Jump to content

Search the Community

Showing results for tags 'twitter'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 120 results

  1. Yet another President Trump tweet has been removed following a complaint. This one, however, is now part of a copyright lawsuit filed by British singer-songwriter Eddy Grant over the unlicensed use of his 1982 song 'Electric Avenue'. According to the complaint, which demands up to $150,000 in damages, the video containing the track remained live on Twitter, despite demands it was taken down. For the overwhelming majority of Twitter users, receiving even a very small number of copyright complaints against their account can mean its loss, with Twitter invoking its repeat infringer policy to avoid liability under the DMCA. For US President Donald Trump, however, special treatment is available on the platform. While contentious tweets do get removed, Trump’s account remains intact, despite a steady stream of rightsholders filing DMCA notices. Yesterday, however, one of his allegedly-infringing tweets resulted in more robust action. Allegedly-Infringing Tweet Was Posted in August With the 2020 United States presidential election campaign in full swing, Trump is taking every opportunity to paint Democratic opponent Joe Biden in an unfavorable light. These political attacks often take place via Twitter and last month Trump kept up the pressure, posting an animated video of a speedy train carrying his campaign logo ahead of Joe Biden on a railroad handcar, struggling to keep up. While that kind of imagery is nothing new in US politics and seems to have been custom-created, the background music in the video – the 1982 hit ‘Electric Avenue’ by British singer-songwriter Eddy Grant – was a previously-existing work. In fact, according to a lawsuit filed by the artist in a New York court yesterday, the use of the track was an act of blatant copyright infringement. Copyright Infringement Lawsuit Filed in New York The complaint, filed in the Southern District of New York, has Edmond Grant, two companies named Greenheart Music Limited (one based in the UK, the other Antigua, both owned by Grant) suing both Donald Trump and his campaign, Donald J. Trump For President Inc. The complaint states that after Trump tweeted the video on August 12, the next day Grant and Greenheart Music sent a letter to the defendants demanding the removal of the video and insisting that they refrain from using Electric Avenue moving forward. The lawsuit further alleges that at the time of its filing on September 1, the video was still available on Twitter. This is curious since according to information published by the Lumen Database, on August 13 Twitter received a DMCA takedown notice from Sony/ATV Music Publishing demanding the removal of the tweet. It has now been actioned with the offending tweet being removed, but Lumen only received a copy from Twitter today, perhaps suggesting something unusual with its processing. “Plaintiffs’ Recording, which embodies the Composition, can be heard on the Infringing Video starting at the 15 second mark and continues for the duration of the video. The Infringing Video therefore makes unauthorized use of the Composition and the Recording and infringes upon Plaintiffs’ copyrights in both,” the complaint reads. “Defendants’ conduct is unlawful; it is proscribed as such by the United States Copyright Act. Neither the President nor the Company is above the law,” it adds. A Very Popular Video, Complaint Alleges According to estimates presented by the plaintiffs, the video has been viewed more than 13.7 million times, “liked” more than 350,000 times, and re-tweeted 139,000 times. This, despite Trump and his campaign being put on notice via an August 13 letter sent by Grant’s attorney to cease-and-desist their infringing conduct. “Defendants have failed and/or refused to comply with Plaintiffs’ demands set forth in the August 13, 2020 letter, have continued to infringe Plaintiffs’ copyrights in the Composition and the Recording, and, upon information and belief, will continue to infringe Plaintiffs’ copyrights in the Composition and the Recording unless enjoined by this Court,” the complaint adds. Permanent Injunction and Damages Describing the actions of Trump and his campaign as “willful and intentional”, the lawsuit demands a permanent injunction to prevent further infringement plus a damages amount to be determined at trial. That could range from a minimum of $750 per infringement but could stretch to $150,000 per infringement in statutory damages, plus costs and attorneys’ fees, the complaint warns. Interestingly, the cease-and-desist sent by Grant’s legal team on August 13 offered to settle the matter quickly, in order to avoid the relatively expensive option of a lawsuit. Whether that option remains on the table is unclear but from its text, it appears that Grant was personally upset, not just by the alleged infringement of Electric Avenue, but also by the context in which it was used. Perhaps More Than ‘Just Another’ Copyright Lawsuit Electric Avenue was written by Grant in response to the now-historic riots that took place in Brixton, London, during 1981. They were widely attributed to racism, poverty, and tensions between black youths and the mainly white police force of the time. The cease-and-desist sent by Grant’s team in August suggests that the use of Electric Avenue in the Trump campaign video “indicates a fundamental misunderstanding of the very meaning of the underlying work” and notes that just by being affiliated with Trump’s campaign, Grant’s reputation is being damaged. As a result, a large response could follow. “If you know my client’s reputation then you know that this Infringing Use in connection with the name ‘Trump’ in a political context is a serious transgression and could subject you to upwards of $100,000,000 in monetary damages,” the letter warned. The full complaint and August cease-and-desist letter are available here and here (pdf) Source: TorrentFreak
  2. Twitter launches new API as it tries to make amends with third-party developers Wooing developers with a new API Illustration by Alex Castro / The Verge Twitter is making it easier for businesses, academics, and third-party developers to build on its platform with the launch of its API v2 today. The company announced the new API last month, but as the news arrived the day after it was hit by one of the most devastating hacks in social media history, it decided to delay the launch. Notably, Twitter is presenting the API v2 not only as a way to deliver new features faster, but as something of a reset in its long and fractious relationship with the app’s developer community. The API v2 is the first complete rebuild of Twitter’s API since 2012, when the company famously began limiting how third-party developers could build on its product. Prior to this, outside developers could more or less replicate and customize the Twitter experience in their own clients. But as Twitter focused more on its advertising business, it apparently decided it didn’t want to split its user base. It began slowly squeezing out third-party devs, blocking them from new features like polls and group DMs, and shepherding users toward the company’s own apps. Businesses were killed and developers weren’t happy. Now, though, Twitter is trying to rebuild some of these bridges. The API v2 offers third-party developers access to features long absent from their clients, including “conversation threading, poll results in Tweets, pinned Tweets on profiles, spam filtering, and a more powerful stream filtering and search query language.” There’s also access to a real-time tweet stream, rather than forcing third parties to wait before serving new tweets. This should mean that, following the API v2 launch, third-party Twitter clients like Tweetbot and Twitterrific can begin integrating these features, though there are some caveats. The big is one is that Twitter is reorganizing its API access along three levels. Only the basic, free level is launching today, and that has limits on how many API calls developers can make (aka how frequently their software can ping Twitter for data). The next level of access, which Twitter is calling “elevated,” won’t have the same restrictions, but it will cost users, and Twitter isn’t announcing pricing just yet. The company does say, though, that it expects 80 percent of developers on its platform will have their needs met by the basic tier. The new API system puts different products in the same platform, each with different access levels. Only the free basic access level launches today. Image: Twitter Before the details are shared, it’s difficult to say what changes will happen to third-party clients, Ged Maheux, co-founder of Twitterific’s parent company Iconfactory, tells The Verge. He says the new API is “potentially very good for third party Twitter clients,” but that Iconfactory is taking a “wait and see” approach until they know details, particularly pricing. But Maheux says he and his colleagues have also been impressed by Twitter’s conciliatory approach to developers. “Over the last few years, Twitter hasn’t been great and they know it. But they fully recognize and admit it,” he says. “After so long being a third or fourth class citizen with Twitter, it’s refreshing.” The new API is about more than just third-party Twitter clients, though. A whole range of businesses and services depend on access to Twitter’s data, including analytics firms like Spiketrap and Social Market Analytics, single-use bots like the House of Lords Hansard bot and Emoji Mashup bot, and power-user tools like TweetDelete, Block Party, and Tokimeki Unfollow. Twitter also offers an incredibly rich source of data for academics studying large-scale social trends. Researchers uses Twitter’s API for a variety of purposes, from gauging flood levels from tweets to tracking the spread of online hate speech. Twitter says it wants to encourage more of these sorts of applications by making its API ecosystem more accessible. A new onboarding wizard, for example, reduces the number of fields third parties have to fill out to get their hands on API keys from 10 to just one, while new search tools to find support documentation and a new centralized support page will make it easier for developers to find help when they need it. As Twitter’s Alyssa Reese put it in a blog post on the changes: “You see, we want developers to get moon-eyed when they talk about our documentation. To have error messages that are so helpful they’re almost as pleasant as getting a handwritten letter in the mail. Our aim is to be a company that other developer platforms reference when they are looking for inspiration (and we know we have a way to go).” Unifying API access should also help users. Previously, Twitter’s API was split into three platforms: standard (free), premium (self-serve paid), and enterprise (custom paid). But as Twitter itself admits, migration between these tiers was “tedious.” The new API replaces these tiers with “product tracks” in a single platform, with these products then split into the different tiers of access described above. Although the API v2 is undoubtedly a big launch for Twitter, the company is stressing that it’s a work in progress. It’s calling the current phase “early access” to emphasize the evolving nature of the API, and it’s encouraging developers to look over its new public roadmap and offer their thoughts on upcoming features. Twitter, then, is recognizing that fixing any troubled relationship starts with a conversation. Twitter launches new API as it tries to make amends with third-party developers
  3. Twitter rolls out reply-limiting feature to everyone Last week, Twitter's feature that allows you to choose who can reply to your tweets became available on iOS and the web. Today, that capability is available on Android as well, expanding the feature to everyone. Suzanne Xie, Director of Product Management at Twitter, announced today the feature's wider availability. In May, the micro-blogging site started testing letting users limit the people who can respond to their tweets. Xie noted that this capability is meant to provide users "more control over the conversations they start". You can set the limit to any of the three types of audiences. The default setting will make your tweet available for everyone to reply to. The other two options are people you follow and the people you mention. The option to set restrictions will show up when you click or tap on the compose button. Depending on your selection, the appropriate labels will appear for your tweet. In addition, the reply icon will be grayed out for users who can't reply to it, although they still can view, retweet, retweet with a comment, like, or share that tweet. Studies conducted and feedback gathered by Twitter since testing the feature revealed that the ability to limit replies to tweets helps "some people feel safer and could lead to more meaningful conversations, while still allowing people to see different points of view". Moving forward, the firm is planning on an easier way of letting you find the entire discussion through retweets with comments in order to help you "see different perspectives". It's also developing a new form of label that will let people more easily see tweets with these settings. And in the coming months, the service plans to allow you to invite more people to join the conversation and clear notifications if you’re invited to a conversation. Twitter rolls out reply-limiting feature to everyone
