You are right, what did we just read? Imagine reading this 50 years from today. Once upon a time, there used to be stories like the sinking of the Titanic, now there are mentions of "lol" and "Kirk".
> The Times was initially put in touch with the hackers by a security researcher in California, Haseeb Awan, who was communicating with them because, he said, a number of them had previously targeted him and a Bitcoin-related company he once owned. They also unsuccessfully targeted his current company...
I'm not sure what you mean. The story continues after that point. Maybe you hit the paywall?
The exchange was on the communication method of their choosing, right? As long as they accessed Discord via secure methods, there is no need for trust in anything but your own aptitude.
Just the information in article is valuable in helping track them down. The number of people involved, their communication platform of choice, and the age, gender, location of the participants. Assuming it’s all true, of course. It also sounds like the journalist corroborated some of the hackers’ claims by confirming non-public information about the hacks with law enforcement. That’s particularly valuable to law enforcement. It verifies some of their findings for them.
We're at the point where the NYT is doxxing random bloggers. I don't think this is a good time to be relying on journalistic integrity for your safety.
Pretty sure Discord already has processes in place for dealing with legal processes. A few crackers isn’t going to increase their workload which is likely reporting on dozens of child abuse, sexual abuse, stalking and harassment cases a month.
By the story, it wasn't the person who actually ran the exploit ("Kirk") who talked, it was other people in their Discord. Also, the hackers / social engineers in this OGUsers scene have a long history of talking / bragging to journalists. If you haven't heard ReplyAll's "The Snapchat Thief" on this scene, it is a great listen: https://gimletmedia.com/shows/reply-all/v4he6k
So either this Kirk worked at Twitter and went insane or he’s lying and gained access through a third party. Should be easy for the FBI to track him from Discord.
Tor + VPN makes it very difficult. You have a lot of faith in the government. They usually just go for hackers who make research papers publicly available using school and library computers.
Read the biography of Ulbricht "American Kingpin". The author does a good job of breaking down the sequence of really stupid things that the Silk Road founder did to expose himself over time. None of them had much of anything to do with the failures of anonymity technologies like TOR. Also, as another response here mentions, ordering fake IDs online to his own home address is exceptionally fucking stupid.
Just grabbing the traffic from the exit node doesn't allow you to find out who is sending the traffic, unless the traffic itself has something that can be linked to the source. That's the magic of the layers in the network.
There are certainly some other kinds of attacks that could deanonymize this who are using tor, but the attacker needs to have control of a big percentage of the network, and I actually hope other state actors run enough nodes to make this non viable.
“narion-state” is frequently used to denote independently and supremely sovereign participants in the Westphalian system, the principal actors in and subjects of modern international law, to distinguish from other uses of the term “state” alone, which can also refer to subordinate political entities (such a those within the USA or México.) “Soveriegn state” has a similar problem to “state” alone (US states are described as “sovereign”, as well.) “Westphalian state” would probably be somewhat more clear than “nation-state”, but the use is so well established that I don't imagine it changing.
>>... not the work of a nation-state or hacker group...
Quite concerning, a Twitter got really lucky that it was a mere scammer.
Every serious hacker group & adversarial nation-state has just learned a huge amount about Twitter internals, and their weak security.
If Twitter fails to implement far more stringent controls (and yes those are a pain in the neck, expensive and inconvenient), they are 100% sure to be used for serious provocations.
At the very least, Admin access to blue check accounts should require simultaneous triple access codes from admins who don't work together.
As a reference point for what real security looks like: when I worked at IBM, I met a guy who had figured out how four people in different offices could conspire to get $10MM transferred to an offshore acct, and reported it. He was promoted up two levels for that insight (&the loophole was fixed).
That would take 4 people conspiring, probably twice that after the fix.
Meanwhile, a single Twitter admin can post ANYTHING from accounts of people who can launch nuclear weapons.
Sure, it's all fun and games until someone wants to play Global Thermonuclear War - and can.
>>Meanwhile, a single Twitter admin can post ANYTHING from accounts of people who can launch nuclear weapons.
