It appears that Elon Musk was shockingly telling the truth about Twitter being under attack today. I say that because of this:
Using the hashtag #takedowntwitter (the site’s former name before Musk bought the platform in November 2022), a BlueSky user who goes by the name ‘Puck Arks’ posted that a pro-Palestinian hacker group known as the Dark Storm Team has laid claim to Monday morning’s interruptions.
“#DarkStorm has confirmed that the DDOS attack against Twitter will continue throughout the day as a protest against Musk and Trump,” they posted, stating the attacks are expected to last for at least another four hours.
Musk’s platform has been experiencing intermittent outages worldwide since about 6:00 a.m. Eastern Time, impacting roughly 40,000 users in the US at its 10:00 a.m. peak, and about 10,800 X users in the UK.
“Due to Elon Musks and Donald Trumps blatant fascism and lack of humanity we as a digital army for the people will continue our peaceful DDOS protests against X formerly known as Twitter. Thank you for your love and support, Puck Arks in said his third post addressing the outages.
So who is Dark Storm? Let me help you with that:
According to a cyber risk intelligence report by Security Scorecard from 2023, Dark Storm has been busy claiming attacks “on targets both inside Israel and out” focusing on taking down Israeli infrastructure and advertising its actions on its Teleram channel created in August 2023.
The group appears to follow a hacktivist playbook similar to the pro-Russian KillNet gang, which spent most of 2023 targeting victims with DDoS attacks in support of Ukraine, until it decided to commercialize its operations in favor of a hacker-for-hire model.
I would suspect that these attacks will be ongoing. And Elon will have to figure out how to deal with them. And this is on top of his other problems, like Tesla stock falling off a cliff, Tesla sales falling off a cliff, and protests outside Tesla stores. And I’m not even going cover his numerous personal problems with his “baby mammas” as that’s way too much drama. It truly seems that Elon has 99 problems at the moment. And his problems are likely to grow.
UPDATE: Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:
“X was having widespread operational issues for over 8 hours. Even if it’s due to a massive cyberattack, service interruption for over 8 hours is unacceptable for a major platform. It’s the longest outage of a major platform I can remember in my over 36 year career, and there have been a lot of multi-hour outages.
“Every major platform knows it’s a target and plans accordingly. Certainly, such a major controversial platform has to have been planning for this. So the question is, “What went wrong? What did they not expect? What didn’t operate as expected?” The answer can’t be, “Well, this was just such a massive unexpected attack our response couldn’t handle it!” Nope. The answer has to be something that shows a mistake or an entirely new attack method the world isn’t aware of. Because users of the platform (and I’m one) and investors want to understand that it won’t happen again. And this isn’t the first time X has had operational issues. This is the first time it wasn’t self-inflicted. But now that X has been hit and taken down for basically a full day. how can they reassure users and investors that it won’t happen again?”
Evan Dornbush, former NSA cybersecurity expert adds this:
“Cybersecurity is not a cost, it is an investment. Preventing breaches, DDoS attacks, and other business impacts is more cost-effective than dealing with the inevitable, highly public, aftermath of one.
“In this volatile employment market, there’s no shortage of highly talented and respected engineers who can help.”
UPDATE #2: Chris Hauk, Consumer Privacy Champion at Pixel Privacy, has provided the following comment:
“Small scale denial of service attacks like this are generally conducted by minor groups of hackers, as it is easier than ever to create a botnet for attacks like this. While the attacks may indeed be due to Musk’s recent actions, attacks on this scale generally do not come from major players, who do things on a much larger scale.”
Allstate Sued by NY Over Data Breach And Security Lapses
Posted in Commentary with tags Hacked, Lawsuit on March 10, 2025 by itnerdNew York state sued Allstate accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and lacking reasonable safeguards to protect drivers’ private information. From Reuters:
The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan.
James said National General’s poor data security led to back-to-back breaches in 2020 and 2021, when hackers targeting its online auto insurance quoting tools accessed license numbers of more than 165,000 New Yorkers and 199,000 people overall.
National General allegedly did not notify drivers or New York state agencies about the first breach, which occurred between August and November 2020, and needed three months to uncover the much larger second breach in January 2021.
James said National General violated the state’s Stop Hacks and Improve Electronic Data Security Act for failing to protect customer information, and violated state consumer protection laws by misleading customers about its data security practices.
The lawsuit seeks civil fines of $5,000 per violation, plus other remedies.
“National General’s weak cybersecurity emboldened hackers to steal New Yorkers’ personal data, not once but twice,” James said. “It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft.”
Erich Kron, security awareness advocate at cybersecurity company KnowBe4, commented:
“As organizations gather more and more information about individuals, the risk of data breaches continues to grow. For many people it feels as if every week contains some sort of news about a significant data breach, and in many cases these people are getting a bit of breach fatigue. Unfortunately, it seems that the amount of data around each person that is being lost in these breaches continues to grow, so it’s no longer just a name, address, and maybe a credit card number or phone number, but now a lot more personal information is included.
“Insurance organizations are well known for collecting and using credit information to influence rates, and to check credit they need to collect some rather sensitive data such as Social Security numbers. In addition, insurers are asking customers to install telemetry devices in their vehicles, or through their phone apps, to track their location, speed, time of driving, braking and acceleration data, and a laundry list of other bits of data that most people would probably prefer remains private.
“Given the amount of information collected, it is extremely discouraging to see organizations try to cover up breaches or fail to notify victims of breaches in a timely manner. By failing to notify the victims, bad actors can use the stolen data against the customers in a number of ways. One easy way a bad actor could use this against a customer is to contact them while pretending to be from the insurance company, then convincing them that they need to pay a bill, or that their bill has gone up due to their driving behaviors. If the scammer can reference a time and date when that person was actually driving the vehicle, it could have the effect of convincing the victim that this really is the insurance company contacting them, and that they need to pay this additional fee or have their insurance dropped.
“While we still seem to concern ourselves when Social Security numbers and other information like that is stolen, organizations seem not to value this other information in the same way, however it can be used against their customers easily. When a data breach occurs, organizations should contact the victims whose data has been stolen and provide them advice in a timely and actionable way. If
I have one word to say on this.
Good!
The thing is that some companies will only take cybersecurity seriously if the financial penalties and reputational damage are greater than covering up an incident. This is something that is proven to work in the EU. And it’s about time that that this approach is seen here in North America.
Leave a comment »