  4. Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. 17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office. The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark. The 17-year-old from Tampa was arrested earlier this month on suspicion of social engineering his way into Twitter’s internal computer systems and tweeting out a bitcoin scam through the accounts of high-profile Twitter users. Notice of the hearing was available via public records filed with the Florida state attorney’s office. The notice specified the Zoom meeting time and ID number, essentially allowing anyone to participate in the proceeding. Even before the hearing officially began it was clear that the event would likely be “zoom bombed.” That’s because while participants were muted by default, they were free to unmute their microphones and transmit their own video streams to the channel. Sure enough, less than a minute had passed before one attendee not party to the case interrupted a discussion between Clark’s attorney and the judge by streaming a live video of himself adjusting his face mask. Just a few minutes later, someone began interjecting loud music. It became clear that presiding Judge Christopher C. Nash was personally in charge of administering the video hearing when, after roughly 15 seconds worth of random chatter interrupted the prosecution’s response, Nash told participants he was removing the troublemakers as quickly as he could. Judge Nash, visibly annoyed immediately after one of the many disruptions to today’s hearing. What transpired a minute later was almost inevitable given the permissive settings of this particular Zoom conference call: Someone streamed a graphic video clip from Pornhub for approximately 15 seconds before Judge Nash abruptly terminated the broadcast. With the ongoing pestilence that is the COVID-19 pandemic, the nation’s state and federal courts have largely been forced to conduct proceedings remotely via videoconferencing services. While Zoom and others do offer settings that can prevent participants from injecting their own audio and video into the stream unless invited to do so, those settings evidently were not enabled in today’s meeting. At issue before the court today was a defense motion to modify the amount of the defendant’s bond, which has been set at $750,000. The prosecution had argued that Clark should be required to show that any funds used toward securing that bond were gained lawfully, and were not merely the proceeds from his alleged participation in the Twitter bitcoin scam or some other form of cybercrime. Florida State Attorney Andrew Warren’s reaction as a Pornhub clip began streaming to everyone in today’s Zoom proceeding. Mr. Clark’s attorneys disagreed, and spent most of the uninterrupted time in today’s hearing explaining why their client could safely be released under a much smaller bond and close supervision restrictions. On Sunday, The New York Times published an in-depth look into Clark’s wayward path from a small-time cheater and hustler in online games like Minecraft to big-boy schemes involving SIM swapping, a form of fraud that involves social engineering employees at mobile phone companies to gain control over a target’s phone number and any financial, email and social media accounts associated with that number. According to The Times, Clark was suspected of being involved in a 2019 SIM swapping incident which led to the theft of 164 bitcoins from Gregg Bennett, a tech investor in the Seattle area. That theft would have been worth around $856,000 at the time; these days 164 bitcoins is worth approximately $1.8 million. The Times said that soon after the theft, Bennett received an extortion note signed by Scrim, one of the hacker handles alleged to have been used by Clark. From that story: “We just want the remainder of the funds in the Bittrex,” Scrim wrote, referring to the Bitcoin exchange from which the coins had been taken. “We are always one step ahead and this is your easiest option.” In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents. A few weeks later, Mr. Bennett received a letter from the Secret Service saying they had recovered 100 of his Bitcoins, citing the same code that was assigned to the coins seized from Mr. Clark. Florida prosecutor Darrell Dirks was in the middle of explaining to the judge that investigators are still in the process of discovering the extent of Clark’s alleged illegal hacking activities since the Secret Service returned the 100 bitcoin when the porn clip was injected into the Zoom conference. Ultimately, Judge Nash decided to keep the bond amount as is, but to remove the condition that Clark prove the source of the funds. Clark has been charged with 30 felony counts and is being tried as an adult. Federal prosecutors also have charged two other young men suspected of playing roles in the Twitter hack, including a 22-year-old from Orlando, Fla. and a 19-year-old from the United Kingdom. Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker
  5. Twitter fixes vulnerability in its Android app that could have exposed DMs Twitter revealed today a vulnerability that might have dealt yet another major blow to its security posture. The micro-blogging site has announced that it recently fixed a security issue with its Android app that could have allowed attackers to access your Direct Messages and other private data through a malicious app. The vulnerability is related to a security issue with Android that affected only versions 8 and 9. Twitter noted that the security flaw could circumvent Android's system permissions that safeguard against unauthorized access to private data. It turns out that Google fixed the issue in October 2018 through a security patch, which has already been made available to 96% of Twitter users on Android. For now, Twitter found no evidence that this vulnerability was exploited. However, the company is not completely certain that this will always be the case, so it has updated its Android app to prevent external apps from gaining access to Twitter's in-app data. In addition, it is sending out in-app notifications to those who might have been affected, requiring them to update their app to its latest version. Finally, Twitter vowed to identify changes to its processes to avoid issues like this in the future. Though the vulnerability did not affect the service's web and iOS apps, the alert has also been sent out via Twitter's web version. Twitter fixes vulnerability in its Android app that could have exposed DMs
  6. Twitter faces $250 million FTC fine for misusing emails and phone numbers Twitter said the identifiers were ‘inadvertently’ used for advertising Illustration by Alex Castro / The Verge Twitter said that the Federal Trade Commission may soon fine it up to $250 million for improper use of users’ phone numbers and email addresses. The potential fines would come for violations of Twitter’s 2011 agreement with the FTC to no longer mislead consumers about how it protects their personal information. Between 2013 and 2019, Twitter used phone numbers and email addresses provided “for safety and security purposes” to help target ads. Twitter disclosed the practice back in October, saying that it was done “inadvertently” and called it “an error.” The FTC evidently believes that Twitter misled consumers by not disclosing that their data may have been used in this way. Twitter says that the commission sent a draft complaint on July 28th describing alleged violations of the 2011 agreement. Twitter estimates that it could be fined anywhere from $150 million to $250 million, and it’s setting aside $150 million in expectation of a fine. “The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome,” Twitter writes in its 10-Q filing with the Securities and Exchange Commission. A spokesperson for Twitter says the company “included an estimated range for settlement” in the 10-Q filed today because the complaint was received after its quarterly results were filed on July 23rd. The Verge has reached out to the FTC for comment. Twitter faces $250 million FTC fine for misusing emails and phone numbers
  7. How the Alleged Twitter Hackers Got Caught Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks. Photograph: David Paul Morris/Bloomberg/Getty Images On July 15, a Discord user with the handle Kirk#5270 made an enticing proposition. “I work for Twitter,” they said, according to court documents released Friday. “I can claim any name, let me know if you’re trying to work.” It was the beginning of what would, a few hours later, turn into the biggest known Twitter hack of all time. A little over two weeks later, three individuals have been charged in connection with the heists of accounts belonging to Bill Gates, Elon Musk, Barack Obama, Apple, and more—along with nearly $120,000 in bitcoin. Friday afternoon, after an investigation that included the FBI, IRS, and Secret Service, the Department of Justice charged UK resident Mason Sheppard and Nima Fazeli, of Orlando, Florida in connection with the Twitter hack. A 17-year-old, Graham Ivan Clark, was charged separately with 30 felonies in Hillsborough County, Florida, including 17 counts of communications fraud. Together, the criminal complaints filed in the cases offer a detailed portrait of the day everything went haywire—and how poorly the alleged attackers covered their tracks. All three are currently in custody. Despite his claims on the morning of July 15, Kirk#5270 was not a Twitter employee. He did, however, have access to Twitter’s internal administrative tools, which he showed off by sharing screenshots of accounts like “@bumblebee,” “@sc,” “@vague,” and “@R9.” (Short handles are a popular target among certain hacking communities.) Another Discord user who went by “ever so anxious#0001” soon began lining up buyers; Kirk#5270 shared the address of a Bitcoin wallet where proceeds could be directed. Offers included $5,000 for “@xx,” which would later be compromised. That same morning, someone going by “Chaewon” on the forum OGUsers started advertising access to any Twitter account. In a post titled "Pulling email for any Twitter/Taking Requests,” Chaewon listed prices as $250 to change the email address associated with any account, and up to $3,000 for account access. The post directs users to “ever so anxious#0001” on Discord; over the course of seven hours, starting at around 7:16 am ET, the “ever so anxious#0001” account discussed the takeover of at least 50 user names with Kirk#5270, according to court documents. In that same Discord chat, “ever so anxious#0001” said his OGUsers handle was Chaewon, suggesting the two were the same individual. Kirk#5270 allegedly received similar help from a Discord user going by Rolex#0373, although that person was skeptical at first. “Just sounds too good to be true,” he wrote, according to chat transcripts investigators obtained via warrant. Later, to help back up his claim, Kirk#5270 appears to have changed the email address tied to the Twitter account @foreign to an email address belonging to Rolex#0373. Like Chaewon, Rolex#0373 then agreed to help broker deals on OGUsers—where his user name was Rolex—with prices starting at $2,500 for especially sought-after account names. In exchange, Rolex got to keep @foreign for himself. By around 2 pm ET on July 15, at least 10 Twitter accounts had been stolen, according to the criminal complaints, but the hackers still seemed focused on short or desirable handles like @drug and @xx and @vampire, rather than celebrities and tech moguls. And the takeovers were an end unto themselves, rather than in service of a cryptocurrency scam. The deals brokered by Chaewon netted Kirk#5270 around $33,000 in bitcoin, according to the criminal complaint; Chaewon took in another $7,000 for his role as intermediary. The FBI believes that Rolex is Fazeli, and it charged him with one count of aiding and