Sorry but if our global security come down to twitter than we have far bigger problems than twitter adding some security layers to their admin interface
Sure, a blatantly outrageous tweet would be caught
But with that kind of admin access to many accounts, it would be straightforward to spread a LOT of chaos from a number of compromised accounts with a series of plausible tweets. The rate things move, it could get out of hand, and a lot of people killed before it got sorted.
Especially true for experts at provokatsiya (provocation) & dezinformatsiya (disinformation) as the RUS FSB & GRU.
And yes, we do have bigger problems than Twitter's absymal security (start w/FBs, which was hacked to hack multiple elections), but to act as if the capability to make comments from a verified world leader accounts is irrelevant is, to be polite, foolish beyond belief.
People are incredibly creative and we should consider that there are any number of incentive ways such as access could be used for attacks.
Nevertheless, Twitter is a blip within the vast organizational structures that the world functions on. There is a huge amount of inertia there as well.
Throwing around words like thermo-nuclear war is more than a bit shrill.
There is another factor here as well - it's the same mistake you and many others make with the idea that Facebook was used to "hack an election". There is no evidence at all that opinion forming through Facebook is of any significant importance relative to Fox News, media making a big deal out of a private email servers, SuperPACs (those used to be big election influence scare of the olden days - now they are irrelevant and dwarved by Facebook). Also, people have agency and they share their believes with each other.
Which is all the say - when parent says "we'd have other problems if a Twitter hack brings down world government" then that is exactly that. If a 1000 other things must go wrong to cause a war with a false tweet, don't blame Twitter for that war.
Not any more. The US has had for several years a person occupying the Presidents chair who makes major policy announcements first via Twitter, from abrogating treaties, to immigration policy, issuing pardons/commutations for friends, etc. These pronouncements often surprise even his closest senior staff, and are expected to be acted upon
This is a far cry from the original trivial "look at these beautiful scallions I had on my breakfast plate!"
The platform needs to be treated with the appropriate seriousness.
Sure " thermo-nuclear war" is at the far end of the scale. Hacks using Twitter or other SocMed would likely be lower on the scale.
But it is definitely true that with control of all and any verified accounts, including Presidents, commanders, military commands, news outlets, etc., one could craft a series of messages that would at the very least create widespread deadly panic in minutes, if not start an actual war (Go look up the results of Orson Welles's "War of the Worlds" broadcast.).
The problem is that with the right attack, a lot of things going right WILL cause major problems. The entire point is that it would not require 1000 other things to also go wrong.
As to Facebook, there is more than plenty of evidence that it successfully influenced the election. Not primarily through forming major opinions as through Fox, etc., but by targeting specific demographics down to the individual level (using data stolen from other channels including voting rolls) with tuned messages to generate a specific response, and more on the side of suppressing or diverting voter turnout for HRC than generating it for DT. It took only a few 10K votes in 3 states.
These technologies are far beyond mere juvenile startup toys. Their scale, influence, and valuation show how much power they wield. We need to hold them to levels of responsibility commensurate with that power, not continue to make excuses as if they were children's toys.
The Russian words are a way to briefly emphasize the fact that it's not a mere concept but developed organizational skill-sets and practices used in asymmetric warfare, the parenthesized English translation for ease of reading.
The really funny thing would have been to send a single, incendiary but not obviously fake message from the account of someone whose tweets often cross the line of acceptability. I am thinking of Trump or Elon Musk.
For example, a tweet by Musk saying that he's seriously considering leaving Tesla "because it's not going in the right direction".
Of course the tweet would be denied and deleted soon after, but who's gonna believe entirely that it was a hack, given Musk's history and a single tweet? It's "Inception", by tweet.
Now imagine what you could do with Trump's account.
Especially if you post it in the middle of a gibberish tweet storm.
Imagine immediately following the “going private... funding secured tweets” if a malicious actor wrote something about Saudi funding, or cashing out of it’s rejected. It’d be much hard to separate fact from fiction when the baseline is already crazy sounding.
Yup, then consider using access to other accounts as reinforcement; e.g., in this example, a corresponding Saudi account posting apparently corroborating messages.
