The NYT article you linked quotes an intelligence agent who does not think it was a state actor: 'But its nature — “effective, but also amateurish' in the words of one senior American intelligence official — led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state."
Yep. Re-reading it, I clearly missed that bit. Will amend accordingly. (If you DM me your email on Twitter, I'll send you a bounty. Else let me know your preferred charity and I'll make an online donation.)
Hi Jeremy, social engineering refers to tricking an employee into giving up access. The two hackers bribing an employee scenario is essentially the same thing; in both cases an insider would have given up system access to an outsider. So IMHO for your point #2, these two scenarios are reconcilable.
"Would a party who went through all that work throw away their gained advantage on something so relatively trivial as $100-200k?" It may not have been thrown away. There may well be back doors hidden behind. This was a public humiliation and a demonstration that the hackers may have the power to do it again. At the same time, the behind the scenes political fallout is huge, we have the makings of another Wikileaks style bomb... but no one yet knows where it's targeted.
What about direct write to the database? It was my first thought and would explain why they couldn't shut it down within accounts, and greatly simplifies posting to multiple accounts (vs access). Basically a sophisticated spoof
Hmm. I guess it’s not impossible. Recovery emails could have been misdirect. That said, hard for me to get a sense of this without understanding their internal architecture better.
NYT interviews perpetrators: https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html and Krebs has some information on them also: https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/
The NYT article you linked quotes an intelligence agent who does not think it was a state actor: 'But its nature — “effective, but also amateurish' in the words of one senior American intelligence official — led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state."
Yep. Re-reading it, I clearly missed that bit. Will amend accordingly. (If you DM me your email on Twitter, I'll send you a bounty. Else let me know your preferred charity and I'll make an online donation.)
Thanks for the response, I appreciate your policy. If you can, I'd appreciate a donation to the Alameda County Community Food Bank:
https://www.accfb.org/
Sent them $25 USD just now. See receipt screencap in log here:
https://docs.google.com/document/d/1lBdi2hBil09BUhh47jv8wUXtAjguUtR3Guo76db8HwI/edit
Thanks for keeping me honest!
Hi Jeremy, social engineering refers to tricking an employee into giving up access. The two hackers bribing an employee scenario is essentially the same thing; in both cases an insider would have given up system access to an outsider. So IMHO for your point #2, these two scenarios are reconcilable.
"Would a party who went through all that work throw away their gained advantage on something so relatively trivial as $100-200k?" It may not have been thrown away. There may well be back doors hidden behind. This was a public humiliation and a demonstration that the hackers may have the power to do it again. At the same time, the behind the scenes political fallout is huge, we have the makings of another Wikileaks style bomb... but no one yet knows where it's targeted.
What about direct write to the database? It was my first thought and would explain why they couldn't shut it down within accounts, and greatly simplifies posting to multiple accounts (vs access). Basically a sophisticated spoof
Hmm. I guess it’s not impossible. Recovery emails could have been misdirect. That said, hard for me to get a sense of this without understanding their internal architecture better.