Very alienating how they disclose names even before their guilt is proven in court.
Also, I read they're considered adults because the crime was so serious. Come on. Just send the BTC back and that's it. This shit is a proof-of-concept and we should be thankful nobody started world war 3 on Twitter.
There's zero harm, just improved security at Twitter.
They willingly impersonated multiple people and tried to scam people based on that. That is not zero harm. Are you really saying that someone that executes a spearphishing attack on a company then uses that to take over accounts within that companies services and then uses that to try to scam people should just get a slap on the wrist?
There are at least two or three levels of this where any reasonable person would have thought "This is getting really fucking criminal"
This was likely a net benefit to US citizens. Much better that this kid exposed these security holes. Imagine how bad it would be if a nation state did this close to the election.
Spearphishing is a real problem and tech companies have no answer. An annual employee training program isn't going to solve the problem. Simply making it illegal isn't going to solve the problem.
Responsible disclosure does not equal bug bounty. Just because you found a security hole does not mean you are entitled to a payout.
The responsible way to do this would be to prove the access to twitters security team and not exploit it for personal gain. You can even just post it publicly, just don't try to scam people and profit based on the exploit.
Do you think that just because there isn't a bug bounty for a specific exploit that gives you a free pass to exploit it for personal gain?
As a thought exercise, I'd encourage you to try and have more empathy for those who are less capable.
I went through a somewhat similar experience with my grandparents. Although the scam they fell for was a bit less obvious, it's a hard situation to go through and realize that your loved ones have declined to such an extent cognitively
I am sorry! You are right! I automatically assumed everyone with cryptocurrency understood the risks and benefits, but if this is to become mainstream we need to educate people. I am sorry for making such assumptions about people.
Considering they were using Coinbase, with linked email addresses and drivers licenses, I'm going to say they should rather be banned from any role involving opsec.
18 comments
[ 2.9 ms ] story [ 52.5 ms ] threadAlso, I read they're considered adults because the crime was so serious. Come on. Just send the BTC back and that's it. This shit is a proof-of-concept and we should be thankful nobody started world war 3 on Twitter.
There's zero harm, just improved security at Twitter.
It's not much for Twitter, and they can see exactly who needs to be remunerated for how much.
There are at least two or three levels of this where any reasonable person would have thought "This is getting really fucking criminal"
Spearphishing is a real problem and tech companies have no answer. An annual employee training program isn't going to solve the problem. Simply making it illegal isn't going to solve the problem.
That's why we have responsible disclosure. It does not make it okay to exploit security holes for profit.
> Spearphishing is a real problem and tech companies have no answer.
That does not make it okay to exploit it.
I'm not aware of any bug-bounty or responsible disclosure method that allows spear-phishing as the attack requires impersonation/fraud. Is there one?
The responsible way to do this would be to prove the access to twitters security team and not exploit it for personal gain. You can even just post it publicly, just don't try to scam people and profit based on the exploit.
Do you think that just because there isn't a bug bounty for a specific exploit that gives you a free pass to exploit it for personal gain?
I went through a somewhat similar experience with my grandparents. Although the scam they fell for was a bit less obvious, it's a hard situation to go through and realize that your loved ones have declined to such an extent cognitively