Wrote this elsewhere, but it's worth sharing here, too.

I bet $5 that a rogue employee or two leaked access to Twitter's backend systems.

If I learned one thing as a Welfare Clerk, it's that you should be more worried about people on the INSIDE fucking with things, not outsiders. To give you an example, a month after I started as a Welfare Clerk, a caseworker in my office was busted for stealing over $100k by issuing cash benefits onto a dead person's EBT card.

The people with access to the systems are the ones you _really_ need to pay attention to. And I really, _really_ doubt that something as hacked together as Twitter (or, for that matter, Facebook or other major platforms) even considered making sure their own employees couldn't fuck shit up. Few employers do, regardless of the industry. Scaling and managing uptime is the highest priority for Twitter's tech folks. Internal security tooling and auditing probably ranks somewhere down around the bottom of the list, alongside lubricating the foosball table or something like that.
posted by SansPoint at 2:33 PM on July 16, 2020 [19 favorites]

I bet $5 that a rogue employee or two leaked access to Twitter's backend systems.

I'll raise you $5
posted by infini at 2:36 PM on July 16, 2020 [2 favorites]

I live in land were a tweet might save you from a tornado.

see $5, raise $5.
posted by clavdivs at 2:43 PM on July 16, 2020 [3 favorites]

Vice: Hackers Convinced Twitter Employee to Help Them Hijack Accounts
posted by theodolite at 2:44 PM on July 16, 2020 [14 favorites]

When Twitter realized that they had been so thoroughly compromised, the only responsible reaction would have been to shut it down until they knew WTF happened.

The fact that they didn't is just another bit of proof that Twitter's leadership is unfit for the responsibility they have.

If rather than the endgame being a bitcoin scam this was simply someone performing a proof of concept and have another, bigger (or, conversely, subtler) bit of chaos to pull, it was a test. A test that their executive leadership utterly failed.

Turns out the only thing between us and blood in the streets was a couple criminals who turned out not to think really big.
posted by tclark at 2:46 PM on July 16, 2020 [18 favorites]

Just remember, kids: “Social engineering” is a polite way of saying they tricked or flipped someone.
posted by JoeZydeco at 2:49 PM on July 16, 2020 [19 favorites]

From the Vice article, one of the "sources" claims they paid a Twitter employee for access. Money is the real social engineering, you know? (Takes a biig drag off my joint)
posted by RobotHero at 2:55 PM on July 16, 2020 [26 favorites]

Just remember, kids: “Social engineering” is a polite way of saying they tricked or flipped someone.

And the evidence is pointing towards flipped, Dennis Nedry style. Which is utterly terrifying on several levels.
posted by NoxAeternum at 2:57 PM on July 16, 2020 [6 favorites]

I've still got friends who work at Twitter (poor bastards) so I have a little empathy. What a fucking shitshow. It is really, really difficult to protect systems against attacks from the inside. I'm hoping they publish details; it's hard for me to understand who would give an outsider access like that and think they wouldn't get caught at it.

I'm most reminded of back in 2009-2010 when Chinese spies hacked Google. "Hacked" is a bit of a misnomer here; they planted multiple spies inside the company as employees and used their access to steal code, data, trade secrets, etc. Maybe make changes too; Google never really talked about the extent of the damage. As a result Google massively overhauled their internal security and it went from a company where engineers were trusted with access to everything to a much more complex and annoying system that at least had some internal firebreaks.
posted by Nelson at 3:04 PM on July 16, 2020 [8 favorites]

I didn't think I'd win the bet so soon. Gosh this is a fast moving thread.
posted by infini at 3:05 PM on July 16, 2020 [6 favorites]

These scams have gotten sophisticated. It isn't like the old days, when you'd visit giveusallyourmoney.com, put in your credit card information, and wait.
posted by They sucked his brains out! at 3:09 PM on July 16, 2020 [6 favorites]

It is really, really difficult to protect systems against attacks from the inside.

True, but once you know you've been compromised, it's not really, really difficult to contain the damage by shutting the service down. And they didn't even do that.
posted by tclark at 3:18 PM on July 16, 2020 [2 favorites]

It is really, really difficult to protect systems against attacks from the inside.