Or, in a high-tension war scenario, not only posting tweets from POTUS, and adversary accounts, but also from varios mil commands and news organizations - think creating the entire scenario of Orson Well's War Of The Worlds broadcast...
Might not start a war (we can hope there are enough safeguards in place), but it could cause a lot of damage in a few minutes/hours...
> consider using access to other accounts as reinforcement
But then you gain in immediate effect but all those accounts will immediately say that they have been hacked. And since it's many uncoordinated and adversary accounts, people will have less trouble believing in a hack.
While if you do it with a single tweet, the suspicion it was in fact authentic will linger.
Yup, all depends on the plan, goals, expected counter-measures, how those are handled, etc. With a larger plan, would likely have to suppress other channels to get word out, preemptively spreading disinformation, exploiting time zone differences, etc...
startups founded by young ppl add features so fast and are encouraged by Angels/VCs to move fast?
Compare that to 'grown-up' companies where things like auditability and common sense prevail?
What we're seeing at Twitter now is something that pretty much every single SV startup is prone to.
Don't waste time thinking deeply about the problems and systems - just bang out features the product people think up as fast as possible.
There was nothing sophisticated about this attack.
Sure - but I think it should be up to the OP to do so, rather than hoping somebody will get round to it, it seems pretty lazy and too supportive of paywalls. Or at least in the FAQ an explanation of how to read a paywalled article.
Luckily, this was the NYTimes, which is based in the US, and considered one of the most prestigious news outlets in the world—turning on a source would be major malpractice. Possible? Sure, but just like with heart surgery, I'm more inclined to trust a professional with an earned reputation to uphold, than just some random shmo—which is to say, there's not much more of aa reliable bet than the NYT for staying safe as a source.
The difference really isn't splitting hairs. Not only is he not a source, he's not anonymous.
Blogged under his full name until a couple years ago, blogs under first and middle still, full name still all over the internet and discoverable within a couple minutes, details of life all over blog still. Hell you probably don't even need to know his last name to find him. Scott Alexander Bay Area Psychiatrist is probably enough to go trawling through psychiatrist practice staff pages and find him fairly quickly.
Dude's basically wishing he was anonymous and living in denial because to accept that he isn't would be to accept that he really shouldn't continue his career and blog.
I think it's entirely possible for a person to both be willing to publish his last name and also go to prison in order to protect a source, all while remaining consistent in their principles.
the real issue is what you get when you google Scott [Lastname]. If the top result is an NYT story his patients will reliably find it, and that can be problems.
Hmmm. My point was that even if the journalist wasn't themselves willing to hand over data, at least in some (western) jurisdictions the police will raid them and seize the data directly.
Now, whether or not given journalists are following good enough data handling practises (eg encryption, etc) to still maintain confidentially is unknown.
So a kid got access to the keys to the kingdom at Twitter by social engineering their way into Twitter's internal Slack. That sounds like crazy irresponsible use of sharing privileged access information in Twitter's internal processes. That could be career ending for someone. Just someone on Twitter's slack, lurking there, seeing passwords and services and being able to access them without an employee account or some kind of sane security process? Huh?
Most businesses survive opsec 101 failures with minimal cost. Equifax is still in business, for example.
Practitioners take issue with these gross failings, but the markets and regulators seem to not care in the slightest. Disheartening to say the least, yet the reality of the situation.
I’m pretty sure Twitter is still (mostly) working from home like all the other tech companies in the area, so a physical proximity requirement is out. A VPN requirement could work; in theory there’s no reason a VPN login is any more inherently secure than the login to whatever admin panel they’re using, but in practice VPNs can help centralize security policies across many applications. (I have no idea what Twitter’s systems look like, though.)
People are generally far less likely to give out credentials to their VPN or personal accounts than they are to give out passwords to a random application. Additionally requiring a VPN increases the barrier to entry to accessing the application as you could have additional requirements to a VPN (such as a 2FA and device certificate).
