News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Remember the Twitter accounts that got pwned, with a Bitcoin come-on?

    Posted on July 31st, 2020 at 13:35 woody Comment on the AskWoody Lounge

    Nation-state, right? These superhackers took over the Twitter accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet, and many others.

    Looks like the mastermind is a world-renowned ace North Korean hacker… oh… wait a sec…

    Here’s what an NBC affiliate in Tampa now says:

    A Tampa teenager is in jail after being accused of hacking several high-profile Twitter accounts, according to the Hillsborough State Attorney’s Office… 30 felony charges were filed against the 17-year-old this week for “scamming people across America” regarding the Twitter hack that happened on July 15.

    Imagine what could have been.

    UPDATE: Brian Krebs has more of the story. Three people charged.

  • Krebs: Here’s how all of those Twitter accounts got hacked

    Posted on July 17th, 2020 at 09:36 woody Comment on the AskWoody Lounge

    Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet, and many others. The miscreant started sending out messages asking folks to send them $1,000 in Bitcoin – promising that the luminary would return $2,000.

    Brian Krebs tracked down the perp — more accurately, perps — and it makes a fascinating story:

    “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.”

    This Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers.

    There were multiple people involved in the Twitter heist.

    In short, if you use mobile phone SMS to verify a log on to an account, you could get slammed. Normal people don’t have to worry about it yet. But high-profile accounts are definitely in the crosshairs, and it’s probably just a matter of time before SMS-based hijacking becomes more pedestrian.