Topic: [2020-08-01] How the FBI tracked down the Twitter hackers - page 2. (Read 342 times)

I was really amazed at how these kids able to do the hacking using some social engineering methods but in the end, such a good laugh for how one of them used the same email address to register on a centralized exchange and they used on their illegal activity. By their move, they even don't know that such a bitcoin mixer exists.

Exactly. If you think unchecking a few boxes or changing a few options in Google's or Facebook's settings pages is doing anything meaningful you are kidding yourself. Your data is being harvested, aggregated, stored, transferred, shared, and sold by these companies, and often also leaked or hacked, regardless of what settings you have chosen. The only way to maintain privacy is to stop using them. I'm particularly glad I grew up and developed some sense long before any social media existed. It's a shame for the kids of today, who by the time they realize how important their privacy is, already have their lives splashed across every corner of the internet.

It's the same everywhere. I have around 10 different software packages I use regularly at work, and they all require a mandatory password change every month. We are not allowed to use a password manager or a physical device such as a USB. What this means is that everyone either uses the same password for everything and simply changes a single digit on the end each month or appends the first three letters of the month, or they write all their passwords down in a notebook or similar which they carry around with them, since we are logging in and using PCs across the whole hospital every day. You point out to the IT department how terrible this is for security, but they don't listen.

The only way not to expose your privacy is not to use such social platforms at all - because most of hacked accounts had maximum security settings (if 2FA can be called that), but some not-so-intelligent kids out there played tricks on them. And while the world is now having fun with how the FBI and others have caught hackers, no one is asking how it is possible for Twitter to hire people who have no idea what they are doing?

Hackers are successful because they are allowed to do so by people who are obviously not experts in security issues - but such people come at a price, which leads us to conclude that some large companies would rather hire 5 average experts than one top expert.

True. When a careless 17 year old manages to break in to a huge tech company like Twitter, it goes to show just how lax their security practices are. We often see hacks and breaches of crypto companies being made a big deal of on this forum - Ledger's data breach, Binance's data breach, various exchanges and web wallets being hacked for funds, lists of email addresses from ICOs and airdrops being sold, and so on. What a lot of people forget is that such data breaches are commonplace throughout the entire internet, and that even massive tech companies often have terrible security. Google stored passwords in plain text for 14 years. 50 million Facebook accounts were compromised in 2018. Just today an unpatchable exploit to Apple's Secure Enclave has been revealed, meaning an attacker can potentially decrypt and steal all your information and data.

This is why it is so important that people take their privacy and security seriously.

It seems Twitter only picked up on it after they flooded many famous accounts with their bitcoin scam. Given that, it could have been much worse. They could have read or sent private messages to and from world leaders, or tweeted as various CEOs. Remember how much TSLA stock fell when Musk tweeted he thought it was overpriced?

Also wonder why they made this public. Its not good. The story says the two hacker are just hiredt it would appear they can bargain they way out.

Its still entertaining to think how they made the popular users look funny especially targeting Bill Gates and Justin Sun, but it got awful when they used it to scam. 
Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them. I mean if those can do this then what about hardcore hackers but also those mistakes will make other newbie hackers learn from it and be more careful, so it will get harder to spot them...

Lol, these kids weren't smart.

They used the same email addresses to hijack twitter accounts as they used to create Coinbase accounts, which they then verified by uploading copies of their driver's licenses. They also linked addresses from said Coinbase accounts to their OGUsers and Discord aliases, and logged in to all the services via the same IP addresses. Obviously, Coinbase handed over everything to law enforcement, including names, addresses, emails, dates of birth, copies of KYC documents, addresses, and transaction histories.

People need to learn that anything that touches a centralized exchange is immediately and completely de-anonymized, linked to your real life identity, and shared with dozens of third parties.

A timeline of the Twitter hack composed from court documents published today.
After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers.

The article below uses data from three indictments published today by the DOJ against:

Mason Sheppard, aka "Chaewon," 19, of Bognor Regis, in the United Kingdom [indictment].
Nima Fazeli, aka "Rolex," 22, of Orlando, Florida [indictment].
Graham Ivan Clark, believed to be "Kirk," 17 of Tampa, Florida [indictment, courtesy of Motherboard]....
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/