abetting the intentional access of a protected computer. They believe Sheppard is Chaewon, who is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. The criminal complaints against Sheppard and Fazeli leave off here. Neither complaint identifies the individual behind Kirk#5270, or explicitly links that account to a named individual. But court documents in Clark's case allege that it was the 17-year-old who had gained access to Twitter’s systems, and who went on to take over the high-profile accounts in service of a bitcoin scam. The Justice Department has referred the case to the Hillsborough State Attorney Office, which is prosecuting Clark, according to the office's website, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate." “He gained access to Twitter accounts and to the internal controls of Twitter through compromising a Twitter employee,” Hillsborough state attorney Andrew Warren said in a video conference Friday. “He sold access to those accounts. He then used the identities of prominent people to solicit money in the form of bitcoin, promising in return that he would send back twice as much bitcoin.” Court documents show approximately 415 payments to the bitcoin wallet associated with the scam, totaling the equivalent of around $177,000. As Twitter confirmed last week, 130 accounts were targeted in all. Attackers successfully tweeted from 45 of the accounts, accessed the direct messages of 36, and downloaded the Twitter data of seven. On Thursday evening, Twitter disclosed that attackers got in through social engineering, specifically through a phone spear-phishing attack, that targeted company employees. Court documents don’t provide much more detail than that, and only allege that Clark’s actions date back to on or around May 3. It’s also not entirely clear how investigators identified Clark, but the trail that led the FBI to Sheppard and Fazeli has much bigger bread crumbs. On April 2, the administrator of OGUsers announced that the forum had been hacked; a few days later, court documents say, a rival hacking gang put out a download link to a database of user information. It turned out to be quite a trove, full of not just user names and public postings but private messages between users, IP addresses, and email addresses. The FBI says it acquired a copy of the database on April 9. The work appears to have been quick from there. In Chaewon’s private messages on OGUsers, investigators say they found an exchange in February where Chaewon was instructed to pay for a videogame by sending bitcoin to a particular address. Activity on that wallet the next day was traced to a cluster of bitcoin addresses that, months later, would be used by “ever so anxious#0001” in his interactions with Kirk#5270. Investigators also used the database to connect Chaewon's account to another OGUsers handle, Mas. Both accounts signed onto the forums from the same IP address on the same day, according to the database leak; agents also found that multiple times between February 11 and 15 of this year, Chaewon posted ““IT IS MAS I AM MAS NOT BRY I AM MAS MAS [email protected],” which combined suggest that Chaewon and Mas are owned by the same individual. The Mas account was associated with the email account [email protected], investigators say, which was linked to a Coinbase account tied to Mason Sheppard. The bitcoin addresses associated with Chaewon had also processed numerous exchanges on the cryptocurrency exchange Binance, whose records also tied those accounts with Sheppard. Finally, court documents say that an unnamed juvenile who had allegedly assisted in the scheme told investigators that they knew Chaewon by the name Mason. Investigators rely on bitcoin and IP addresses to link the Rolex#0373 to Fazeli, as well, particularly one October 30, 2018 exchange that was referenced on the OGUsers forums. The Coinbase account involved in that transaction allegedly belonged to “Nim F,” under the email address “[email protected],” the same used to register the Rolex account on OGUsers. The Coinbase account had allegedly been verified with a Florida driver’s license in the name of Nima Fazeli, complete with the driver’s license number. Over time, court documents say, Fazeli would use his real driver’s license to register three separate Coinbase accounts, the third of which was frequently visited from the same IP address as the Rolex#0373 Discord account and Rolex account on OGUsers. “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” Twitter said in a tweeted statement. The FBI's San Francisco Office released a statement Friday indicating that the investigation was still ongoing. While the Twitter hack garnered major headlines, the social engineering attack at the heart of it is nothing new. “In terms of the M.O. of breaking into companies and then using the employee tools to perpetuate fraud, that is just another day for these guys,” says Allison Nixon, chief research officer with cybersecurity firm 221B, which assisted the FBI in the investigation. “This exact same M.O. was used against telcos for years prior to this.” Generally, the sort of social engineering used in the Twitter hack avoids legal scrutiny, Nixon says, because it’s considered a low level of attack. That’s obviously no longer the case when your hit list includes a former president and the two wealthiest men in the world. It’s also unclear how effective a deterrent these arrests will prove to be in the long run, given how entrenched this particular hacking community has become. If anything, the details in the criminal complaints may instruct future attacks. “Every single cycle of this teaches them to be better,” says Nixon, “because they get to see the evidence against them, and how they get caught.” How the Alleged Twitter Hackers Got Caught
  8. Florida teen arrested, charged with being “mastermind” of Twitter hack The 17-year-old is facing 30 felony fraud charges. 52 with 46 posters participating A Florida teen has been arrested and charged with 30 felony counts related to the high-profile hijacking of more than 100 Twitter accounts earlier this month. Federal law enforcement arrested Graham Ivan Clark, 17, in Tampa earlier today, the Office of Hillsborough State Attorney Andrew Warren said. The arrest followed an investigation spearheaded by the Federal Bureau of Investigation and the Justice Department. "These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," said Warren. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that." A security researcher who has been actively working with the FBI on the investigation into this month's breach told Ars that the hack was the result of painstaking research into Twitter employees, the social engineering of them by phone, and carefully timed phishing. Allison Nixon, chief research officer at security firm Unit 221B, said evidence collected to date shows that Clark and hackers he worked with started by scraping LinkedIn in search of Twitter employees who were likely to have access to the account tools. Using tools that LinkedIn makes available to recruiters, the attackers then obtained those employees’ cell phone numbers and other private contact information. The attackers then called the employees, and directed them to a phishing page that mimicked an internal Twitter VPN. Detailed work histories and other employee data the attackers obtained from public sources allowed the attackers to pose as people who were authorized Twitter personnel. Work at home arrangements cause by the COVID-19 pandemic also prevented the employees from using using normal procedures such as face-to-face contact, to verify the identities of co-workers. With the confidence of the targeted employees, the attackers directed them to a phishing page that mimicked an internal Twitter VPN. The attackers then obtained credentials as the targeted employees entered them. To bypass two-factor authentication protections Twitter has in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the employees entering them into the fake one. Once the employee entered the one-time password, the attackers were in. According to the charging document (PDF), Clark faces one count of organized fraud, 11 total counts of fraudulent use of personal information, one count of accessing a computer or electronic device without authority, and 17 counts of communications fraud. Clark's prosecution is taking place in Tampa, where he lives, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate," Warren's office said. Two other young adults are also facing charges in relation to the hack, the DOJ announced. Mason Sheppard, a 19-year-old UK resident, and Nima Fazeli of Orlando, Florida, have both been charged in the Northern District of California. Sheppard faces counts of conspiracy to commit wire fraud, conspiracy to commit money laundering, and intentionally accessing a protected computer. Fazeli is charged with aiding and abetting the intentional access of a protected computer. This is a developing story and will be updated. Florida teen arrested, charged with being “mastermind” of Twitter hack
  9. Twitter users in Japan are facing uncertainty after the Supreme Court ruled that people who retweet copyright-infringing images can have their details passed to copyright holders. The case centered around the posting of an image that was posted to Twitter without permission and was then retweeted in an automatically cropped format. With more than 330 million active users, Twitter is a true internet giant that gives anyone with an internet connection and an account to have their say on whatever they like. Whether insightful, provocative, or even thoughtless, the overwhelming majority of tweets cause no legal issues. Every now and again, however, cases can attract the attention of lawyers who believe their clients’ rights have been breached. Of course, copyright infringement is one of the most common issues and a case in Japan has put Twitter users on notice, not only concerning what they post to the platform but also what they can safely retweet to others. The controversy began in 2014 when a photographer found that one of his images featuring a lily had been copied from his website and posted to Twitter without his permission. Additionally, he found that other users had retweeted the image from their own accounts. A Twitter feature meant that the retweeted images were cropped, removing the photographer’s name. The photographer wanted to discover not only the identity of the original poster but also the retweeters so took the matter to court. The Tokyo District Court found that the original posting of the image infringed the photographer’s copyright but dismissed the claims against the retweeters. Dissatisfied with the decision, the photographer took his case to the High Court handling intellectual property matters. That court agreed with the lower court that the original image posting had breached the photographer’s copyright. In respect of the retweeters, however, the High Court found they had violated the photographer’s moral rights, due to the Twitter cropping feature that removed his name, identifying him as the creator of the photograph. As a result, the High Court ordered Twitter to hand over the email addresses not only of the original poster but also those of three other Twitter users who retweeted the image. Twitter appealed the decision to the Supreme Court and essentially took responsibility for the cropping of the images, a feature that wasn’t under the control of its users. The company argued that any decision against them could have a chilling effect on its platform. The arguments fell on deaf ears. In a decision handed down yesterday, the Supreme Court ordered Twitter to hand over the email addresses of the three retweeters after finding that the photographer’s rights were indeed infringed when Twitter’s cropping tool removed his identifying information. Four out of five judges on the bench sided with the photographer, with Justice Hayashi dissenting. He argued that ruling in favor of the plaintiff would put Twitter users in the position of having to verify every piece of content was non-infringing before retweeting. The other judges said that despite these problems, the law must be upheld as it is for content published on other platforms. “Twitter has 45 million users in Japan. It is hoped that the company will take action,” Presiding Justice Saburo Tokura said, as reported by Japan Times. What the photographer will do with the emails addresses of the Twitter users is unclear but given the legal action undertaken thus far, it seems somewhat likely that similar could follow against the infringers. Perhaps more importantly, around 45 million Twitter users in the country, most of whom won’t have heard about the case, will now be exposed to action, if they don’t take precautions over what they retweet. There is a possiblity that Twitter itself will find a solution but the company is yet to make an announcement. Source