Interesting to hear they “got access to the Twitter credentials when [they] found a way into Twitter’s internal Slack messaging channel and saw them posted there”. I wonder if using a free-as-in-freedom alternative like Zulip (on the front page yesterday), Mattermost (closer alternative, whose website https://mattermost.com/ emphasizes security), or Matrix (also seems popular on HN) would have prevented the hack.
it doesn't matter. The main point is the apparent security [mis]architecture at Twitter such that those posted credentials is enough to get access. It means no 2FA, the bare minimum for prod access. It probably also means no role based access control (or such an ugly one that instead of roles assigning/modifying/etc. people resort to posting/sharing credentials of critical prod accounts).
Twitter incident report & post-mortem kindly provided by NYTimes and "hackers". Perception management precedes forensics.
"But four people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public."
[Text file?] Logs and screenshots as evidence! That's funny.
If this is true, then this is even more concerning than the hack itself. Twitter asks us to trust them with our data, but can't even keep access to their own information secure. How do they expect us to trust them with anything?
Do we actually trust twitter with any data? I don't use twitter much but I can't think of anything on twitter that isn't already public.
The only thing we trust twitter to do is to provide some notion of authentication for well known users. That's still very important and not something Twitter can afford to lose, but it's not trusting them "with our data", I feel that is a very heavily overused phrase these days.
If these hackers had been more subtle and somehow made the confusion last a long time, it could have been a lot more serious. If people can't rely on Trump being Trump and Musk being Musk on Twitter, then Twitter is just an overgrown internet forum.
Twitter does or at least did aggressively ask users for their phone numbers. They also retain information such as email addresses too. Presumably some people give them even more information about themselves.
This is basically saying they posted credentials and login information that allowed you to change the recovery email of any account a slack channel.
That is unbelievably sloppy on Twitter's part. Not acceptable at a tiny company. I would fire everyone involved with posting the credentials if that's true.
That said, I'm not convinced this story is true but it does add up.
Yep. I find this story hard to believe. Finding credentials on Slack for the most important resources at the company seems too hard to believe. Also if this was the case, how come Twitter was having a hard time to figure out how to stop the hack?
Yes, but still: individually I've seen all these things at various companies over the years. To find them all in one place is hard to believe but it just might happen.
Yes, you're right. This opportunity hasn't been completely arbitraged away. Devote your time, and a moderate amount of technical chops, to this and you can likely make millions over the next 10 years.
John Gilmore used to have Jesus.com (when you could register domain names for free, long before the days of the web), but when they started charging for domains, he refused to pay for Jesus.com on principle, so then he lost Jesus.com from his life.
Personally (having no such principles myself), I would have paid his rent, kept him entombed for a while, then auctioned off Jesus.com to the highest bidder. He must be worth at least 30 pieces of silver!
Fortunately, after an unfortunate series of events (including a creepy Jesus dating site offering eligible women a chance to Win a Shower With Jesus), Jesus.com finally ended up being adopted by the Metropolitan Community Church, https://mcchurch.org (not affiliated with McDonalds), which is pretty good, as churches go. (Their French Friars are excellent!)
>Founded in 1968, Metropolitan Community Churches (MCC) has been at the vanguard of civil and human rights movements by addressing issues of race, gender, sexual orientation, economics, climate change, aging, and global human rights. MCC was the first to perform same-gender marriages and has been on the forefront of the struggle towards marriage equality in the USA and other countries worldwide.
>MCC recognizes a state of need around the world in the areas of human rights and justice including but not limited to the Lesbian, Gay, Bisexual, Transgender, and Queer community. As people of faith, MCC endeavors to build bridges that liberate and unite voices of sacred defiance. MCC leads from the margins and transforms.
I almost wish this attack had been perpetrated by sophisticated govt hackers. The fact that it was some kids still living at home is almost more scary. But the silver lining is this was hopefully a wake up call for Twitter.
It is a surprise if they do not just do the slow kill. The donation one is great as it looks harmless. I bet those may not be aware that it is fake. And if there are messages enough ...
It could be a bigger news. Luckily it is not nation. But if a kid can do it ...
Startup Idea: Anonymizing data provider based in a country where most big governments can't easily touch you and more competent at removing information that can be used to identify the whistleblower than current news agencies.
I created Sharesecret (https://sharesecret.co) to protect against exactly these kinds of attacks.
