34 votes

Seventeen-year-old in Tampa, Florida arrested and accused of "masterminding" the compromises of prominent Twitter accounts on July 15, charged with thirty felonies

20 comments

  1. [13]
    arghdos
    Link
    And... the blame for that lays solely on 17 l33t hax0rs, eh?

    “This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe; because he had access to powerful politicians’ Twitter accounts, he could have undermined politics as well as international diplomacy,” said Warren.

    And... the blame for that lays solely on 17 l33t hax0rs, eh?

    21 votes
    1. [12]
      Atvelonis
      Link Parent
      These people obviously had some sort of malicious intent, though I can't help but agree that Twitter as an institution should really be taking the majority of the blame for having a weak system to...

      These people obviously had some sort of malicious intent, though I can't help but agree that Twitter as an institution should really be taking the majority of the blame for having a weak system to begin with. Of course that is not compatible with the way our justice system works. Employees were apparently misled to give away important information, and I think it would be very unfair to charge them with a crime, but a company as sprawling as Twitter should have very advanced procedures in place to ensure that this cannot happen. On a structural level, the institution is what really needs attention. The media's fixation on the identity of the hackers is not constructive.

      15 votes
      1. [7]
        AugustusFerdinand
        Link Parent
        Governments and their officials shouldn't be communicating via twitter at all. Twitter is not conducive to actual discourse, it's very nature of limiting the amount that can be said at once is...

        Governments and their officials shouldn't be communicating via twitter at all. Twitter is not conducive to actual discourse, it's very nature of limiting the amount that can be said at once is directly detrimental to society and has only furthered the soundbite/only-reads-the-headline micro-attention span of the general public. Nearly no idea can be adequately explained in the character limit which also hampers rebuttals and clarifications.

        There is simply nothing positive about politicians being on social media.

        20 votes
        1. [6]
          CALICO
          Link Parent
          I'll agree with Twitter, but I used to follow AOC on Instagram. She'd go live all the time—maybe still—and field questions and share experiences: random example. That's the most I've ever felt...

          There is simply nothing positive about politicians being on social media.

          I'll agree with Twitter, but I used to follow AOC on Instagram. She'd go live all the time—maybe still—and field questions and share experiences: random example. That's the most I've ever felt connected to a politician, and she's not even my Representative. I wouldn't mind seeing more politicians using a social media like this, and less shouting abstracts into the void.

          16 votes
          1. [5]
            AugustusFerdinand
            Link Parent
            Fair point. Although I would argue that such live interaction can be done on their own website just as effectively. I watch and participate in my local city council meetings remotely and have done...

            Fair point.

            Although I would argue that such live interaction can be done on their own website just as effectively. I watch and participate in my local city council meetings remotely and have done so for years on a call in basis, since April I have been able to do so on a video basis as well if I so choose. Being that any public interaction by a politician should be a matter of record and have no way of being deleted or behind a paywall/login, her use of instagram runs counter to an open government model. That video has been uploaded to youtube by a 3rd party, I cannot access it on instagram (if it's still there) without creating an account, this puts artificial barriers to public information in place. I like AOC, she's not my rep, but instagram is still the wrong place to be conducting that.

            7 votes
            1. [2]
              Greg
              Link Parent
              This raises some really interesting questions. My first instinct is to agree, but then I wonder if that would be idealism at the expense of pragmatism. Is it better for the politician to interact...

              This raises some really interesting questions. My first instinct is to agree, but then I wonder if that would be idealism at the expense of pragmatism.

              Is it better for the politician to interact with 50 people on a platform that's fully open, or with 50,000 on a platform that's nominally more closed?

              4 votes
              1. AugustusFerdinand
                Link Parent
                I say fully open and permanent vs nominally closed and with potential for deletion/removal. Today it's ad driven generally anonymous social media, tomorrow it's paywalled and requires photo...

                I say fully open and permanent vs nominally closed and with potential for deletion/removal. Today it's ad driven generally anonymous social media, tomorrow it's paywalled and requires photo identity verification.

