Archive for Twitter

BREAKING: Florida Teen Busted For Epic Twitter Hack [UPDATE: Three Charged]

Posted in Commentary with tags on July 31, 2020 by itnerd

Today is the day for breaking news. ABC News is reporting that a Florida teen has been arrested in relation to the epic Twitter hack from earlier this month:

The 17-year-old Tampa resident, who was arrested Friday, was hit with 30 felony charges in connection with the hack, according to Hillsborough State Attorney Andrew Warren.

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.” 

The Florida teen was the “mastermind” of the hack, according to a statement from Warren’s office.

That kind of implies that other arrests are coming or perhaps have already been made. Either way, this is huge. Expect more news to come shortly.

UPDATE: Here’s more. A Justice Department release has three people charged in connection to this hack. We only know of one that was arrested (the 17 y/o) in Florida. So I have to assume that the other two are still outstanding.

BREAKING: Several High Profile Twitter Accounts Have Been Hijacked To Tweet Bitcoin Scams

Posted in Commentary with tags , on July 15, 2020 by itnerd

Happening now is the apparent hijacking of numerous high profile Twitter accounts to promote Bitcoin scams including Apple’s Twitter account as well as the Twitter accounts of Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Microsoft CEO Bill Gates, and others. Given the number of high profile accounts that have been breached, the hack may have originated from a Twitter security vulnerability or a security vulnerability of an app that speaks to Twitter like TweetDeck or Hootsuite or something of that sort. But that isn’t clear at present. But here is what is known at present:

It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.

This is serious and it appears that Twitter is investigating and we should have more details soon. But this is likely a good reminder that you need to make sure that your Twitter accounts are secure so that you don’t become a victim of something like this. Twitter itself has some tips on this.

UPDATE: The list of people who have been pwned is growing:

UPDATE #2: Twitter has taken the step of stopping anyone with a verified account from tweeting:

I think this points towards a hack of Twitter at this point. Though I am open to hear alternative explanations for this incident.

UPDATE #3: Most verified Twitter accounts are now once again able to tweet. Twitter is still working on fully fixing the issue:

UPDATE #4: Jack Dorsey who is Twitter’s CEO has commented….. Via Twitter:

This pretty much confirms that Twitter got pwned.

Twitter Is “Strongly Encouraging” Employees To Work From Home Due To Covid-19

Posted in Commentary with tags on March 3, 2020 by itnerd

Twitter is “strongly encouraging” its almost 5,000 global employees to work from home due to concerns over the spread of the Covid-19 coronavirus, the company said Monday.

The social media company made the suggestion as part of a blog update one day after it suspended all non-critical travel for workers, including pulling out of the South by Southwest conference scheduled for later this month in Austin, Texas. Twitter says it’s mandatory for employees in Hong Kong, Japan and South Korea to work from home, but that other offices will remain open for those who choose or need to come in. “We are working to make sure internal meetings, all hands, and other important tasks are optimized for remote participation,” the company wrote on its blog. Twitter’s policy on working from home is a step beyond what most companies in the U.S. are doing as the virus spreads.

This is a sensible approach. But it will only work if companies have the tech in place to pull this off. I am talking about things like VPN access, virtual meeting software, and the like. And it will only work if users are trained on how these things work so that IT helpdesks are not flooded with calls from remote users that didn’t get the training that they need. Thus I would suggest that if you are a company that is considering something like this, you might want to start getting your ducks in a row so that there are no surprises once you roll it out.

Twitter’s Ban On Political Ads Has Just Put Facebook Into A Bad Position

Posted in Commentary with tags , on October 31, 2019 by itnerd

 

Yesterday, via a Tweet, the CEO of Twitter Jack Dorsey said this:

If you click on the Tweet above, which I encourage you to do, you will see a long thread spelling out the reasons why Twitter is banning political ads. But in short, he explained that the company felt that the spread of opinion should be earned, not bought. And with both the UK and USA preparing for elections, I am certain the timing is no accident. Neither is the fact that the full rules are yet to be finalized but will be made available on or before November 15th. The new policy goes into effect on November 22nd. Which is right before the UK elections in December. And long before the US elections a year from now.

Now this move is guaranteed to do two things. First it is sure to take Twitter off the radar screens of many governments and politicians worldwide because it’s done something to address the issue of political ads and the damage they can do. But it also now puts the spotlight onto Facebook who makes tons of cash from political advertising and has proven that they don’t manage political ads very well. Mark Zuckerberg and his team at Facebook are sure to feel the heat from all sides who will see them as being bad actors when it comes to this issue as they are refusing to do anything because Facebook sees this as a free speech issue. The problem is that whether this is a free speech issue or not, the perception that already exists is that Facebook is on the wrong side of this issue and the decision taken by Twitter is only going to solidify that perception. Which means that Facebook now has a choice. They can continue down the road of the status quo which is going to make this an a continuing issue for them and embolden the #DeleteFacebook crowd. Or they can copy Twitter and ban political ads which would be certain to upset some people. An example of this can be found here as the Trump campaign has reacted negatively to the Twitter political ad ban. Whichever way they choose to go, one thing is certain. Twitter’s decision to ban political ads is going to make life very, very bad for Facebook.