Most company Slacks are a ticking timebomb of sensitive artifacts waiting to be discovered. Whether it's passwords or just general internal info you wouldn't want to be public, it's wild how much sensitive info is sitting in like 4 systems (Slack, Gmail, Notion, Dropbox).
In addition to basic secret sharing, Sharesecret has a slack extension that detects different types of potentially sensitive data and alerts the sender to redact and encrypt to get it out of Slack. We also have an auto-destructing private chat feature.
Looks like in a few months we'll have another article about these kids being arrested and dragged in front of a judge - or they'll silently be recruited by the state.
They could've just deleted all accounts, cleaned up after themselves and made it difficult to be tracked down. With the information they gave, it wouldn't surprise me if 4chan anons were able to track them down and spam their details "for the lulz".
123 comments
[ 2.7 ms ] story [ 209 ms ] threadI'm not sure what you mean. The story continues after that point. Maybe you hit the paywall?
https://www.dailywritingtips.com/7-examples-of-valid-passive...
We're at the point where the NYT is doxxing random bloggers. I don't think this is a good time to be relying on journalistic integrity for your safety.
Head up, Discord lawyers, you've got subpoenas coming in hot.
If I'm guessing, he lied and got access somehow and wanted to destroy Twitter.
https://arstechnica.com/information-technology/2014/11/law-e...
What's to stop them from doing that today or simply running their own? It would be a minor expense and effort for them.
There are certainly some other kinds of attacks that could deanonymize this who are using tor, but the attacker needs to have control of a big percentage of the network, and I actually hope other state actors run enough nodes to make this non viable.
Why would you assume so?
So it was not the work of "a state in which a great majority shares the same culture and is conscious of it"?
Quite concerning, a Twitter got really lucky that it was a mere scammer.
Every serious hacker group & adversarial nation-state has just learned a huge amount about Twitter internals, and their weak security.
If Twitter fails to implement far more stringent controls (and yes those are a pain in the neck, expensive and inconvenient), they are 100% sure to be used for serious provocations.
At the very least, Admin access to blue check accounts should require simultaneous triple access codes from admins who don't work together.
As a reference point for what real security looks like: when I worked at IBM, I met a guy who had figured out how four people in different offices could conspire to get $10MM transferred to an offshore acct, and reported it. He was promoted up two levels for that insight (&the loophole was fixed).
That would take 4 people conspiring, probably twice that after the fix.
Meanwhile, a single Twitter admin can post ANYTHING from accounts of people who can launch nuclear weapons.
Sure, it's all fun and games until someone wants to play Global Thermonuclear War - and can.
I hope this gets security taken more seriously.
Sorry but if our global security come down to twitter than we have far bigger problems than twitter adding some security layers to their admin interface
But with that kind of admin access to many accounts, it would be straightforward to spread a LOT of chaos from a number of compromised accounts with a series of plausible tweets. The rate things move, it could get out of hand, and a lot of people killed before it got sorted.
Especially true for experts at provokatsiya (provocation) & dezinformatsiya (disinformation) as the RUS FSB & GRU.
And yes, we do have bigger problems than Twitter's absymal security (start w/FBs, which was hacked to hack multiple elections), but to act as if the capability to make comments from a verified world leader accounts is irrelevant is, to be polite, foolish beyond belief.
Nevertheless, Twitter is a blip within the vast organizational structures that the world functions on. There is a huge amount of inertia there as well.
Throwing around words like thermo-nuclear war is more than a bit shrill.
There is another factor here as well - it's the same mistake you and many others make with the idea that Facebook was used to "hack an election". There is no evidence at all that opinion forming through Facebook is of any significant importance relative to Fox News, media making a big deal out of a private email servers, SuperPACs (those used to be big election influence scare of the olden days - now they are irrelevant and dwarved by Facebook). Also, people have agency and they share their believes with each other.
Which is all the say - when parent says "we'd have other problems if a Twitter hack brings down world government" then that is exactly that. If a 1000 other things must go wrong to cause a war with a false tweet, don't blame Twitter for that war.