  10. Hackers obtained Twitter DMs for 36 high-profile account holders Hack also exposed phone numbers, email addresses and other PII for 130 users. Enlarge Kevin Krejci 21 with 16 posters participating, including story author Hackers accessed direct messages for 36 high-profile account holders in last week’s epic compromise of Twitter, with one of the affected users being an elected official from the Netherlands, the social media company said late Wednesday. The company also said the intruders were able to view email addresses, phone numbers, and other personal information for all 130 hijacked accounts. The mass-account takeover came to light last Wednesday when some of the world’s best-known celebrities, politicians, and executives began tweeting links to Bitcoin scams. A handful of the account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO, and Chairman Bill Gates, Tesla founder and CEO Elon Musk, and pop star Kanye West. A few hours later, Twitter officials said the incident was the result of it losing control of its internal administrative systems to hackers who either paid, tricked, or coerced one or more company employees. The officials said they would disclose any other malicious activities those responsible may have undertaken as an investigation continued. A breathtaking impact On Wednesday, Twitter provided its most troubling update so far. It said: The revelation that some of the world's most influential people likely had their personal messages read by unknown hackers will put more pressure on Twitter to better protect its users. US Senator Ron Wyden, a Democrat representing Oregon, said in a statement last week that he has pushed CEO Jack Dorsey to protect direct messages with end-to-end encryption, which would prevent Twitter and anyone else other than the sender and recipient from being able to read them. “Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access,” Wyden wrote. “If hackers gained access to users' DMs, this breach could have a breathtaking impact, for years to come.” Phone numbers, email addresses and more A blog post that was updated on Wednesday added that the account hijackers were able to view personal information, including phone numbers and email addresses, that were associated with the accounts. The company made no mention of what other personal details—such as words or users the account holder had muted or blocked—were available to hackers. A Twitter spokeswoman declined to provide additional information, including the identity of the users whose direct messages were accessed or other types of personal information that was exposed. Wednesday’s update also said that: “Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.” “Previous passwords” referred to the passcodes that were used before hackers changed them. The update made no mention of passwords that were cryptographically hashed and whether the hijackers had the ability to obtain them. On background, a Twitter representative said the attackers didn't see passwords in hashed or plaintext format. In previous updates over the past week Twitter has provided additional details, including: Hackers likely tried to sell access to hijacked Twitter accounts with highly-coveted usernames such as @6 Up to eight of the compromised accounts had information taken through Twitter's “Your Twitter Data” tool. None of these accounts were verified Attackers tweeted from 45 verified accounts, which besides the holders mentioned above, also included Jeff Bezos, Barack Obama, and Apple The company is working with the law enforcement agencies, which according to Reuters, include the FBI Twitter has yet to answer several other important questions. They include whether the employees or hackers involved = in the attack left behind any backdoors that could allow similar breaches in the future. Also unanswered is if the company has put in place a mechanism—such as a requirement that multiple employees must provide separate passwords—to unlock administrative panels. Over the past decade, Twitter has evolved into a channel that President Trump, other world leaders, and myriad government agencies use to communicate both official policy and unofficial vitriol. With so much at stake, breaches that allow attackers to impersonate users and access their private message and information raise serious national security concerns that the company has yet to address. Hackers obtained Twitter DMs for 36 high-profile account holders
  11. Twitter Hacking for Profit and the LoLs The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day. But new information suggests that at least two of them operated a service that resold access to Twitter employees for the purposes of modifying or seizing control of prized Twitter profiles. As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. A screenshot of a Discord discussion between the key Twitter hacker “Kirk” and several people seeking to hijack high-value Twitter accounts. Known as “original gangster” or “OG” accounts, short-character profile names confer a measure of status and wealth in certain online communities, and such accounts can often fetch thousands of dollars when resold in the underground. The people involved in obtaining those OG accounts on July 15 said they got them from a person identified only as “Kirk,” who claimed to be a Twitter employee. According to The Times, Kirk first reached out to the group through a hacker who used the screen name “lol” on OGusers, a forum dedicated to helping users hijack and resell OG accounts from Twitter and other social media platforms. From The Times’s story: “The hacker ‘lol’ and another one he worked with, who went by the screen name ‘ever so anxious,’ told The Times that they wanted to talk about their work with Kirk in order to prove that they had only facilitated the purchases and takeovers of lesser-known Twitter addresses early in the day. They said they had not continued to work with Kirk once he began more high-profile attacks around 3:30 p.m. Eastern time on Wednesday. ‘lol’ did not confirm his real-world identity, but said he lived on the West Coast and was in his 20s. “ever so anxious” said he was 19 and lived in the south of England with his mother. Kirk connected with “lol” late Tuesday and then “ever so anxious” on Discord early on Wednesday, and asked if they wanted to be his middlemen, selling Twitter accounts to the online underworld where they were known. They would take a cut from each transaction.” Twice in the past year, the OGUsers forum was hacked, and both times its database of usernames, email addresses and private messages was leaked online. A review of the private messages for “lol” on OGUsers provides a glimpse into the vibrant market for the resale of prized OG accounts. On OGUsers, lol was known to other members as someone who had a direct connection to one or more people working at Twitter who could be used to help fellow members gain access to Twitter profiles, including those that had been suspended for one reason or another. In fact, this was how lol introduced himself to the OGUsers community when he first joined. “I have a twitter contact who I can get users from (to an extent) and I believe I can get verification from,” lol explained. In a direct message exchange on OGUsers from November 2019, lol is asked for help from another OGUser member whose Twitter account had been suspended for abuse. “hello saw u talking about a twitter rep could you please ask if she would be able to help unsus [unsuspend] my main and my friends business account will pay 800-1k for each,” the OGUusers profile inquires of lol. Lol says he can’t promise anything but will look into it. “I sent her that, not sure if I will get a reply today bc its the weekend but ill let u know,” Lol says. In another exchange, an OGUser denizen quizzes lol about his Twitter hookup. “Does she charge for escalations? And how do you know her/what is her department/job. How do you connect with them if I may ask?” “They are in the Client success team,” lol replies. “No they don’t charge, and I know them through a connection.” As for how he got access to the Twitter employee, lol declines to elaborate, saying it’s a private method. “It’s a lil method, sorry I cant say.” In another direct message, lol asks a fellow OGUser member to edit a comment in a forum discussion which included the Twitter account “@tankska,” saying it was his IRL (in real life) Twitter account and that he didn’t want to risk it getting found out or suspended (Twitter says this account doesn’t exist, but a simple text search on Twitter shows the profile was active until late 2019). “can u edit that comment out, @tankska is a gaming twitter of mine and i dont want it to be on ogu :D’,” lol wrote. “just dont want my irl getting sus[pended].” Still another OGUser member would post lol’s identifying information into a forum thread, calling lol by his first name — “Josh” — in a post asking lol what he might offer in an auction for a specific OG name. “Put me down for 100, but don’t note my name in the thread please,” lol wrote. WHO IS LOL? The information in lol’s OGUsers registration profile indicates he was probably being truthful with The Times about his location. The hacked forum database shows a user “tankska” registered on OGUsers back in July 2018, but only made one post asking about the price of an older Twitter account for sale. The person who registered the tankska account on OGUsers did so with the email address [email protected], and from an Internet address tied to the San Ramon Unified School District in Danville, Calif. According to 4iq.com, a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry. Tankska was active only briefly on OGUsers, but the hacked OGUsers database shows that “lol” changed his username three times over the years. Initially, it was “freej0sh,” followed by just “j0sh.” lol did not respond to requests for comment sent to email addresses tied to his various OGU profiles and Instagram accounts. ALWAYS IN DISCORD Last week’s story on the Twitter compromise noted that just before the bitcoin scam tweets went out, several OG usernames changed hands. The story traced screenshots of Twitter tools posted online back to a moniker that is well-known in the OGUsers circle: PlugWalkJoe, a 21-year-old from the United Kingdom. Speaking with The Times, PlugWalkJoe — whose real name is Joseph O’Connor — said while he acquired a single OG Twitter account (@6) through one of the hackers in direct communication with Kirk, he was otherwise not involved in the conversation. “I don’t care,” O’Connor told The Times. “They can come arrest me. I would laugh at them. I haven’t done anything.” In an interview with KrebsOnSecurity, O’Connor likewise asserted his innocence, suggesting at least a half dozen other hacker handles that may have been Kirk or someone who worked with Kirk on July 15, including “Voku,” “Crim/Criminal,” “Promo,” and “Aqua.” “That twit screenshot was the first time in a while I joke[d], and evidently I shouldn’t have,” he said. “Joking is what got me into this mess.” O’Connor shared a number of screenshots from a Discord chat conversation on the day of the Twitter hack between Kirk and two others: “Alive,” which is another handle used by lol, and “Ever So Anxious.” Both were described by The Times as middlemen who sought to resell OG Twitter names obtained from Kirk. O’Connor is referenced in these screenshots as both “PWJ” and by his Discord handle, “Beyond Insane.” The negotiations over highly-prized OG Twitter usernames took place just prior to the hijacked celebrity accounts tweeting out bitcoin scams. Ever So Anxious told Kirk his OGU nickname was “Chaewon,” which corresponds to a user in the United Kingdom. Just prior to the Twitter compromise, Chaewon advertised a service on the forum that could change the email address tied to any Twitter account for around $250 worth of bitcoin. O’Connor said Chaewon also operates under the hacker alias “Mason.” “Ever So Anxious” tells Kirk his OGUsers handle is “Chaewon,” and asks Kirk to modify the display names of different OG Twitter handles to read “lol” and “PWJ”. At one point in the conversation, Kirk tells Alive and Ever So Anxious to send funds for any OG usernames they want to this bitcoin address. The payment history of that address shows that it indeed also received approximately $180,000 worth of bitcoin from the wallet address tied to the scam messages tweeted out on July 15 by the compromised celebrity accounts. The Twitter hacker “Kirk” telling lol/Alive and Chaewon/Mason/Ever So Anxious where to send the funds for the OG Twitter accounts they wanted. SWIMPING My July 15 story observed there were strong indications that the people involved in the Twitter hack have connections to SIM swapping, an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. The account “@shinji,” a.k.a. “PlugWalkJoe,” tweeting a screenshot of Twitter’s internal tools interface. SIM swapping was thought to be behind the hijacking of Twitter CEO Jack Dorsey‘s Twitter account last year. As recounted by Wired.com, @jack was hijacked after the attackers conducted a SIM swap attack against AT&T, the mobile provider for the phone number tied to Dorsey’s Twitter account. Immediately after Jack Dorsey’s Twitter handle was hijacked, the hackers tweeted out several shout-outs, including one to @PlugWalkJoe. O’Connor told KrebsOnSecurity he has never been involved in SIM swapping, although that statement was contradicted by two law enforcement sources who closely track such crimes. However, Chaewon’s private messages on OGusers indicate that he very much was involved in SIM swapping. Use of the term “SIM swapping” was not allowed on OGusers, and the forum administrators created an automated script that would watch for anyone trying to post the term into a private message or discussion thread. The script would replace the term with “I do not condone illegal activities.” Hence, a portmanteau was sometimes used: “Swimping.” “Are you still swimping?” one OGUser member asks of Chaewon on Mar. 24, 2020. “If so and got targs lmk your discord.” Chaewon responds in the affirmative, and asks the other user to share his account name on Wickr, an encrypted online messaging app that automatically deletes messages after a few days. Chaewon/Ever So Anxious/Mason did not respond to requests for comment. O’Connor told KrebsOnSecurity that one of the individuals thought to be associated with the July 15 Twitter hack — a young man who goes by the nickname “Voku” — is still actively involved in SIM-swapping, particularly against customers of AT&T and Verizon. Voku is one of several hacker handles used by a Canton, Mich. youth whose mom turned him in to the local police in February 2018 when she overheard him talking on the phone and pretending to be an AT&T employee. Officers responding to the report searched the residence and found multiple cell phones and SIM cards, as well as files on the kid’s computer that included “an extensive list of names and phone numbers of people from around the world.” The following month, Michigan authorities found the same individual accessing personal consumer data via public Wi-Fi at a local library, and seized 45 SIM cards, a laptop and a Trezor wallet — a hardware device designed to store crytpocurrency account data. In April 2018, Voku’s mom again called the cops on her son — identified only as confidential source #1 (“CS1”) in the criminal complaint against him — saying he’d obtained yet another mobile phone. Voku’s cooperation with authorities led them to bust up a conspiracy involving at least nine individuals who stole millions of dollars worth of cryptocurrency and other items of value from their targets. CONSPIRACY Samy Tarazi, an investigator with the Santa Clara County District Attorney’s Office, has spent hundreds of hours tracking young hackers during his tenure with REACT, a task force set up to combat SIM swapping and bring SIM swappers to justice. According to Tarazi, multiple actors in the cybercrime underground are constantly targeting people who work in key roles at major social media and online gaming platforms, from Twitter and Instagram to Sony, Playstation and Xbox. Tarazi said some people engaged in this activity seek to woo their targets, sometimes offering them bribes in exchange for the occasional request to unban or change the ownership of specific accounts. All too often, however, employees at these social media and gaming platforms find themselves the object of extremely hostile and persistent personal attacks that threaten them and their families unless and until they give in to demands. “In some cases, they’re just hitting up employees saying, ‘Hey, I’ve got a business opportunity for you, do you want to make some money?'” Tarazi explained. “In other cases, they’ve done everything from SIM swapping and swatting the victim many times to posting their personal details online or extorting the victims to give up access.” Allison Nixon is chief research officer at Unit 221B, a cyber investigations company based in New York. Nixon says she doesn’t buy the idea that PlugWalkJoe, lol, and Ever So Anxious are somehow less culpable in the Twitter compromise, even if their claims of not being involved in the July 15 Twitter bitcoin scam are accurate. “You have the hackers like Kirk who can get the goods, and the money people who can help them profit — the buyers and the resellers,” Nixon said. “Without the buyers and the resellers, there is no incentive to hack into all these social media and gaming companies.” Mark Rasch, Unit 221B’s general counsel and a former U.S. federal prosecutor, said all of the players involved in the Twitter compromise of July 15 can be charged with conspiracy, a legal concept in the criminal statute which holds that any co-conspirators are liable for the acts of any other co-conspirator in furtherance of the crime, even if they don’t know who those other people are in real life or what else they may have been doing at the time. “Conspiracy has been called the prosecutor’s friend because it makes the agreement the crime,” Rasch said. “It’s a separate crime in addition to the underlying crime, whether it be breaking in to a network, data theft or account takeover. The ‘I just bought some usernames and gave or sold them to someone else’ excuse is wrong because it’s a conspiracy and these people obviously don’t realize that.” In a statement on its ongoing investigation into the July 15 incident, Twitter said it resulted from a small number of employees being manipulated through a social engineering scheme. Twitter said at least 130 accounts were targeted by the attackers, who succeeded in sending out unauthorized tweets from 45 of them and may have been able to view additional information about those accounts, such as direct messages. On eight of the compromised accounts, Twitter said, the attackers managed to download the account history using the Your Twitter Data tool. Twitter added that it is working with law enforcement and is rolling out additional company-wide training to guard against social engineering tactics. Twitter Hacking for Profit and the LoLs
  12. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack The company blacklisted the bitcoin address Illustration by Alex Castro The cryptocurrency exchange Coinbase said that it stopped around 1,100 customers from sending bitcoin to hackers who gained access to high-profile Twitter accounts last week. Last Wednesday, over 100 Twitter accounts, some belonging to major companies like Apple and high-profile people like Vice President Joe Biden and Bill Gates, were hacked as part of a massive coordinated bitcoin scam. According to Twitter, the hackers were able to convince some of the company’s employees to use internal systems and tools to access the accounts and help the hackers defraud users into sending them bitcoin. According to Forbes, Coinbase and other cryptocurrency exchanges were able to stop some customers from sending bitcoin to the hackers by blacklisting the hackers’ wallet address. Specifically, Coinbase says it prevented just over 1,000 customers from sending around $280,000 worth of bitcoin during last Wednesday’s attack. Roughly 14 Coinbase users sent around $3,000 worth of bitcoin to the scam’s bitcoin address before the company moved to blacklist it, the company said. “We noticed the scam and began blocking transactions within a couple of minutes of the initial wave of scam posts,” a Coinbase spokesperson told The Verge on Monday. Twitter accounts belonging to cryptocurrency exchanges including Binance and Gemini were also targeted during Wednesday’s attack. Coinbase’s chief information officer told Forbes on Sunday that it learned of the scam shortly after tweets were posted from fellow exchanges’ accounts. As of Monday, Twitter is still investigating Wednesday’s attack. On Friday, the company put out a blog post confirming that 130 accounts were targeted and the hackers were able to initiative a password reset, log in to the account, and send tweets for 45 of those accounts. Twitter also said that the hackers were able to download account data belonging to eight unverified users. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack
  13. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked A lot of high-profile accounts were hit yesterday, but not Trump’s Photo by Drew Angerer/Getty Images In yesterday’s massive attack on Twitter, some of the highest-profile accounts on the service, including President Barack Obama, Joe Biden, Elon Musk, and Bill Gates had their accounts hijacked to peddle bitcoin scams. Notably, however, Donald Trump, perhaps the most famous Twitter user of all, was untouched by the attack, and it could be because Twitter has implemented extra protections for his account. In a deeply-reported article on the attack, The New York Times writes that Trump’s Twitter account has extra protection after “past incidents,” citing two anonymous sources — a senior White House official and a Twitter employee. The New York Times didn’t specify what those past incidents were, but they could refer to the November 2nd, 2017 incident where a rogue employee deactivated Trump’s account on his last day at the company. Trump’s account returned to Twitter 11 minutes later. A day after the deactivation, Twitter said it had “implemented safeguards to prevent this from happening again.” The company didn’t elaborate further. But The Wall Street Journal reported at the time that Twitter had already limited the number of employees who could access Trump’s account following his inauguration. Those tools typically let employees suspend or deactivate accounts, but don’t let them tweet from those accounts, the WSJ said. Motherboard reported that the people involved in Wednesday’s attack were sharing screenshots of a Twitter admin tool apparently used for the attack. And Twitter itself has said that its own employee systems and tools were compromised. If those are also the same systems that no longer had widespread access to Trump’s account as of 2017, that could have made his account more difficult, if not impossible, to access from the admin tool used by the attackers. It’s also possible that Trump’s account was hardened further after the rogue employee deactivated it in November 2017. Twitter hasn’t replied to a request for comment, so we can’t exactly be sure that those safeguards are what stopped the attackers from hijacking his account on Tuesday. In fact, it’s not clear that the attackers even tried. Either way, they didn’t get in, and that could have prevented an already very bad situation from getting even worse. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked
  14. EFF tells Twitter to encrypt DMs after hacking incident The Electronic Frontier Foundation (EFF) has reiterated to Twitter that it should subject all direct messages (DMs) to end-to-end encryption to provide users with more privacy and security. The digital rights organization has been calling for this for years but the most recent breach has pushed it to demand the feature again. The EFF said that with hackers gaining access to admin tools at Twitter, encrypting the DMs would have meant hackers couldn’t have seen the contents of direct messages, offering more protection. The rights group also pointed to the fact that Twitter CEO Jack Dorsey reassured Senator Ron Wyden two years ago that end-to-end encryption was being worked on. Earlier today, Twitter said in a statement that going forward it will be taking action to tighten up its security. It’s not clear what this tightening up will look like but hopefully, it will include end-to-end encryption for DMs. One of Twitter’s main rivals, Facebook, already offers end-to-end encryption on some of its products including WhatsApp and optionally on Facebook Messenger. The messaging apps, Signal and iMessage, also offer users with encryption features for greater security. While Twitter may be under pressure from law enforcement to keep DMs unencrypted, the EFF believes that securing them is “a no-brainer”. EFF tells Twitter to encrypt DMs after hacking incident
