20 votes

The massive Twitter hack could be a global security crisis

15 comments

  1. [8]
    tindall
    Link
    Twitter is not security infrastructure - and it should not be the default way to disseminate a message.

    Twitter is not security infrastructure - and it should not be the default way to disseminate a message.

    17 votes
    1. [7]
      emdash
      Link Parent
      Agreed, but unfortunately, it is. That ship set sail sometime around when DJT became president of the United States and began effectively indicating policy decisions via 280 character snippets of...

      Agreed, but unfortunately, it is. That ship set sail sometime around when DJT became president of the United States and began effectively indicating policy decisions via 280 character snippets of text (that occasionally resembled syntactically correct English).

      5 votes
      1. tindall
        Link Parent
        I don't think it's productive to simply cede this function to a single private company who've proven themselves to be just about the worst stewards of this function. We should take this as a spur...

        I don't think it's productive to simply cede this function to a single private company who've proven themselves to be just about the worst stewards of this function. We should take this as a spur to action, not a cause for despair.

        15 votes
      2. [5]
        skybrian
        Link Parent
        I don't know what you mean? You can't tell what he's going to do based on some vague or nonsensical tweet. There's nothing essential about it and no legal force. Might as well wait to see an...

        I don't know what you mean? You can't tell what he's going to do based on some vague or nonsensical tweet. There's nothing essential about it and no legal force. Might as well wait to see an executive order.

        If the hackers got in and starting tweeting nonsense as Trump, I'm not sure anyone could tell and I'm not sure how it would matter, though it would make headlines for a day.

        2 votes
        1. [4]
          emdash
          Link Parent
          You don't think a lot of world worries when DJT tweets? It would've been trivial for hackers to impersonate his style of writing and imply that the U.S. was going to drop a nuke on Russia or China...

          I don't know what you mean? You can't tell what he's going to do based on some vague or nonsensical tweet. There's nothing essential about it and no legal force. Might as well wait to see an executive order.

          You don't think a lot of world worries when DJT tweets? It would've been trivial for hackers to impersonate his style of writing and imply that the U.S. was going to drop a nuke on Russia or China without providing any evidence, and descend the world into chaos for several minutes while everyone figures out what's going on.

          You say "vague" and "nonsensical"—that's exactly what's so great to hackers and state operators—those kinds of actors thrive on misinformation and confusion. The very thing DJT is known for. It doesn't need to be legal, or make sense. It just needs to exist, if only for a few minutes.

          5 votes
          1. [2]
            Amarok
            Link Parent
            The troll in me thinks the best thing to do for a Trump hack would have been to tweet an apology to the American people and a promise to do better, a good long 20-tweet thread covering racism,...

            The troll in me thinks the best thing to do for a Trump hack would have been to tweet an apology to the American people and a promise to do better, a good long 20-tweet thread covering racism, conservatives, black lives matter, defunding the police, etc.

            Imagine watching Trump try to walk that back and the shitstorm it would create.

            6 votes
            1. emdash
              Link Parent
              Exactly. Frankly I'm actually disappointed/shocked that the actors behind this chose to exploit a systems-level hack of a multi-billion company for a... bitcoin doubling scheme.

              Exactly. Frankly I'm actually disappointed/shocked that the actors behind this chose to exploit a systems-level hack of a multi-billion company for a... bitcoin doubling scheme.

              9 votes
          2. post_below
            Link Parent
            I don't think that's true... The media loves Trump tweets, they make for lucrative content, and that creates the illusion they have more meaning than they do. Maybe earlier in his presidency...

            I don't think that's true... The media loves Trump tweets, they make for lucrative content, and that creates the illusion they have more meaning than they do.

            Maybe earlier in his presidency people in power paid attention, but at this point after the vast majority of tweets have proven meaningless to anyone but his base I don't think people are taking them seriously.

            Trump could tweet ignorant, incendiary threats about nukes and other governments would of course take note, but no one would panic.

            The Trump admin has done a lot of things that are worthy of attention (and horror) but none of those policies, appointments or rollbacks happened via tweet.