                5 votes
            2. [2]
              CALICO
              Link Parent
              The core of what you're saying, I think I agree. But this point, , leaves me wondering on the practicality, and when it becomes unreasonable. A camera isn't necessarily rolling the entire time a...

              The core of what you're saying, I think I agree. But this point,

              any public interaction by a politician should be a matter of record

              , leaves me wondering on the practicality, and when it becomes unreasonable. A camera isn't necessarily rolling the entire time a politician shows solidarity among a protest, and a stenographer isn't present every time a politician bumps into someone on the street.

              In both of those situations, there's an interaction with the public outside of their official duties. AOC reaches a larger population when she goes live, but it is outside the scope of her official duties, and I wonder whether there's a fundamental difference to be found.

              2 votes
              1. AugustusFerdinand
                Link Parent
                I'm of the opinion that, much like police, politicians should also be wearing body cams at all times. Now, if there's a scenario where they're merely out and about doing their normal life stuff,...

                A camera isn't necessarily rolling the entire time a politician shows solidarity among a protest, and a stenographer isn't present every time a politician bumps into someone on the street.

                I'm of the opinion that, much like police, politicians should also be wearing body cams at all times. Now, if there's a scenario where they're merely out and about doing their normal life stuff, they shouldn't necessarily be wearing it, but if approached they should make no comments, statements, or answer questions about policy or position.

                "How's your day going senator?" is fine to answer "What do you think about allowing dolphins to vote?" is not.

                3 votes
      2. [4]
        arp242
        Link Parent
        I can't really agree with that; if I forget to lock my front door, should I have the majority of the blame that my house get burgled? Of course, leaving the front door unlocked isn't very smart...

        I can't help but agree that Twitter as an institution should really be taking the majority of the blame for having a weak system to begin with

        I can't really agree with that; if I forget to lock my front door, should I have the majority of the blame that my house get burgled? Of course, leaving the front door unlocked isn't very smart (depending on where you live), but I think the majority of the blame should always lie with the perpetrators, and not the victims.

        2 votes
        1. Atvelonis
          Link Parent
          I'd like to clarify that I do not condone victim-blaming. In your house analogy, the victim is you. In this Twitter hack, the victims were the users whose accounts were compromised. I'm not...

          I'd like to clarify that I do not condone victim-blaming.

          In your house analogy, the victim is you. In this Twitter hack, the victims were the users whose accounts were compromised. I'm not blaming them for the hack because it's not their fault. My suggestion is that Twitter should take a great deal more responsibility because they designed the system that the victims trusted would not be abused to begin with. The analogy that I'd use would be a company installing a home alarm system in your house, and then not bothering to verify the identify of some random caller (such as a burglar) before giving them access to turn it off. In this situation, you trusted that the product you paid for would work, and further trusted implicitly that the company wouldn't randomly turn it off without your consent. But they did, and that's extremely negligent on their part. Companies get sued all the time for this sort of thing, but with far less success and magnitude than I'd hope for.

          The burglar—or in the case of Twitter, the hacker—should also be punished, because what they did was unethical and damaging. But we can't pretend that Twitter is a victim here. This is a case of pure incompetence. The internet is not new, and this has happened many times in the past. We have a decent sample size of social engineering hacks that a group like Twitter should be more than aware of. Large organizations should be built off of procedures first and people second, and those procedures should be extremely difficult to break. A lenient or gullible employee is a victim of a flawed system just as much as the account-holder is. If I were to punish anyone for a crime here—in addition to the perpetrators—it would be some of Twitter's higher-ups, who were evidently oblivious to the weakness of their database when they had no right to be.

          11 votes
        2. [2]
          whbboyd
          Link Parent
          This isn't a good analogy, as your house is not Twitter and you have not been entrusted with the personal information of millions of people, including politicians, corporate executives, and others...

          This isn't a good analogy, as your house is not Twitter and you have not been entrusted with the personal information of millions of people, including politicians, corporate executives, and others which could cause significant upheaval if misused. They do have a duty to secure their systems, which they failed utterly and miserably.