We do it via multiple tiers of privileges, which is a pain to manage day to day, but slows attacks like this. I mean, they hacked all the top accounts, not random nobodies. You could certainly still do it, but that would require a level of software privilege not granted to every single customer service rep, but rather to a limited few. And that also helps narrow down investigation targets.
posted by The_Vegetables at 3:23 PM on July 16, 2020 [3 favorites]

Money is the real social engineering, you know? (Takes a biig drag off my joint)

reminds me of a friend from years ago.

"There's only one conspiracy and we're all in on it. It's called money." And he took a big drag off his joint.
posted by philip-random at 3:26 PM on July 16, 2020 [27 favorites]

Twitter has permitted obvious Bitcoin scams forever. Donald Trump's mentions are full of fake Elon Musks running the same exact scam.

I wonder if they'll do anything about those now, or just lockdown the real blue checkmarks a bit more.
posted by BungaDunga at 3:30 PM on July 16, 2020

It was nice fun when the checkmarks were silenced for an hour. One of those events that makes twitter go crazy and be fun for a bit. And they managed to siphon off $118,144 from people while doing it. I've heard rumblings the bitcoin was a cover to go after the real goods - all the direct messages from those high profile accounts. Musk's account was out of commission for many hours. I wonder what insanity is inside of that account.
posted by msbutah at 3:35 PM on July 16, 2020 [11 favorites]

flipped, Dennis Nedry style.

When does Jack Dorsey get eaten?
posted by Harvey Kilobit at 3:37 PM on July 16, 2020 [15 favorites]

I saw some infosec people talking about how slow this was, with all the tweets seemingly being sent out manually. Considering how slow Twitter was to react, I guess we're lucky whatever administrative tool being used wasn't scriptable. (Or maybe it was and whoever got bribed simply didn't know how to script it.)
posted by ckape at 3:45 PM on July 16, 2020 [2 favorites]

Why on earth is there a tool inside Twitter that lets people tweet as someone else?

Delete tweets? Sure. Look at DMs? Probably needed. Close a whole account? Of course. But I can not think of any valid reason why a Twitter employee would ever need to impersonate another user and Tweet as them.

The fact that such a tool exists and that the culture inside Twitter allows it to exist is the real problem here.

Everyone (and I do mean EVERYONE) in high tech knows that these kinds of social engineer hacks happen. You can't really defend against them. Instead, you don't allow even your most trusted employees to do certain things -- LIKE TWEETING AS SOMEONE ELSE!
posted by Frayed Knot at 3:48 PM on July 16, 2020 [4 favorites]

The insider didn't tweet as another user, they changed the email address associated with the accounts that were compromised to one belonging to the attackers so that the attackers could in turn reset the passwords on the accounts.
posted by mmcg at 3:54 PM on July 16, 2020 [7 favorites]

Krebs has some newer info and preliminary conclusions.
posted by churl at 3:54 PM on July 16, 2020 [4 favorites]

There's a pretty informative AskMe about this as well.
posted by any portmanteau in a storm at 3:57 PM on July 16, 2020 [2 favorites]

The insider didn't tweet as another user, they changed the email address associated with the accounts that were compromised to one belonging to the attackers so that the attackers could in turn reset the passwords on the accounts.

That implies that either a) none of these folks had MFA enabled (possible, but unlikely), or b) the internal tool could both change the email & remove MFA. Which brings me back to my original point -- there's no reason the tool should be able to do that.
posted by Frayed Knot at 4:07 PM on July 16, 2020 [9 favorites]

I'm most reminded of back in 2009-2010 when Chinese spies hacked Google. "Hacked" is a bit of a misnomer here; they planted multiple spies inside the company as employees and used their access to steal code, data, trade secrets, etc

Unless Twitter's internal tools are so fucked that everyone involved is going to have to scrub Twitter off their resumes in hopes of ever getting a job again, this is likely what has happened. Maybe not China specifically, but a nation state that could get people to follow orders that would likely result in significant jail time for the perpetrators.

The types of people who should have this type of access make more in RSU refreshers every year than the total of the bitcoin that people sent. So, you definitely aren't bribing people internally for this. And, even tools built by complete morons would have enough auditing to know exactly which creds were compromised before most of us saw the first of the scam tweets.

