Attackers had full access—a nightmare security scenario that would be any nation-state hacker's dream. Instead, the assault was simply part of a bitcoin scam that ended up netting about $120,000. In all, the scammers targeted 130 accounts and took control of 45. In a mad scramble to contain the situation, Twitter temporarily froze all verified accounts, blocking their ability to tweet or reset the account password. Some of the lockdowns lasted hours.
Subsequent investigation revealed that the attackers had called Twitter's customer service and tech support lines and tricked reps into accessing a phishing site to harvest their special backend Twitter credentials, including username, password, and multifactor authentication codes. Then the attackers were able to use their access to these support accounts to reset the passwords on target user accounts. At the end of July, three suspects were arrested and charged with committing the hack, including 17-year-old Graham Ivan Clark of Tampa, Florida, who allegedly led the digital assault. In the wake of the breach, Twitter says it launched a major effort to overhaul its employee access controls, particularly with November's US presidential election looming.
On Juneteenth, the leak-focused activist group Distributed Denial of Secrets published a 269-gigabyte trove of United States law enforcement information, including emails, intelligence documents, audio, and video files. DDOSecrets said the data came from a source claiming to be part of the ephemeral hacking collective Anonymous. Published in the wake of George Floyd's murder, the dump of more than a million files included documents and internal police communications about law enforcement initiatives to identify and track protesters and share intelligence about movements like Antifa. A lot of the ..
Support the originator by clicking the read the rest link below.