 

Trend Micro Study Reveals Criminal Abuses Of Twitter

Posted in Commentary with tags on July 30, 2019 by itnerd

Trend Micro Incorporated today announced a new study revealing how cybercriminals are abusing Twitter via tech support scams, command-and-control (C&C) operations and data exfiltration.

Trend Micro researchers analyzed a large volume of Twitter data to identify relationships between various entities to spot anomalies and uncover key insights.

Criminals were found using fake Twitter accounts to spoof those of legitimate vendors for credible tech support scams. Users call the fake phone number provided, believing they are speaking with the intended company’s help desk, which results in the caller either sharing credit card information or installing malicious content on their computer.

This is often part of a multi-platform strategy along with YouTube, Facebook, Telegram and other channels to improve SEO for fake tech support websites linked to the Twitter accounts, boosting their search rankings.

While criminals are using the social network for bad, threat researchers can leverage the power of social media for good. Most notably, Twitter is used for monitoring vulnerability disclosures to inform patch prioritization, and scanning for indicators of compromise, threat detection rules, and other contextual information to boost threat intelligence.

Trend Micro recommends users confirm the validity of a Twitter account by checking the company’s website directly, rather than through the account. It is also important for security teams to validate Twitter data when leveraging it for investigations or threat intelligence.

To read the full report, please visit:  https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hunting-threats-on-twitter.

 

Twitter Is Down…. Whatever Will The Planet Do? [UPDATE: Fixed]

Posted in Commentary with tags on July 11, 2019 by itnerd

It seems that Twitter is down globally as users who are trying to log on aren’t having much luck. What appears is a message saying “Something is technically wrong.” This is confirmed by Downdetector and Twitter’s status page. There’s currently no time to resolution as of yet. But when it’s resolved, I’ll post an update.

UPDATE: This issue is now resolved.

 

 

Twitter Flaw On iOS Allows Leaking Of Location Data To Third Parties

Posted in Commentary with tags on May 14, 2019 by itnerd

Twitter has announced some iOS users saw their location data leaked to one of their third-party partners under some very specific circumstances:

Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.

Separately, we had intended to remove location data from the fields sent to a trusted partner during an advertising process known as real-time bidding. This removal of location did not happen as planned. However, we had implemented technical measures to “fuzz” the data shared so that it was no more precise than zip code or city (5km squared). This location data could not be used to determine an address or to map your precise movements. The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter. This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner.    

We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process. 

Twitter has since fixed the issue, and all is as it should be with the universe. But I think that for companies that seem to consistently make these types of mistakes, there should be consequences. As in something more than bad PR. That would force them to up their game and keep your data safe.

 

Twitter Fixes Bug That Exposed Android Users Private Tweets….. AFTER FIVE YEARS

Posted in Commentary with tags on January 18, 2019 by itnerd

Twitter really has to tighten things up as they’ve fixed a five year old bug that exposed the private tweets of Android users. Twitter has let affected users know and is really sorry for this. They also say that they can’t be sure that they have pinged everyone who has been affected. So Android users should review their privacy settings to ensure that their ‘Protect your Tweets’ setting reflects their preferences. But seriously. having a bug that flew under the radar for five years is kind of bad. It’s got be embarrassing if you’re Twitter.

Happy Friday!

Twitter Claims To Have Fixed A Security Hole….. But It Actually Didn’t

Posted in Commentary with tags on December 31, 2018 by itnerd

The fine folks over at Gizmodo have an eye opening story that goes like this. Security researchers from Insinia Security discovered a hole on the Twitter platform that could allow a miscreant to post unauthorized tweets. They disclosed this to Twitter, and the social media company claimed to have fixed the problem. But when the researchers sanity checked the fix, they discovered it wasn’t fixed:

During a private chat with Gizmodo, however, the hackers appeared to reproduce their experiment, forcing an account belonging to the head of a London-based financial technology company to retweet a tweet from the BBC. Insinia said it verified the flaw remained using “a number of accounts.”

Twitter claims it is investigating this, but this seems like one hell of a screw up. Or worse, Twitter might have been hoping that nobody checked their work. Too bad for them that someone was smart enough to.

Take home message. If you say something is fixed. You should make sure that it is fixed or someone will call you on it.

Twitter Says Change Your Password After “bug” Exposes Passwords

Posted in Commentary with tags on May 3, 2018 by itnerd

Twitter is suggesting that all Twitter users update their passwords following a “bug” that exposed some passwords in plaintext on its internal networ:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

That’s a bit of a #fail. The only saving grace is that these passwords were exposed internally. Thus the risk level SHOULD be low. But you should change your password just in case because these days you never know.