          8 votes
          1. arp242
            Link Parent
            Yeah, the analogy is not perfect – analogies rarely are – and your criticism is valid. I'm not saying Twitter shouldn't get any blame (my previous post probably didn't state that clearly enough),...

            Yeah, the analogy is not perfect – analogies rarely are – and your criticism is valid. I'm not saying Twitter shouldn't get any blame (my previous post probably didn't state that clearly enough), but I don't think Twitter should take "the majority of the blame" as the previous commenter said. IMHO the primary blame should always lie with the perpetrator.

            For example, the perpetrators of the Equifax hack have the primary blame, while we can – and certainly should – also blame Equifax for being negligent, but I don't think they're the chief culprit.

            I'm not sure how much blame Twitter should get exactly though, at this point there aren't enough details available yet.

            CC /u/Atvelonis, since this also replies to your comment; I agree with most of that btw, I think my previous comment explained my position somewhat badly.

            1 vote
  2. [4]
    monarda
    Link
    ... It wasn't worse, maybe because he wasn't actually an adult?

    He’s being charged as an adult — “This was not an ordinary 17-year old,” said the state attorney

    ...

    “This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe; because he had access to powerful politicians’ Twitter accounts, he could have undermined politics as well as international diplomacy,” said Warren.

    It wasn't worse, maybe because he wasn't actually an adult?

    18 votes
    1. [2]
      arp242
      Link Parent
      Yeah, this struck me as well. You're not considered adult enough to drink alcohol until you're 21 in many states (including Florida), but you can trail 17-year olds as adults? This entire...

      Yeah, this struck me as well. You're not considered adult enough to drink alcohol until you're 21 in many states (including Florida), but you can trail 17-year olds as adults? This entire obsession with punishment is just cruel (not to mention ineffective).

      8 votes
      1. monarda
        Link Parent
        I'd like to see more news making this case. From the Orlando Sentinel: I'm not conflicted at all. He should not be tried as an adult.

        I'd like to see more news making this case. From the Orlando Sentinel:

        Security experts were not surprised that the alleged mastermind of the hack is a 17-year-old, given the relative amateur nature both of the operation and the hackers’ willingness afterward to discuss the hack with reporters online.

        “I think this is a great case study showing how technology democratizes the ability to commit serious criminal acts,” said Jake Williams, founder of the cybersecurity firm Rendition Infosec. “I’m not terribly surprised that at least one of the suspects is a minor. There wasn’t a ton of development that went into this attack.”

        Williams said the hackers were “extremely sloppy” in how they moved the Bitcoin around.

        He also said he was conflicted about whether Clark should be charted as an adult.

        “He definitely deserves to pay (for jumping on the opportunity) but potentially serving decades in prison doesn’t seem like justice in this case,” William said.

        I'm not conflicted at all. He should not be tried as an adult.

        9 votes
    2. SunSpotter
      Link Parent
      This kid basically stole the keys to a Rolls Royce, and then used them to make off with the cars radio instead. If anything his decision making skills show how much of an ordinary 17 year old he...

      This kid basically stole the keys to a Rolls Royce, and then used them to make off with the cars radio instead. If anything his decision making skills show how much of an ordinary 17 year old he really is.

      Clearly, he's got some issues, and he's also obviously smart. But that doesn't suddenly make him capable of making decisions like an adult.

      7 votes
  3. [2]
    Deimos
    Link
    Twitter updated their blog post about the hack yesterday with a lot of new info, including the claim that access was gained through social-engineering employees over the phone.

    Twitter updated their blog post about the hack yesterday with a lot of new info, including the claim that access was gained through social-engineering employees over the phone.

    9 votes
    1. CALICO
      Link Parent
      Twitter really ought to train their folks better; spear-phishing like that is textbook. Classic PEBKAC. The human element is always the weakest link in any security system. If your people aren't...

      Twitter really ought to train their folks better; spear-phishing like that is textbook. Classic PEBKAC.
      The human element is always the weakest link in any security system. If your people aren't security-conscious, this stuff is easier than pie.

      13 votes