Not any more. The US has had for several years a person occupying the Presidents chair who makes major policy announcements first via Twitter, from abrogating treaties, to immigration policy, issuing pardons/commutations for friends, etc. These pronouncements often surprise even his closest senior staff, and are expected to be acted upon
This is a far cry from the original trivial "look at these beautiful scallions I had on my breakfast plate!"
The platform needs to be treated with the appropriate seriousness.
Sure " thermo-nuclear war" is at the far end of the scale. Hacks using Twitter or other SocMed would likely be lower on the scale.
But it is definitely true that with control of all and any verified accounts, including Presidents, commanders, military commands, news outlets, etc., one could craft a series of messages that would at the very least create widespread deadly panic in minutes, if not start an actual war (Go look up the results of Orson Welles's "War of the Worlds" broadcast.).
The problem is that with the right attack, a lot of things going right WILL cause major problems. The entire point is that it would not require 1000 other things to also go wrong.
As to Facebook, there is more than plenty of evidence that it successfully influenced the election. Not primarily through forming major opinions as through Fox, etc., but by targeting specific demographics down to the individual level (using data stolen from other channels including voting rolls) with tuned messages to generate a specific response, and more on the side of suppressing or diverting voter turnout for HRC than generating it for DT. It took only a few 10K votes in 3 states.
These technologies are far beyond mere juvenile startup toys. Their scale, influence, and valuation show how much power they wield. We need to hold them to levels of responsibility commensurate with that power, not continue to make excuses as if they were children's toys.
Why not just say “provocation & disinformation”?
For example, a tweet by Musk saying that he's seriously considering leaving Tesla "because it's not going in the right direction".
Of course the tweet would be denied and deleted soon after, but who's gonna believe entirely that it was a hack, given Musk's history and a single tweet? It's "Inception", by tweet.
Now imagine what you could do with Trump's account.
Imagine immediately following the “going private... funding secured tweets” if a malicious actor wrote something about Saudi funding, or cashing out of it’s rejected. It’d be much hard to separate fact from fiction when the baseline is already crazy sounding.
Boom, the dollar collapses.
Or, in a high-tension war scenario, not only posting tweets from POTUS, and adversary accounts, but also from varios mil commands and news organizations - think creating the entire scenario of Orson Well's War Of The Worlds broadcast...
Might not start a war (we can hope there are enough safeguards in place), but it could cause a lot of damage in a few minutes/hours...
But then you gain in immediate effect but all those accounts will immediately say that they have been hacked. And since it's many uncoordinated and adversary accounts, people will have less trouble believing in a hack.
While if you do it with a single tweet, the suspicion it was in fact authentic will linger.
startups founded by young ppl add features so fast and are encouraged by Angels/VCs to move fast? Compare that to 'grown-up' companies where things like auditability and common sense prevail?
What we're seeing at Twitter now is something that pretty much every single SV startup is prone to.
Don't waste time thinking deeply about the problems and systems - just bang out features the product people think up as fast as possible.
There was nothing sophisticated about this attack.
This is in the FAQ at https://news.ycombinator.com/newsfaq.html and there's more explanation here:
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
https://news.ycombinator.com/item?id=10178989
ok, thanks.
That's one data point in opposition (although not exactly revealing a 'source', the difference is splitting hairs).
Blogged under his full name until a couple years ago, blogs under first and middle still, full name still all over the internet and discoverable within a couple minutes, details of life all over blog still. Hell you probably don't even need to know his last name to find him. Scott Alexander Bay Area Psychiatrist is probably enough to go trawling through psychiatrist practice staff pages and find him fairly quickly.
Dude's basically wishing he was anonymous and living in denial because to accept that he isn't would be to accept that he really shouldn't continue his career and blog.
I think it's entirely possible for a person to both be willing to publish his last name and also go to prison in order to protect a source, all while remaining consistent in their principles.
Really?
You mean the one that gets CIA's permission before publishing articles that mentions it?
https://www.theguardian.com/commentisfree/2012/aug/29/corres...
Now, whether or not given journalists are following good enough data handling practises (eg encryption, etc) to still maintain confidentially is unknown.
Practitioners take issue with these gross failings, but the markets and regulators seem to not care in the slightest. Disheartening to say the least, yet the reality of the situation.
