Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill G
[See the full post at: Krebs: Here’s how all of those Twitter accounts got hacked]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Krebs: Here’s how all of those Twitter accounts got hacked
- This topic has 13 replies, 9 voices, and was last updated 4 years, 10 months ago by
.
AuthorViewing 7 reply threadsAuthor-
I think it is a mistake for anyone in government anywhere at any level to use any social media account for anything. They do so only as a way to communicate directly with the public without having to rely on the media, mainstream or otherwise (newspapers, TV, etc.), circumventing traditional methods of disseminating governmental information. They should go back to issuing written press releases to the press corps and stop making them the enemy. Imagine if these hackers gained control of some head of state’s social media accounts and started issuing completely false statements regarding some other nation or its head of state. The consequences could easily involve injury or death to many innocent people. Do our government’s social media users have any concrete knowledge or inside information regarding the inherent security of these platforms? Apparently not. Even at a local level, a local official’s account could get taken over by hackers who then issued statements causing mass chaos and confusion regarding local utilities being turned off or water quality statements that were completely false. It’s a recipe for chaos and disaster.
4 users thanked author for this post.
-
The New York Times has an article this AM on the group that did the hacking. Fools and their Bitcoins are often parted. This further confirms for me that social media is uncontrollable (I have never had a Facebook or Twitter account and sleep better at night).
1 user thanked author for this post.
-
Simple solution: Never use nor care about Twitter. Problem solved, life simplified.
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
Solution 2: Never use nor care about bitcoin.
-Noel
-
Equifax got hacked – Capital One, HomeDept etc all got hacked on large scale – why would anyone think Twitter is immune to hacking.
People who sent their BTC to the criminals are the ultimate fools but they exist.
The MSM is spinning it as a bitcoin scam of course – I am a bitcoin user for years, never had an issue. Speed and cost of international transfers is unrivaled. Common sense security measures just like you protect your computers.
Never had a FB account, I am on twitter but I am not a celebrity and have nothing to sell so why use my real identity. I see people with their real names posting their family pics with small children. That’s asking for the creeps to make a move.
—
1 user thanked author for this post.
-
Noel Carboni: “That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.”
According to the article in question, the following have been on the receiving end and I don’t think that, whatever else we may think of each of them, none of them are fools, or (if companies) run by fools:
“Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet”
But none of them probably handle things like bitcoin payments in person. As they all can well afford it, probably have gofers that do it for them.
Now, for those of us that have to take care of our things ourselves, the best way to keep out of trouble is not to seek it in the first place. So, the same as Noel, I keep well away from things such as Twitter, Facebook, etc. that are inessential to my real needs (besides, from what I’ve seen, also likely to annoy me), but require sharing personal information in order to open accounts there. It is already too bad that, in order to self-isolate, these days, I’ve had to open a number of accounts to buy things online that, normally, I would drive somewhere, park the car, walk into a shop and buy them there and then while sharing only greenbacks or using my bank issued credit card with a “smart” chip, knowing that shops are not allowed to keep any information they get from it once the payment has been approved. As to online accounts, I can cancel them when I don’t need them anymore, but the information I’ve been asked to give when opening them is not guaranteed to disappear from those companies servers once they are closed. Some of that information, such as an email, I could change as a precaution, others, such as credit card numbers, phone numbers, etc.: not so much.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Hello @Oscar-
the following have been on the receiving end
The people who’s accounts you list had their Twitter accounts accessed, in order for the bad guys to impersonate them in Twitter Posts requesting BitCoin. Their Twitter accounts were compromised, but they did not send or receive any BitCoin. Their bank accounts, or BitCoin accounts were untouched… and were probably unaware of having their accounts compromised until notified by Twitter, or coming across other reports of the compromise.
The people who were relieved of their BitCoin were those that sent it, thinking this was actually from the Twitter account holder, and a legitimate request… and those are the people that Noel Carboni is referring to, in saying:
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
The bad guys provided were the recipients of the Bitcoin sent by the defrauded Twitter followers… and they are the ones who are now enriched (sadly).
Non-techy Win 10 Pro and Linux Mint experimenter
-
Elly, You are quite right. My mistake.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
-
-
-
Anonymous, Well, as I might have mentioned, I never used Twitter, so I wrote that sentence out of ignorance. Thanks for clarifying the point. But at social network sites showing up with what looked like interesting hits when doing searches for some particular information, I have been asked to register if I wanted to read whatever it was and, going through the motions to see what personal data was requested to open an account there, I was usually asked for more than my email address and picking a username. So, unless I really need to have access to some online service that requires registration, I am happy to have nothing to do with it.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Twitter only requires a username and email address, which is less personal information than required to register for AskWoody.
Twitter only requires a username and email address, which is
lessexactly the personal information [than] required to register for AskWoody.
1 user thanked author for this post.
-
Twitter : What the attackers accessed
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections
For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
1 user thanked author for this post.
Viewing 7 reply threads - This topic has 13 replies, 9 voices, and was last updated 4 years, 10 months ago by
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
How well does your browser block trackers?
by 2 hours, 20 minutes ago
-
You can’t handle me
by 36 minutes ago
-
Chrome Can Now Change Your Weak Passwords for You
by 54 minutes ago
-
Microsoft: Over 394,000 Windows PCs infected by Lumma malware, affects Chrome..
by 9 hours, 55 minutes ago
-
Signal vs Microsoft’s Recall ; By Default, Signal Doesn’t Recall
by 10 hours, 6 minutes ago
-
Internet Archive : This is where all of The Internet is stored
by 10 hours, 18 minutes ago
-
iPhone 7 Plus and the iPhone 8 on Vantage list
by 10 hours, 24 minutes ago
-
Lumma malware takedown
by 17 hours, 38 minutes ago
-
“kill switches” found in Chinese made power inverters
by 19 hours, 11 minutes ago
-
Windows 11 – InControl vs pausing Windows updates
by 19 hours, 6 minutes ago
-
Meet Gemini in Chrome
by 23 hours, 11 minutes ago
-
DuckDuckGo’s Duck.ai added GPT-4o mini
by 23 hours, 19 minutes ago
-
Trump signs Take It Down Act
by 1 day, 7 hours ago
-
Do you have a maintenance window?
by 11 minutes ago
-
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
by 9 hours, 30 minutes ago
-
Cox Communications and Charter Communications to merge
by 1 day, 10 hours ago
-
Help with WD usb driver on Windows 11
by 1 day, 15 hours ago
-
hibernate activation
by 1 day, 19 hours ago
-
Red Hat Enterprise Linux 10 with AI assistant
by 1 day, 23 hours ago
-
Windows 11 Insider Preview build 26200.5603 released to DEV
by 2 days, 2 hours ago
-
Windows 11 Insider Preview build 26120.4151 (24H2) released to BETA
by 2 days, 2 hours ago
-
Fixing Windows 24H2 failed KB5058411 install
by 22 hours, 31 minutes ago
-
Out of band for Windows 10
by 2 days, 7 hours ago
-
Giving UniGetUi a test run.
by 2 days, 14 hours ago
-
Windows 11 Insider Preview Build 26100.4188 (24H2) released to Release Preview
by 2 days, 21 hours ago
-
Microsoft is now putting quantum encryption in Windows builds
by 17 hours, 31 minutes ago
-
Auto Time Zone Adjustment
by 3 days, 2 hours ago
-
To download Win 11 Pro 23H2 ISO.
by 2 days, 23 hours ago
-
Manage your browsing experience with Edge
by 4 hours, 55 minutes ago
-
Fewer vulnerabilities, larger updates
by 2 hours, 1 minute ago
Remembering Woody