  15. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen But it sounds like the attackers didn’t get Biden’s data cache Illustration by Alex Castro On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and more. The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted. That’s because Twitter has confirmed that attackers attempted to download the entire “Your Twitter Data” archive for those 8 individuals, which contains DMs among other info. They may even have DMs that the 8 individuals tried to delete, given that Twitter stores DMs on its servers as long as either party to a conversation keeps them around — we learned last February that you can retrieve deleted DMs by downloading the “Your Twitter Data” archive, even if you’ve deleted them yourself. The archive can also include other personal information like your address book and any images and videos you may have attached to those private messages as well. The good news: Twitter claims none of those 8 accounts were verified users, suggesting that none of the highest-profile individuals targeted had their data downloaded. It’s still possible that the hackers looked at their DMs, but no, Democratic presidential candidate Joe Biden and others probably didn’t just get their DMs stolen outright. According to Twitter, hackers targeted 130 accounts; successfully triggered a password reset, logged in, and tweeted from 45 of them; and only attempted to download data for that “up to eight” non-verified accounts. We do not know how many accounts they may have scanned for personal information or how many DMs they might have simply accessed or read. And for the larger batch of 130 accounts — including high-profile ones like the Democratic presidential candidate — Twitter says they may have been able to see other sorts of personal information. Twitter also allows logged in users to see a location history of the places and times that they’ve logged in, as an example. Twitter previously confirmed that its own internal employee tools were used to facilitate the account takeovers, and suspected that its employees had fallen for a social engineering scam — now, the company is going further to say definitively that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” That aligns with the prevailing theories, which you can read more about in the NYT’s impressive report here. There are still many, many more questions and serious investigations still ahead. You can read Twitter’s full blog post here. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen
  16. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts Twitter wants to restore access ‘ASAP’ Illustration by Alex Castro / The Verge Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon. Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets. “Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were. Twitter says it’s working “ASAP” to restore access, but the process may still take some time. Although Twitter says it doesn’t believe passwords were accessed, it remains unclear if the attackers were able to access direct messages. In addition to locking some accounts, Twitter also completely disabled the ability of all verified accounts to tweet last night for a few hours following the hack, though verified accounts could still retweet existing tweets while the limits were in place. Last night, Twitter shared that its own internal tools were compromised in the attack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet sent yesterday at 10:38PM ET. Two anonymous sources told Motherboard that a Twitter employee helped them take over accounts, with one saying they paid the employee for their help. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts
  17. The FBI opens investigation into Twitter attack over national security concerns Numerous investigations are now probing Twitter’s worst-ever security incident Illustration by Alex Castro The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal. The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement given to the WSJ. New York Gov. Andrew Cuomo is also having the state’s Department of Financial Services investigate the attack, the report states. “Foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can,” Cuomo said, according to the New York Post. New York Attorney General Letitia James also opened an investigation following this morning’s news that lawmakers on both sides of the aisle have begun calling for Twitter to provide more transparency about how the attack was carried out. “Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.” The attack, which involved hackers taking control of popular accounts with millions of followers to tweet out a bitcoin scam, was the work of a group of unknown individuals. Twitter now says the group used social engineering techniques of some type to gain control of internal company tools. Those tools allowed the hackers to gain access to the accounts, although Twitter has not specified how exactly this happened. In the aftermath of the account takeovers, which lasted for more than two hours, Twitter had to resort to extreme measures to mitigate the fallout, including disabling the ability for verified accounts to send new tweets and locking down all of the affected accounts and even some accounts that were not targeted by the hackers. The company is still working to restore access to locked accounts as of this afternoon. Motherboard reported yesterday that the hackers did not in fact breach any Twitter systems, but instead allegedly paid a Twitter employee to reset the email addresses associated with the affected accounts, thereby giving unauthorized access to the hackers who then tweeted out the cryptocurrency scam tweets. Twitter has not openly disputed this account of the event, but it is currently unclear how much, if any, of the story is an accurate representation of what happened. The company is still investigating and has not yet shared its full findings. The FBI opens investigation into Twitter attack over national security concerns
  18. Who’s Behind Wednesday’s Epic Twitter Hack? Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it. The first public signs of the intrusion came around 3 PM EDT, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Minutes after that, similar tweets went out from the accounts of other cryptocurrency exchanges, and from the Twitter accounts for democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos, President Barack Obama, Tesla CEO Elon Musk, former New York Mayor Michael Bloomberg and investment mogul Warren Buffett. While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet promoted by many of the hacked Twitter profiles shows that on July 15 the account processed 383 transactions and received almost 13 bitcoin on July 15 — or approximately USD $117,000. Twitter issued a statement saying it detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.” There are strong indications that this attack was perpetrated by individuals who’ve traditionally specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. People within the SIM swapping community are obsessed with hijacking so-called “OG” social media accounts. Short for “original gangster,” OG accounts typically are those with short account names (such as @B or @joe). Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground. In the days leading up to Wednesday’s attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers — a forum dedicated to account hijacking — a user named “Chaewon” advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece. The OGUsers forum user “Chaewon” taking requests to modify the email address tied to any twitter account. “This is NOT a method, you will be given a full refund if for any reason you aren’t given the email/@, however if it is revered/suspended I will not be held accountable,” Chaewon wrote in their sales thread, which was titled “Pulling email for any Twitter/Taking Requests.” Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including “@6.” That Twitter account was formerly owned by Adrian Lamo — the now-deceased “homeless hacker” perhaps best known for breaking into the New York Times’s network and for reporting Chelsea Manning‘s theft of classified documents. @6 is now controlled by Lamo’s longtime friend, a security researcher and phone phreaker who asked to be identified in this story only by his Twitter nickname, “Lucky225.” Lucky225 said that just before 2 p.m. EST on Wednesday, he received a password reset confirmation code via Google Voice for the @6 Twitter account. Lucky said he’d previously disabled SMS notifications as a means of receiving multi-factor codes from Twitter, opting instead to have one-time codes generated by a mobile authentication app. But because the attackers were able to change the email address tied to the @6 account and disable multi-factor authentication, the one-time authentication code was sent to both his Google Voice account and to the new email address added by the attackers. “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.” Lucky said he still hasn’t been able to review whether any tweets were sent from his account during the time it was hijacked because he still doesn’t have access to it (he has put together a breakdown of the entire episode at this Medium post). But around the same time @6 was hijacked, another OG account – @B — was swiped. Someone then began tweeting out pictures of Twitter’s internal tools panel showing the @B account. A screenshot of the hijacked OG Twitter account “@B,” shows the hijackers logged in to Twitter’s internal account tools interface. Twitter responded by removing any tweets across its platform that included screenshots of its internal tools, and in some cases temporarily suspended the ability of those accounts to tweet further. Another Twitter account — @shinji — also was tweeting out screenshots of Twitter’s internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying “follow @6,” referring to the account hijacked from Lucky225. The account “@shinji” tweeting a screenshot of Twitter’s internal tools interface. Cached copies of @Shinji’s tweets prior to Wednesday’s attack on Twitter are available here and here from the Internet Archive. Those caches show Shinji claims ownership of two OG accounts on Instagram — “j0e” and “dead.” KrebsOnSecurity heard from a source who works in security at one of the largest U.S.-based mobile carriers, who said the “j0e” and “dead” Instagram accounts are tied to a notorious SIM swapper who goes by the nickname “PlugWalkJoe.” Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists. Archived copies of the @Shinji account on twitter shows one of Joe’s OG Instagram accounts, “Dead.” Now look at the profile image in the other Archive.org index of the @shinji Twitter account (pictured below). It is the same image as the one included in the @Shinji screenshot above from Wednesday in which Joseph/@Shinji was tweeting out pictures of Twitter’s internal tools. Image: Archive.org This individual, the source said, was a key participant in a group of SIM swappers that adopted the nickname “ChucklingSquad,” and was thought to be behind the hijacking of Twitter CEO Jack Dorsey‘s Twitter account last year. As Wired.com recounted, @jack was hijacked after the attackers conducted a SIM swap attack against AT&T, the mobile provider for the phone number tied to Dorsey’s Twitter account. A tweet sent out from Twitter CEO Jack Dorsey’s account while it was hijacked shouted out to PlugWalkJoe and other Chuckling Squad members. The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, U.K. named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic. The mobile industry source said PlugWalkJoe was the subject of an investigation in which a female investigator was hired to strike up a conversation with PlugWalkJoe and convince him to agree to a video chat. The source further explained that a video which they recorded of that chat showed a distinctive swimming pool in the background. According to that same source, the pool pictured on PlugWalkJoe’s Instagram account (instagram.com/j0e) is the same one they saw in their video chat with him. If PlugWalkJoe was in fact pivotal to this Twitter compromise, it’s perhaps fitting that he was identified in part via social engineering. Maybe we should all be grateful the perpetrators of this attack on Twitter did not set their sights on more ambitious aims, such as disrupting an election or the stock market, or attempting to start a war by issuing false, inflammatory tweets from world leaders. Also, it seems clear that this Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers. This is a fast-moving story. Please stay tuned for further updates. KrebsOnSecurity would like to thank Unit 221B for their assistance in connecting some of the dots in this story. Who’s Behind Wednesday’s Epic Twitter Hack?
