undefined | Better HN

0 pointsjgbond5y ago0 comments

I’m guessing DMs were the real loot. The public display with the BTC diversion validates any DMs that were stolen. Otherwise blackmail targets could deny them.

0 comments

xvector5y ago

These are publicly managed Twitter accounts, they probably don't have any DMs of substance.

parsimo20105y ago

I'll bet that Bill Gates doesn't have much on his Twitter, but I'll also bet Elon Musk has some crazy DMs.

CamperBob25y ago

Then again, the market for crazy is pretty saturated these days. Hard to see how to monetize it, at least in Musk's case.

1 more reply

nullc5y ago

They potentially had access to any account they wanted. You don't know that they weren't snarfing DMs on interesting accounts while having the celeb accounts panhandle for bitcoin after.

dx0345y ago

Is Musks account really publicly managed? He probably has an agency helping him but I doubt he'd use another account for DMs.

Breza5y ago

You'd be surprised. Some celebrities might engage in salacious activities via DM but even the most boring corporation can have lots of customer information in support chats.

reilly30005y ago

I think that's the case. No prominent Republicans were targeted. See: Watergate, Wikileaks DNC emails. Same shit.

dx0345y ago

Or they were but it was kept secret. Twitter hasn't published a list, we only know of the BTC tweets. Maybe they actually were after other accounts' DMs and the tweets are just diversion to make it seem like an undirected attack.

Unless we hear from account holders that their credentials weren't stolen, there's no reason to believe that only those were hacked that sent tweets.

zspade5y ago

Except that is all the evidence we have to go on for this conversation. Verified fake tweets have been sent from prominent democrats, and not from any prominent republicans.

Of course you're right that we don't know is if this is political, or just a distraction from whatever their real goal is / was. But the optics are clear here, and there is no reason to muddy the waters.

cj5y ago

If DMs were the real loot, they wouldn’t have exposed the hack by tweeting on the account.

nickff5y ago

If DMs were the real loot, the tweets were a "proof of work" (to show the accounts had really been owned).

You can prove you have 'blackmail materials' just by proving you own the bitcoin wallet.

dx0345y ago

They needed to reset credentials so this could've never been a stealth attack. By making it public, any later leak of DMs is much more likely to be accepted as authentic. Without that, most people would've doubted the authenticity of leaked material.

Breza5y ago

Precisely. And who's to say which leaked DMs are real and which ones are faked? If you're interested in this kind of stuff, I recommend the book Active Measures.

Mountain_Skies5y ago

Perhaps it is a form of proof that they actually have access to the accounts and thus the DMs. Just posting claimed DMs that can be deleted and denied has a lower probability of being believed.

benlumen5y ago

Data theft like that is normally silently dumped after the breach occurs and anyone knows what happened.

This looks more like data injection somewhere. Perhaps an old API exploit. You used to be able to send an SMS to tweet, for example.

Nextgrid5y ago

Kill 2 birds with one stone? Once you stole the data why not double-dip and make extra money by pulling a scam?

vlz5y ago

What does "DM" mean in that context?

(Went to wikipedia, but their suggestions like Death Metal and Dance marathon are probably not it ;) https://en.wikipedia.org/wiki/DM )

q-base5y ago

Direct messages - so private messages to and from

ben1745y ago

Interesting theory, but then why would they include Apple? Among others in the list, they’re almost guaranteed to be of no value and only increase the risk.

axaxs5y ago

Interesting theory, but this widespread hack pretty much gives most people plausible deniability in my opinion.

canjobear5y ago

Blackmail targets could still deny them.

j / k navigate · click thread line to collapse

0 comments

xvector5y ago

These are publicly managed Twitter accounts, they probably don't have any DMs of substance.

parsimo20105y ago

I'll bet that Bill Gates doesn't have much on his Twitter, but I'll also bet Elon Musk has some crazy DMs.

CamperBob25y ago

Then again, the market for crazy is pretty saturated these days. Hard to see how to monetize it, at least in Musk's case.

1 more reply

nullc5y ago

They potentially had access to any account they wanted. You don't know that they weren't snarfing DMs on interesting accounts while having the celeb accounts panhandle for bitcoin after.

dx0345y ago

Is Musks account really publicly managed? He probably has an agency helping him but I doubt he'd use another account for DMs.

Breza5y ago

You'd be surprised. Some celebrities might engage in salacious activities via DM but even the most boring corporation can have lots of customer information in support chats.

reilly30005y ago

I think that's the case. No prominent Republicans were targeted. See: Watergate, Wikileaks DNC emails. Same shit.

dx0345y ago

Unless we hear from account holders that their credentials weren't stolen, there's no reason to believe that only those were hacked that sent tweets.

zspade5y ago

Except that is all the evidence we have to go on for this conversation. Verified fake tweets have been sent from prominent democrats, and not from any prominent republicans.

cj5y ago

If DMs were the real loot, they wouldn’t have exposed the hack by tweeting on the account.

nickff5y ago

If DMs were the real loot, the tweets were a "proof of work" (to show the accounts had really been owned).

You can prove you have 'blackmail materials' just by proving you own the bitcoin wallet.

dx0345y ago

Breza5y ago

Precisely. And who's to say which leaked DMs are real and which ones are faked? If you're interested in this kind of stuff, I recommend the book Active Measures.

Mountain_Skies5y ago

Perhaps it is a form of proof that they actually have access to the accounts and thus the DMs. Just posting claimed DMs that can be deleted and denied has a lower probability of being believed.

benlumen5y ago

Data theft like that is normally silently dumped after the breach occurs and anyone knows what happened.

This looks more like data injection somewhere. Perhaps an old API exploit. You used to be able to send an SMS to tweet, for example.

Nextgrid5y ago

Kill 2 birds with one stone? Once you stole the data why not double-dip and make extra money by pulling a scam?

vlz5y ago

What does "DM" mean in that context?

(Went to wikipedia, but their suggestions like Death Metal and Dance marathon are probably not it ;) https://en.wikipedia.org/wiki/DM )

q-base5y ago

Direct messages - so private messages to and from

ben1745y ago

Interesting theory, but then why would they include Apple? Among others in the list, they’re almost guaranteed to be of no value and only increase the risk.

axaxs5y ago

Interesting theory, but this widespread hack pretty much gives most people plausible deniability in my opinion.

canjobear5y ago

Blackmail targets could still deny them.

j / k navigate · click thread line to collapse