Something went very wrong yesterday. Well a few things really, which happened to involve some of the most important people alive. Yet the resulting journalism has mostly been curiously thin (and in two major cases fundamentally irreconcilable). Speaking as a member of the reading public, there are three things we really needed to see clearly established:
The NYT article you linked quotes an intelligence agent who does not think it was a state actor: 'But its nature — “effective, but also amateurish' in the words of one senior American intelligence official — led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state."
Hi Jeremy, social engineering refers to tricking an employee into giving up access. The two hackers bribing an employee scenario is essentially the same thing; in both cases an insider would have given up system access to an outsider. So IMHO for your point #2, these two scenarios are reconcilable.
"Would a party who went through all that work throw away their gained advantage on something so relatively trivial as $100-200k?" It may not have been thrown away. There may well be back doors hidden behind. This was a public humiliation and a demonstration that the hackers may have the power to do it again. At the same time, the behind the scenes political fallout is huge, we have the makings of another Wikileaks style bomb... but no one yet knows where it's targeted.
What about direct write to the database? It was my first thought and would explain why they couldn't shut it down within accounts, and greatly simplifies posting to multiple accounts (vs access). Basically a sophisticated spoof
NYT interviews perpetrators: https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html and Krebs has some information on them also: https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/
The NYT article you linked quotes an intelligence agent who does not think it was a state actor: 'But its nature — “effective, but also amateurish' in the words of one senior American intelligence official — led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state."
Hi Jeremy, social engineering refers to tricking an employee into giving up access. The two hackers bribing an employee scenario is essentially the same thing; in both cases an insider would have given up system access to an outsider. So IMHO for your point #2, these two scenarios are reconcilable.
"Would a party who went through all that work throw away their gained advantage on something so relatively trivial as $100-200k?" It may not have been thrown away. There may well be back doors hidden behind. This was a public humiliation and a demonstration that the hackers may have the power to do it again. At the same time, the behind the scenes political fallout is huge, we have the makings of another Wikileaks style bomb... but no one yet knows where it's targeted.
What about direct write to the database? It was my first thought and would explain why they couldn't shut it down within accounts, and greatly simplifies posting to multiple accounts (vs access). Basically a sophisticated spoof