  19. Twitter is building a subscription platform codenamed Gryphon Three years ago, Twitter considered offering subscriptions for its social media dashboard, TweetDeck. That service would have provided news alerts and analytics to customers willing to pay for a monthly fee, but it didn't materialize. Now, the company appears to be carrying on with its subscription push, if a new job listing is any indication (via VentureBeat). Twitter posted a job opening on its career portal in search for a "Senior Full-stack Software Engineer" who will join its new team, codenamed Gryphon. The listing reveals that the group is developing a subscription platform that can be reused by other teams in the future. It consists of web engineers working with both the payments and Twitter.com teams. The full-stack engineer will be responsible for Gryphon's payment and subscription client work. The team will be distributed across different locations including London, San Francisco, Boston, and New York. The subscription model is seen as a part of Twitter's efforts to explore additional revenue streams beyond advertising, which primarily contributes to its income. It's not clear, though, how the micro-blogging site plans to implement the subscription platform and what services it will offer. Twitter is building a subscription platform codenamed Gryphon
  20. Google, Facebook, and Twitter halt government data requests after new Hong Kong security law The companies are reviewing a new security law that gives China power to stifle dissent Illustration by Alex Castro / The Verge Google, Facebook, and Twitter are pausing the processing of data requests from the Hong Kong government as they review a new security law that went into effect on July 1st. Google put its pause into place as soon as the law took effect last Wednesday. “[W]hen the law took effect, we paused production on any new data requests from Hong Kong authorities,” a Google spokesperson told The Verge in an email, “and we’ll continue to review the details of the new law,” the spokesperson said. Twitter also halted its handling of government requests as of July 1st, with Facebook announcing its pause on Monday, The New York Times reported. Social media platforms typically produce private user information in response to valid court orders, depending on the legal process in various countries. But under this new position, all the companies will, at least temporarily, ignore the requests coming from the government of Hong Kong. The new policies are in response to China’s new national security law in Hong Kong, which was first proposed in May. Hong Kong has traditionally enjoyed significant independence from mainland China, but the central Chinese government has tightened restrictions on speech in Hong Kong in recent months, bringing a gradual end to the “one country, two systems” principle. China’s push toward more control has led to widespread protests across Hong Kong, which began last year. In particular, the new security law gives China the power to limit political dissent against the Communist Party, making it unlawful to engage in “secession, subversion, organization and perpetration of terrorist activities, and collusion with a foreign country or with external elements to endanger national security.” Those powers are particularly relevant for social platforms, which may be hosting the now-criminalized subversive activities. Google, Facebook, and Twitter have both been banned in China for several years, part of the so-called “Great Firewall,” under which government censors and monitors track online activity. The new security law has already compelled several political opposition parties in Hong Kong to disband, NPR reported, and is expected to further chill political dissent against Beijing in Hong Kong. “We believe freedom of expression is a fundamental human right and support the right of people to express themselves without fear for their safety or other repercussions,” a Facebook spokesperson said in an email to The Verge. Twitter says it is reviewing the new law to assess the implications, adding many terms of the new law are “vague and without clear definition,” a spokesperson wrote in an email to The Verge. “Like many public interest organizations, civil society leaders and entities, and industry peers, we have grave concerns regarding both the developing process and the full intention of this law.” Facebook has a process for reviewing government requests, which takes into account its own policies and local laws as well as international human rights standards, the spokesperson added. “We are pausing the review of government requests for user data from Hong Kong pending further assessment of the National Security Law, including formal human rights due diligence and consultations with international human rights experts.” Facebook has offices in China and uses Chinese suppliers to manufacture some of its hardware, including its Oculus VR headsets and its Portal video chat devices. Facebook CEO Mark Zuckerberg has attempted to mend relations with China in the past, meeting with Communist Party leaders while in Beijing for an economic forum in 2016. More recently, he’s pushed concerns about China setting the terms for online engagement. “If another nation’s platform sets the rules,” Zuckerberg said last year, “our nation’s discourse could be defined by a completely different set of values.” Google, Facebook, and Twitter halt government data requests after new Hong Kong security law
  21. Tweetz is an open-source Twitter client for Windows Last week, we told you how to get the old Twitter interface back, using GoodTwitter 2. Before I came across it, I had been looking for extensions and other solutions. One of these was a Twitter client, called Tweetz. It's an an open-source program for windows, that you can use to view your timeline from your desktop. You cannot customize the location where Tweetz gets installed. When the program is run, you will see the following screen. It tells you click on the "Get Pin" button to authorize your account. Hit the button and a new tab should open in your browser. Login to Twitter and authorize the application. Here's the list of permissions it requires. It's pretty much standard for a Twitter client to have such options. Twitter will display a PIN that you'll need to enter in Tweetz. Paste it in the field that's available and click on the sign in button. Tweetz has a minimal interface with a dark theme. You can resize the window to make it larger or smaller. The navigation bar at the top of the window has five buttons. Clicking the Home button takes you to your timeline. The heart icon lists tweets that you've liked. The magnifying glass is the Search shortcut. Oddly, the "@ mentions" are located on the search page, so if you want to see tweets that you've been tagged in (replies from other users), you've to click on the @ button to fetch the mentions. It would've been better if it had its own shortcut on the nav bar. The gear cog icon is used to access the program's settings. You may hide images, profile pictures, extended content, your username in the title bar, tweets that contain sensitive content. Tweetz can be set to stay on top of other programs, start automatically with Windows, minimized to the system tray. Drag the font size slider towards the right to adjust the text size. There are 3 themes in Tweetz: Light, Nord and Dark. The application stores its settings in a text file. The settings page lists a few tips on how to control the program. Right-click (on any page) to scroll to the top, click on a timestamp to open the link in your browser, Ctrl + N to post a new tweet, etc. Speaking of, hit the tweet button in the top right corner to post a tweet. The + button in the tweet compose window can be used to add images (GIF, JPG, PNG, WEBP formats) or videos (MP4). You can use Tweetz to post Tweets, retweet, retweet with comment, reply to tweets, like tweets, and follow users from the timeline. The program automatically pauses the timeline when you scroll down, and allows you to read the currently loaded tweets. Mouse over a link to view the full URL, or over a profile picture or username to view the profile info. Click on an image to view a larger version of it, that opens in a pop-up window. It has 2 buttons that lets you copy the picture's URL or the image to clipboard. To return to your timeline, click on the image again. Tweetz can play twitter videos too, and uses a pop-up player for it. Its controls are similar to the built-in image viewer. No program is perfect. Let's discuss the flaws of the program. There is no way to manage your Twitter account from within the program. Tweetz does not support lists, which may not be a deal breaker for many, but as a user with customized lists I was disappointed. The biggest drawback however is that when you click on a Tweet, a timestamp or a profile, it doesn't open a pop-up window to display the content. Instead, it opens the link in your default browser. The program is written in .NET Core. A portable version of Tweetz is available, it's called the self-contained version. Note: This review is not based on the latest version that was released a few days ago. I used version 2.6.2 from about two weeks ago. The program displays a "Consider donating" Tweet from the developer from time to time. It is displayed even if you aren't following him on Twitter. Tweetz is impressive, but I would've liked it more if it opened Tweets and profile pages in its interface, rather than sending them to the web browser. If I were to rate it in a point system, it definitely gets extra points simply because it. does not use the "modern Twitter interface". Landing Page: https://github.com/mike-ward/tweetz/releases Tweetz is an open-source Twitter client for Windows
