Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill G
[See the full post at: Krebs: Here’s how all of those Twitter accounts got hacked]
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Krebs: Here’s how all of those Twitter accounts got hacked
- This topic has 13 replies, 9 voices, and was last updated 3 years, 2 months ago by
.
AuthorViewing 7 reply threadsAuthor-
I think it is a mistake for anyone in government anywhere at any level to use any social media account for anything. They do so only as a way to communicate directly with the public without having to rely on the media, mainstream or otherwise (newspapers, TV, etc.), circumventing traditional methods of disseminating governmental information. They should go back to issuing written press releases to the press corps and stop making them the enemy. Imagine if these hackers gained control of some head of state’s social media accounts and started issuing completely false statements regarding some other nation or its head of state. The consequences could easily involve injury or death to many innocent people. Do our government’s social media users have any concrete knowledge or inside information regarding the inherent security of these platforms? Apparently not. Even at a local level, a local official’s account could get taken over by hackers who then issued statements causing mass chaos and confusion regarding local utilities being turned off or water quality statements that were completely false. It’s a recipe for chaos and disaster.
4 users thanked author for this post.
-
The New York Times has an article this AM on the group that did the hacking. Fools and their Bitcoins are often parted. This further confirms for me that social media is uncontrollable (I have never had a Facebook or Twitter account and sleep better at night).
1 user thanked author for this post.
-
Simple solution: Never use nor care about Twitter. Problem solved, life simplified.
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
Solution 2: Never use nor care about bitcoin.
-Noel
-
Equifax got hacked – Capital One, HomeDept etc all got hacked on large scale – why would anyone think Twitter is immune to hacking.
People who sent their BTC to the criminals are the ultimate fools but they exist.
The MSM is spinning it as a bitcoin scam of course – I am a bitcoin user for years, never had an issue. Speed and cost of international transfers is unrivaled. Common sense security measures just like you protect your computers.
Never had a FB account, I am on twitter but I am not a celebrity and have nothing to sell so why use my real identity. I see people with their real names posting their family pics with small children. That’s asking for the creeps to make a move.
—
1 user thanked author for this post.
-
Noel Carboni: “That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.”
According to the article in question, the following have been on the receiving end and I don’t think that, whatever else we may think of each of them, none of them are fools, or (if companies) run by fools:
“Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet”
But none of them probably handle things like bitcoin payments in person. As they all can well afford it, probably have gofers that do it for them.
Now, for those of us that have to take care of our things ourselves, the best way to keep out of trouble is not to seek it in the first place. So, the same as Noel, I keep well away from things such as Twitter, Facebook, etc. that are inessential to my real needs (besides, from what I’ve seen, also likely to annoy me), but require sharing personal information in order to open accounts there. It is already too bad that, in order to self-isolate, these days, I’ve had to open a number of accounts to buy things online that, normally, I would drive somewhere, park the car, walk into a shop and buy them there and then while sharing only greenbacks or using my bank issued credit card with a “smart” chip, knowing that shops are not allowed to keep any information they get from it once the payment has been approved. As to online accounts, I can cancel them when I don’t need them anymore, but the information I’ve been asked to give when opening them is not guaranteed to disappear from those companies servers once they are closed. Some of that information, such as an email, I could change as a precaution, others, such as credit card numbers, phone numbers, etc.: not so much.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Hello @Oscar-
the following have been on the receiving end
The people who’s accounts you list had their Twitter accounts accessed, in order for the bad guys to impersonate them in Twitter Posts requesting BitCoin. Their Twitter accounts were compromised, but they did not send or receive any BitCoin. Their bank accounts, or BitCoin accounts were untouched… and were probably unaware of having their accounts compromised until notified by Twitter, or coming across other reports of the compromise.
The people who were relieved of their BitCoin were those that sent it, thinking this was actually from the Twitter account holder, and a legitimate request… and those are the people that Noel Carboni is referring to, in saying:
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
The bad guys provided were the recipients of the Bitcoin sent by the defrauded Twitter followers… and they are the ones who are now enriched (sadly).
Non-techy Win 10 Pro and Linux Mint experimenter
-
Elly, You are quite right. My mistake.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
-
-
-
Anonymous, Well, as I might have mentioned, I never used Twitter, so I wrote that sentence out of ignorance. Thanks for clarifying the point. But at social network sites showing up with what looked like interesting hits when doing searches for some particular information, I have been asked to register if I wanted to read whatever it was and, going through the motions to see what personal data was requested to open an account there, I was usually asked for more than my email address and picking a username. So, unless I really need to have access to some online service that requires registration, I am happy to have nothing to do with it.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Twitter only requires a username and email address, which is less personal information than required to register for AskWoody.
Twitter only requires a username and email address, which is
lessexactly the personal information [than] required to register for AskWoody.
1 user thanked author for this post.
-
Twitter : What the attackers accessed
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections
For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
1 user thanked author for this post.
Viewing 7 reply threads - This topic has 13 replies, 9 voices, and was last updated 3 years, 2 months ago by
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Mind Nutrition – Feeding The Brain of yours the right Food (Awaiting moderation)
by 2 minutes ago
-
Humane shows off its futuristic ‘Ai Pin’ wearable
by 1 hour, 26 minutes ago
-
Linux Mint 21.2 Cinnamon (Edge)
by 5 hours, 23 minutes ago
-
What happened to Web Select?
by 15 hours, 4 minutes ago
-
StatCounter : Windows 11’s market share is unchanged and not going anywhere.
by 8 hours, 34 minutes ago
-
How to view 1990’s files with graphics content. Lotus 123 .wk1/.FMT Harvard.DWG
by 4 hours, 37 minutes ago
-
macOS Sonoma can be installed on 83 unsupported Macs
by 16 hours, 53 minutes ago
-
Unable to create home network connection between Win 7 and Win 10 machines
by 59 minutes ago
-
Entering pin to start windows 11 22h2
by 19 hours, 18 minutes ago
-
Version 1809/Server 2019 kb5030214 problem question?
by 18 hours, 12 minutes ago
-
Ghacks Author Filter
by 17 hours, 34 minutes ago
-
ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager
by 1 day, 2 hours ago
-
Waterfox G just gets better and better
by 4 hours, 42 minutes ago
-
Microsoft Backup triggers help-desk calls and confusion
by 3 hours, 16 minutes ago
-
How Amazon ejected AI-written e-books from its bestseller lists
by 13 hours, 21 minutes ago
-
Ten stunning features in Microsoft Word
by 4 hours, 12 minutes ago
-
Thunderbolt
by 19 hours, 6 minutes ago
-
VeraCrypt updates
by 18 hours, 57 minutes ago
-
A.I. and AskWoody
by 1 day, 6 hours ago
-
Where is Windows Update?
by 4 hours, 57 minutes ago
-
mailwasher
by 1 day, 9 hours ago
-
Windows Photos
by 1 day, 10 hours ago
-
OT QuickBooks payroll module not letting you efile 941
by 1 day, 11 hours ago
-
MSA logins have been retired from DPC May 1st
by 1 day, 11 hours ago
-
Administrator Lock
by 1 day, 15 hours ago
-
Skype cancels loopback audio
by 1 day, 18 hours ago
-
Python re-installation
by 1 day, 1 hour ago
-
Finally updated to Thunderbird 115
by 4 hours, 16 minutes ago
-
Hard drive boot up problem in Windows AND Linux
by 5 hours, 1 minute ago
-
WSUS fails to download monthly Cumulative Update for Windows 11 Version 22H2
by 1 day, 10 hours ago
