27 comments

[ 3.0 ms ] story [ 56.4 ms ] thread
It's been clear to me since their Failing Whale that Twitter is a reactionary company compared to its peers, it will wait until something explodes before they deeply address an issue. It makes for fun postmortems to read as an outsider, but I would be embarrassed to work there tbh. I can't believe for a company of their scale there were no safeguards in place already.
He's doxxing people again that he guesses are responsible, just like the last article. It leaves a very bitter taste. He's not law enforcement. He should be handing these personal details to the FBI for investigation, not putting them on a souped-up-blog.
O'Connor (the doxxed guy from the previous article) did admit to paying for a hacked Twitter account, and it was never claimed he is responsible for the hack.
Admission of a crime should not be taken as truth. 134 people have admitted to being the person who shot the prime minister of Sweden, Olof Palme.
He was doxxed, not beheaded. It is a blog, not a courthouse.
Doxxing is fine because it's not murder? You don't even have the beginnings of a point.
I think it is fine somebody is reporting on someone who admits to doing something shady. On a blog.
You already called it doxxing, don't shift goalposts.
Doxxing people engaged in clearly criminal activity is fine.
134 people shot the Prime Minister of Sweden??!!! j/k Good point Draug!
i agree with you. it also leaves bad taste in my mouth. he is taking on a lot of responsibility and seems unaware.
What do you expect frOm this Guy? he's the go to for security info for people that don't understand computer security. He's good at using search engines and filling obvious breadcrumbs to sites that perpetuate fraud and basic hacks. he's the defacto standard for everyone that needs this kind of research put into layman's terms and that standard comes with a low bar.
I've stopped clicking on any Krebs links after reading the comments about his doxxing behavior last week. The thread is here: https://news.ycombinator.com/item?id=23865035

The main article about it is here: https://itwire.com/security/infosec-researchers-slam-ex-wapo...

This brand of... journalism surely sees itself as one that keeps the world safe, cflewis. Without brave vigilante journalists, who would give other vigilantes the information needed to SWAT your house or mail you illegal substances?

All I see is pulling on the threads and crucially no judgement in the process in a transparent passionless matter. The email tracing could have lead to some shmuck with a compromised or long inactive account co-opted after another breach and he followed up on it instead of simply assuming guilt. The damn FBI could learn tricks from him on proper investigation without assumptions appears to be the goal more than trying to find what they want (incrimination of some sort).
Krebs is much more responsible than a reddit mob. He is reporting on facts, it’s not a lynching.

It is his right to speculate on who did what on his own blog, especially when presented with evidence and other interesting details.

Brian Krebs likes to dox everyone: from security researchers, people giving him bad book reviews, to website administrators. Doesn't even matter if you're they're the allegedly "bad guy" of the story he's publishing or not.

He does it because he can. Must be one of the few very ways he can feel powerful, messing with people like that. At this point I can only assume he causes havoc and screws with people's lives because he enjoys it. You can't work in that field, doing this to people over and over, and not grasp how incredibly dangerous this can be. Especially since he himself claims to be getting death threats and people sending him drugs in the mail.

Or maybe it's pathological and beyond his comprehension. In which case I wish him all the best and hope he gets professional help soon.

A course on ethics in journalism also only ought to do him well.

What concerns me the most is that if this recent attack was accomplished by this outfit, it seems very likely state actors probably have infiltrated Twitter and may be sitting on information a bit more subtly.
Question about these hacked accounts: Why pay money for some account like this when Twitter will presumably just return the account to the original holder?

And assuming I'm giving Twitter too much credit: How would one even start to use a taken over account, assuming the new account has its own followers and history, it's not as if one could just change identities and start posting from a new account as onesself. It would be weird to ask all my friends to start following a new account because I've switched accounts?

Sorry, I don't think I've ever really understood Twitter.

The desire for premium usernames isn't unique to Twitter, there was a good Reply All episode that dived deeper in the motivations of people who will pay for those accounts: https://gimletmedia.com/shows/reply-all/v4he6k

Also most accounts don't belong to famous people so I think you overestimate the willingness of Twitter to devote resources to do anything for most hacked accounts.

It isn't clear these accounts are all being used in any high profile manner. For example the @L account mentioned in the article has 0 followers, follows 1 account, and has their tweets protected. I just started plugging letters in and saw that accounts @B, @C, @D, and @E are all suspended. And considering these accounts were seemingly hijacked by exploiting Twitter's inability to identify the original account holder, I'm not sure Twitter actually has a way to determine who that should be conclusively.
Your question holds the answer. It's very possible that any stolen account may not be returned to the owner. 1 letter accounts are worth 5 figure dollar amounts to people who are obsessed with online clout. Same goes for any other major social platform. IG, snap, Xbox, playstation network, etc. Most of the 1-2 letter and short "OG" accounts on IG are all either bought, traded, or stolen. Very, very few original owners exist in the space.

There are also techniques people use to boost the chances that the original owners never get their account back. On Xbox for example, support looks at a few specific pieces of account info and their previous entries that only the real owner would know. So people just flood the account over and over and over with filler info until all those original entries are gone and the original owners suddenly have no ground to prove that they owned it. It's a vicious game and I'll never understand why some people are so extremely desperate for internet fame but there's a whole community based around it.

What another commenter said is also spot on. A majority of these accounts are not owned by famous people, just random joes who got lucky or bought the accounts on forums. Unless you are famous, these platforms do not care about you. If you can't get your account back through the standard support options, there's no special options(usually) for you to get help like famous people have.

I’m a random joe who has one! I have a two letter twitter account that I’d gladly sell for 5 figures if that were true. I get daily hack attempts and blackmail threats often. Good times.
I'd love to read a blog post about that if you manage to do it
> Twitter will presumably just return the account to the original holder?

This never happens and you can’t reach any support and get told to talk to the hand.

>Known as “original gangster” or “OG” accounts

Krebs sounds pretty lost. Precisely nobody calls these "original gangster" accounts besides some boomers from the media struggling to understand the community.