  22. Twitter terminates DDoSecrets, falsely claims it may infect visitors Permanent suspension comes for violations of rules against tweeting hacked materials. Enlarge Aurich Lawson / Getty 103 with 73 posters participating, including story author Four days after leak publisher DDoSecrets circulated private documents from more than 200 law enforcement agencies across the United States, Twitter has permanently suspended its account and falsely claimed that the site may infect users with malware. “Your account, DDoSecrets, has been suspended for violating the Twitter rules,” this email, which Twitter sent to the account holders, said. The message cited rules against “distribution of hacked material” and went on to say: We don’t permit the use of our services to directly distribute content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets. Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact our support team. BlueLeaks asks: Why us and not WikiLeaks? DDoSecrets describes itself as a “transparency collective, aimed at enabling the free transmission of data in the public interest.” On Friday, it published BlueLeaks, a 269-gigabyte trove of documents that KrebsOnSecurity reported was obtained through the hack of a Web development company that hosted documents on behalf of police departments. Some of the documents exposed police candidly discussing responses to demonstrations protesting what a Minnesota district attorney has charged was the murder of George Floyd, a Black man who died while handcuffed as a Minneapolis Police Department officer pressed a knee on his neck for nearly nine minutes. As of Tuesday, Derek Chauvin, who has since been fired, had not entered a plea. A Twitter spokesperson confirmed that the company had permanently suspended the DDoSecrets account for violating the social media site’s rules barring hacked materials. The spokesperson said the material (1) contained unredacted information that could put people at risk of real-world harm and (2) ran afoul of a policy that forbids the distribution of material that is obtained through technical breaches and hacks, as publishers of DDoSecrets claimed had been done. DDoSecrets co-founder Emma Best criticized the suspension and noted that the Twitter account for WikiLeaks remains active despite its publishing of vast troves of private information resulting from the 2016 hack of the Democratic National Committee and members of the Hillary Clinton campaign. WikiLeaks has also tweeted links to its Vault 7 series, which published details about closely guarded CIA hacking programs. Other accounts associated with the Anonymous hacking movement have also escaped suspensions. Twitter was also slow to suspend Guccifer 2.0 and the Dark Overlord, the monikers of two purported hackers, both of whom also published extensive amounts of personal information obtained through hacking and tweeted the links. “@DDoSecrets has worked with dozens of major news outlets across the world and published terabytes of data uncovering money laundering schemes, corruption, and more,” Best tweeted. “Now we're being censored for publishing the #BlueLeaks files about law enforcement.” Fearmongering Twitter users who clicked on tweeted links to the DDoSecrets.com site received a message from Twitter warning, with no evidence, that the site may install malware, steal passwords or other sensitive data, or collect personal data for purposes of sending spam. Enlarge This security check from Web security firm Sucuri found no malware on the site, although the firm did note that it was blocked by fellow security firm McAfee. Best said the only malware on the site are binary samples of malware such as the Stuxnet worm that infected Iran about a decade ago and attachments found in emails posted to the site. Best said that DDoSecrets critics have been falsely reporting to security firms that the site is malicious in an attempt to make the site unavailable to users of antivirus products. The Twitter spokesperson didn’t answer questions about the basis for the claims. The spokesperson also didn’t say what distinguished materials published by DDoSecrets from those published by WikiLeaks. McAfee representatives weren’t immediately available for comment. Best told Wired that prior to publishing BlueLeaks, DDoSecrets spent a week scrubbing about 50 gigabytes of material disclosing sensitive details about crime victims, children, unrelated private businesses, health care companies, and retired veterans’ associations. The co-founder conceded, however, that the team “probably missed things.” Critics have increasingly complained that Twitter’s rules for removing tweets and accounts it deems abusive or harmful are inconsistent. The social media site’s permanent suspension of DDoSecrets and its unsubstantiated warnings the site may engage in malicious behavior is only going to further those charges. Twitter terminates DDoSecrets, falsely claims it may infect visitors
  23. Twitter suffered a major data breach - but this is why you're probably safe Business customers' personal information was stored in their web browser's cache (Image credit: Shutterstock) Twitter has emailed its business customers to inform them that their personal information may have been compromised. As reported by The BBC, the social networking giant said that the billing information of some of its customers was stored inside their web browser's cache and that others could have possibly accessed their personal information. The exposed personal data includes email addresses, phone numbers and the last four digits of customers' credit card numbers. However, according to Twitter, there is no evidence that its customers' billing information was compromised. Twitter breach The breach affects Twitter's business customers who use its advertising and analytics platforms. At this time though, it is still unclear as to how many business have been affected. Twitter informed its users that it first became aware of the breach at the end of May after it disclosed a similar bug that led to Firefox storing files sent or received from direct messages and data archive files downloaded from a profile's settings page in its browser's cache. While unfortunate for the social network's business customers, it is not believed that any of Twitter's regular users were affected by the breach. Twitter suffered a major data breach - but this is why you're probably safe
  24. Cricket fans were welcomed with a shocking message a few hours ago when the largest fan-created Cricket video archive on Twitter was targeted. Rob Moody, whose videos generate hundreds of thousands of views every month, was told to remove all copyrighted videos or lose his Twitter account. This threat prompted public outrage and soon after Cricket Australia retracted its claims. Copyright infringement is frequently framed as something horrible, an evil that has to be rooted out. However, it’s also at the source of many creative expressions or just pure entertainment. In these cases, copyright enforcement can do more harm than good. An example of such a clash took place on Twitter yesterday, when superfan Rob Moody informed Twitter followers that his massive library of over 2,000 cricket clips was at risk. Several videos were targeted by takedown requests from Cricket Australia and, if Moody refused to remove all infringing content, his account would be suspended. Needless to say, Moody wasn’t pleased, something he made crystal clear. “So I’m told to delete every cricket video I’ve ever uploaded to Twitter, over the past 11 years….. You have to laugh really! Just suspend my account and be done with it, as if I’m going to go and find all 2000+ videos since 2009 and delete them.” A lot of cricket fans, including various prominent names, were equally shocked by the decision. The archive of cricket videos has been a source of entertainment for many and has amassed millions of views. New Zealand international James Neesham urged those responsible to “sort it out” and TV-personality Piers Morgan jumped in asked people to “rise up” in defense of the video archive. The big problem, of course, is that the copyright claims aren’t entirely unwarranted. Moody doesn’t own the rights to broadcast the clips via Twitter. This is something he’s well aware of. “It’s nice that people like watching the videos but reality is what I’m doing is wrong, and can’t last forever,” Moody replied when someone highlighted this angle. While many people had already started to get used to the idea that their favorite cricket video archive would be lost, Cricket Australia jumped in. The organization was indeed responsible for the looming purge, but it was quick to retract its claims. Apparently, they were sent in error. “Some good news: The copyright claims against @robelinda2 were made in error and have been retracted. The videos should be back up and running soon,” the organization tweeted. “We’ve got no plans to shut down Rob’s old gold and will follow up on the processes around this,” Cricket Australia added. So, after a few hours, the crisis was averted. Rob Moody can continue posting cricket clips and given the events that unfolded today, he doesn’t have to be worried that Cricket Australia will go after him in the near future. This doesn’t mean that others can’t be targeted for posting the same clips of course. However, the whole episode shows that copyright enforcement can sometimes do more harm than good. This is something rightsholders may want to keep in mind. Source
  25. Twitter starts rolling out audio tweets on iOS No word on when the feature will come to Android Twitter is rolling out the ability to record audio snippets and attach them to your tweets. The new feature is available first on iOS and launching today for “a limited group of people,” according to the company. “Sometimes 280 characters aren’t enough and some conversational nuances are lost in translation. So starting today, we’re testing a new feature that will add a more human touch to the way we use Twitter — your very own voice,” Twitter’s Maya Patterson and Rémy Bourgoin wrote in a blog post. If you’ve got access to it, you’ll see a new waveform icon beside the camera icon when composing a tweet. Tap that, and a red record button appears at the bottom of the screen, which you can tap to start recording your message. “Each voice tweet captures up to 140 seconds of audio. Have more to say? Keep talking. Once you reach the time limit for a tweet, a new voice tweet starts automatically to create a thread,” Twitter said. Audio can only be added to original tweets, according to this help page, so you can’t include them in replies or retweets with a comment. Another minor thing to note is that whatever your profile picture is when you record an audio clip will always be attached to that audio tweet. “Your current profile photo will be added as a static image on your audio attachment and will not refresh if you update your profile photo,” Twitter says. You can listen to audio tweets by hitting the play button. On iOS, Twitter says a dock will appear near the bottom of the app so you can listen to audio tweets and continue scrolling through your timeline. They’ll also keep playing in the background if you switch to another app. Audio tweets could pose new moderation challenges for Twitter, and it’s also important to remember the accessibility factor here. The Verge asked Twitter for more details on how it will make it easier for people who are deaf or hard-of-hearing to access these audio tweets. In an emailed response, a spokesperson said “this is an early test of audio for us and we’re still exploring the best ways to meet the needs of people with different abilities.” Update June 17th 2:25PM ET: The original article has been updated to include a comment regarding accessibility from Twitter. Twitter starts rolling out audio tweets on iOS
  • Create New...