My personal guess is that is the Sony hack done on a much larger scale. A nation state has gotten people inside, and the real goal was getting everyone's DMs. Twitter isn't saying, but it's reasonable to assume that every account had its DMs slurped up, not just the ones who sent out bitcoin scam messages.

But, I akassuming that the internal tools were built by just run-of-the-mill morons, rather than supreme ultra morons. It possible that every two bit contractor could just change the address of Barack Obama and Bill Gates, but I'm guessing not.
posted by sideshow at 4:15 PM on July 16, 2020 [3 favorites]

I guess I should add that my "supreme ultra morons" could actually be "persons actively working to further the goals of an external bad actor". Hanlon's Razor say "never attribute to malice that which is adequately explained by stupidity", but sometimes it is actually malice.
posted by sideshow at 4:20 PM on July 16, 2020 [2 favorites]

sideshow: Any sufficiently advanced form of stupidity is indistinguishable from malice.
posted by SansPoint at 4:32 PM on July 16, 2020 [37 favorites]

The Bitcoin part would allow the entity which gained control of those Twitter accounts to sign future messages (such as a juicy bundle of bluecheck DMs) with proof that those messages came from that entity.
posted by save alive nothing that breatheth at 4:36 PM on July 16, 2020 [3 favorites]

But I can not think of any valid reason why a Twitter employee would ever need to impersonate another user and Tweet as them.

Law enforcement or intelligence agencies might quietly ask Twitter for that functionality, in exchange for quietly granting regulatory or tax concessions, say. There would be many reasons those groups would want to post under an existing account, and it would only be a matter of time before that functionality could be rerouted to serve a more malicious third-party.
posted by They sucked his brains out! at 4:39 PM on July 16, 2020 [5 favorites]

Why on earth is there a tool inside Twitter that lets people tweet as someone else?

Because the devs could?
posted by Thorzdad at 5:13 PM on July 16, 2020 [3 favorites]

When Twitter realized that they had been so thoroughly compromised, the only responsible reaction would have been to shut it down until they knew WTF happened.

Given that twitter is engineered specifically to do the exact opposite of this and never go down under any circumstances, I suspect a total system shutdown would not have been as trivial as it sounds.
posted by Sauce Trough at 5:18 PM on July 16, 2020

So is anybody talking about how there's one very obvious name missing from the list of accounts that were hacked? Probably the most famous account on Twitter, followed by an awful lot of people who would probably have immediately dumped their life savings into that Bitcoin scam?
posted by saturday_morning at 5:18 PM on July 16, 2020 [30 favorites]

I’m wondering if after that one employee deleted his account for a brief time if maybe they have some double-secret probation security on that particular account.
posted by valkane at 5:23 PM on July 16, 2020 [7 favorites]

Yeah, his account was deleted using an internal employee dashboard, right? And this hack was with a similar dashboard. I wouldn't be surprised if they'd just locked all of those dashboards from even touching his account after that.
posted by BungaDunga at 5:25 PM on July 16, 2020 [1 favorite]

Another reason why social media should be banned for politicians to communicate their every thought, or non thought.
posted by waving at 5:31 PM on July 16, 2020 [7 favorites]

Why on earth is there a tool inside Twitter that lets people tweet as someone else?

If you look, you'll find many companies have a tool like that as a debugging aid. It's a great support technique; you become that user then try to reproduce whatever problem they're having. Also, as we've discovered here, it's a dangerously powerful tool. But it's common practice.

I hope a whole lot of software service companies today are having serious discussions about "gee could that happen to us too?" I imagine they are. I also imagine most will decide "why yes, it could" and then do nothing meaningful about it.

So is anybody talking about how there's one very obvious name missing

Yes, the New York Times is.

Officials also noted that the breach did not affect the account of one of the most watched and powerful users of Twitter: President Trump. Mr. Trump’s account is under a special kind of lock-and-key after past incidents, the official noted.

posted by Nelson at 5:50 PM on July 16, 2020 [8 favorites]

Officials also noted that the breach did not affect the account of one of the most watched and powerful users of Twitter: President Trump. Mr. Trump’s account is under a special kind of lock-and-key after past incidents, the official noted.