            3 votes
  2. arp242
    Link
    This is not really a new thing as such; in 2012 some people managed to convince a notary to transfer almost €900k from his escrow account by impersonating the Dutch prime minister Mark Rutte on...

    Beginning in the spring of 2018, scammers began to impersonate noted cryptocurrency enthusiast Elon Musk. They would use his profile photo, select a user name similar to his, and tweet out an offer that was effective despite being too good to be true: send him a little cryptocurrency, and he’ll send you a lot back. Sometimes the scammer would reply to a connected, verified account — Musk-owned Space X, for example — giving it additional legitimacy. Scammers would also amplify the fake tweet via bot networks, for the same purpose.

    The events of 2018 showed us three things. One, at least some people fell for the scam, every single time — certainly enough to incentivize further attempts.

    This is not really a new thing as such; in 2012 some people managed to convince a notary to transfer almost €900k from his escrow account by impersonating the Dutch prime minister Mark Rutte on Google Chat with some outlandish story about secret agents, a code-breaking savant, state secrets and whatnot.

    Wouldn't you trust mark.rutte.minbiz@gmail.com? 🤷‍♂️ 🙄

    A decent write-up (in Dutch): https://www.nrc.nl/nieuws/2014/07/03/waarom-maakte-notaris-blijleven-bijna-een-miljoen-over-aan-mark-rutte-a1501079 – I've been meaning to write something more detailed thing about this in English because it's such a weird story.

    10 votes
  3. emdash
    Link
    Apologies, hopefully this isn't seen as a duplicate of the other two posts about this already up, but Casey Newton—an excellent writer—has written up a pretty good summary of what's happened today...

    Apologies, hopefully this isn't seen as a duplicate of the other two posts about this already up, but Casey Newton—an excellent writer—has written up a pretty good summary of what's happened today given that the dust is starting to settle, and the broader social implications that this presents.

    7 votes
  4. [2]
    emdash
    Link
    Update: Looks like Vice is reporting that hackers paid a Twitter employee to give them access to their internal tooling to change email addresses and reset passwords of the affected accounts....

    Update: Looks like Vice is reporting that hackers paid a Twitter employee to give them access to their internal tooling to change email addresses and reset passwords of the affected accounts. Internal espionage!

    7 votes
    1. moocow1452
      Link Parent
      The call came from inside the house? Makes sense with how they could have gotten access to what they did, and why they used it for Bitcoin doubling.

      The call came from inside the house? Makes sense with how they could have gotten access to what they did, and why they used it for Bitcoin doubling.

      4 votes
  5. [2]
    knocklessmonster
    Link
    I thought a couple people lost their accounts when I saw a headline. I should've clicked through. This is probably the largest, most noticeable breach of a widely-used online service ever. Is...

    I thought a couple people lost their accounts when I saw a headline. I should've clicked through.

    This is probably the largest, most noticeable breach of a widely-used online service ever. Is there any timeline yet? A breach notification? (required by California's CCPA, EU's GDPR, and Canada's PIPEDA)

    I guess that last one will be in a couple days.

    4 votes
    1. Amarok
      Link Parent
      The hacks of Sony's playstation network jump to mind - though there, the humor was in their incompetence fixing it and getting hacked repeatedly, like four times in a row. Twitter is just a bit...

      The hacks of Sony's playstation network jump to mind - though there, the humor was in their incompetence fixing it and getting hacked repeatedly, like four times in a row.

      Twitter is just a bit more serious than a video game network.

      6 votes
  6. post_below
    Link
    Global security crises? That's some egregious clickbait. This also stood out: The last thing we need is for overblown fear to be used as a way to drum up public support for another round of...

    Global security crises? That's some egregious clickbait.

    This also stood out:

    It is in such a world that I find myself in the unusual position of agreeing with Sen. Josh Hawley, the Missouri Republican who among other things wants to end content moderation.

    The last thing we need is for overblown fear to be used as a way to drum up public support for another round of attempts to make platforms as we know them effectively illegal (and raise the bar for entry onto the space to a corporate level).

    4 votes