT of cash to have sufficient margin to borrow a lot of shares to sell short, or do something that stands out even more obviously using options. And you need to have some way of cashing out before your account gets frozen. Not just cashing out of your market account, but getting the money to somewhere the SEC can't touch it anywhere in the world.
While I'm sure that's doable if you have sufficient knowledge of the international banking system, it isn't going to be as easy to do as moving bitcoin from one wallet to another. Its kind of like saying "if you're gonna rob a bank why not rob the US mint since there's a lot more money there?"
The timing of the exploit was also right around when a lot of Twitter employees would be commuting home. Maybe that was a coincidence, or maybe that was deliberate in an attempt to maximize the time it would take for them to figure out what was going on and stop it. That unfortunately conflicts with the timing required to execute stock market shenanigans (though I guess they could have tried them at the market open)
>Not just cashing out of your market account, but getting the money to somewhere the SEC can't touch it anywhere in the world.
Tesla is the most shorted stock in the market. There are something like $20Bn in short positions - hiding your $1M in gains from that would be trivial. Probably easier than washing the fractional bitcoin from these small "investors"
You can't open an account and take a short position without putting in money to cover the margin, so you'd need at least $500K in cash or securities to deposit in the account first. Plus there are extra hoops to jump through to be approved for a margin account of that size, so it isn't just open one up and the next day you do the scam. The more hoops you have to jump through and the longer it takes, the bigger the risk there is of being caught.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