VPN credentials can also be tied to a device certificate, which can be securely stored in the machine’s TPM.
This prevents VPN login from anything except a company issued machine. You don’t get this with normal password auth.
"But four people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public."
[Text file?] Logs and screenshots as evidence! That's funny.
https://techcrunch.com/author/kate-conger/
https://www.nytimes.com/by/nathaniel-popper
The only thing we trust twitter to do is to provide some notion of authentication for well known users. That's still very important and not something Twitter can afford to lose, but it's not trusting them "with our data", I feel that is a very heavily overused phrase these days.
If these hackers had been more subtle and somehow made the confusion last a long time, it could have been a lot more serious. If people can't rely on Trump being Trump and Musk being Musk on Twitter, then Twitter is just an overgrown internet forum.
Thats our data.
That is unbelievably sloppy on Twitter's part. Not acceptable at a tiny company. I would fire everyone involved with posting the credentials if that's true.
That said, I'm not convinced this story is true but it does add up.
Do they? As far as I can tell, Twitter is for loudly shouting all your ill-conceived thoughts in public.
Don't post anything on twitter you wouldn't stand on a street corner screaming.
Personally (having no such principles myself), I would have paid his rent, kept him entombed for a while, then auctioned off Jesus.com to the highest bidder. He must be worth at least 30 pieces of silver!
Fortunately, after an unfortunate series of events (including a creepy Jesus dating site offering eligible women a chance to Win a Shower With Jesus), Jesus.com finally ended up being adopted by the Metropolitan Community Church, https://mcchurch.org (not affiliated with McDonalds), which is pretty good, as churches go. (Their French Friars are excellent!)
https://jesus.com => https://mcchurch.org
>About Metropolitan Community Churches (MCC)
>Founded in 1968, Metropolitan Community Churches (MCC) has been at the vanguard of civil and human rights movements by addressing issues of race, gender, sexual orientation, economics, climate change, aging, and global human rights. MCC was the first to perform same-gender marriages and has been on the forefront of the struggle towards marriage equality in the USA and other countries worldwide.
>MCC recognizes a state of need around the world in the areas of human rights and justice including but not limited to the Lesbian, Gay, Bisexual, Transgender, and Queer community. As people of faith, MCC endeavors to build bridges that liberate and unite voices of sacred defiance. MCC leads from the margins and transforms.
https://www.namepros.com/threads/anyone-remember-jesus-com.1...
http://web.archive.org/web/20001013080300/http://jesus.com/
http://web.archive.org/web/20001109055800/http://jesus.com/s...
http://web.archive.org/web/20001109045900/http://jesus.com/f...
16. Why don't you use this web site to tell people about the real Jesus?
If people cannot find what they need to know about Jesus then they are truly beyond hope.
17. Will you sell your domain to me?
If you can write a check for 10+ million we might have something to talk about.
Screenshots - The internets best proof(TM)
It is a surprise if they do not just do the slow kill. The donation one is great as it looks harmless. I bet those may not be aware that it is fake. And if there are messages enough ...
It could be a bigger news. Luckily it is not nation. But if a kid can do it ...
Most company Slacks are a ticking timebomb of sensitive artifacts waiting to be discovered. Whether it's passwords or just general internal info you wouldn't want to be public, it's wild how much sensitive info is sitting in like 4 systems (Slack, Gmail, Notion, Dropbox).
Protect y'selves people.
https://en.wikipedia.org/wiki/Security_theater
An Open-source and self-hosted version of what this service seems to be doing.
They could've just deleted all accounts, cleaned up after themselves and made it difficult to be tracked down. With the information they gave, it wouldn't surprise me if 4chan anons were able to track them down and spam their details "for the lulz".
Still run by the BBC's Mark Thompson.
https://imgur.com/VUdcIou
https://pbs.twimg.com/media/CIMxvS-WEAER49I.png
https://pbs.twimg.com/media/CINJUoqUwAEkSip.jpg
https://twitter.com/TuckerCarlson/status/1285386153093464065
https://news.ycombinator.com/item?id=23880201
https://news.ycombinator.com/item?id=21367594