Right, fair enough. Shame. I liked my conspiracy theory.
posted by saturday_morning at 6:39 PM on July 16, 2020 [2 favorites]

under a special kind of lock-and-key after past incidents, the official noted.

But Biden's and Obama's are not? What the hell?
posted by Tehhund at 6:46 PM on July 16, 2020 [2 favorites]

Biden and Obama don’t have access to nuclear codes at the moment.
posted by haiku warrior at 6:54 PM on July 16, 2020 [7 favorites]

As with my comment in the Ask about this, treat anyone that claims to know with certainly what happened with suspicion. Lots of people are going to make incorrect claims for a variety of reasons. Doing accurate incident response and attribution on this kind of thing takes some time and may never be fully revealed. If anyone other than whoever did it knows exactly what went down, it's a group like the NSA and they're not going to going to give away what they know or how.
posted by Candleman at 6:55 PM on July 16, 2020 [3 favorites]

Gosh, if you're shocked by this all I can say is never look at the backend security of a bank.
posted by His thoughts were red thoughts at 8:09 PM on July 16, 2020 [14 favorites]

My personal guess is that is the Sony hack done on a much larger scale. A nation state has gotten people inside, and the real goal was getting everyone's DMs. Twitter isn't saying, but it's reasonable to assume that every account had its DMs slurped up, not just the ones who sent out bitcoin scam messages.

If you've compromised the accounts and you are slurping upt the DMs, why would you ruin it by running a crappy Bitcoin scam?
posted by ryoshu at 8:13 PM on July 16, 2020 [3 favorites]

Biden and Obama don’t have access to nuclear codes at the moment.

Frightening to think we live in a time when it isn't implausible that the President of the United States could launch a nuclear war by tweet.
posted by JackFlash at 8:25 PM on July 16, 2020 [1 favorite]

If you've compromised the accounts and you are slurping upt the DMs, why would you ruin it by running a crappy Bitcoin scam?

To camouflage your real goal. The assumption being that your intrusion will definitely be discovered whether or not you run the bitcoin scam, so if all you do is slurp up the private messages it's clear that was the goal all along. By doing the shitty bitcoin stuff you at least maintain plausible deniability. I'm not sure it's particularly effective in this case since the bitcoin stuff was so hamfisted but it is plausible.

But it could definitely just be inept swindlers. You can be good at hacking and bad at everything else.
posted by Justinian at 8:28 PM on July 16, 2020 [11 favorites]

The Krebs article that churl linked above has some pretty good evidence that it's linked to the SIM swapping community and specifically people who try to steal accounts with short usernames (Reply All covered them once). A few days ago, a user on an account hijacking forum posted an ad offering to change the email address linked to any twitter account, and a few hours before the crypto scam posts, the accounts @6 and @b were hijacked.
posted by ectabo at 8:40 PM on July 16, 2020 [3 favorites]

Biden and Obama don’t have access to nuclear codes at the moment.

Also, Obama didn’t, and Biden won’t, have everyone around them insist whatever they mash into their phones is “official policy”.

Might be hard to remember these days, but US Presidents used to announce major policy changes via official channels. Trump could accidentally tweet out his favorite Pornhub video, and the Sunday shows would be full of Republicans pissing and shitting themselves in anger that Pelosi isn’t taking Trump’s “Big Tittied Norwegian Anal” policy seriously enough because of George Soros’s influence.
posted by sideshow at 8:44 PM on July 16, 2020 [30 favorites]

The Krebs article that churl linked above has some pretty good evidence that it's linked to the SIM swapping community...

To people who don’t read the article: the SIM swappers already had the internal access, they were not exploiting Twitter’s well known garbage 2FA system. If someone could clone the SIMs of Gates/Obama/Biden/Musk/Bezos/etc, Twitter is the least of how we are all fucked.
posted by sideshow at 8:49 PM on July 16, 2020 [2 favorites]

If you've compromised the accounts and you are slurping upt the DMs, why would you ruin it by running a crappy Bitcoin scam?

To draw attention to the fact you've done it.

It's also really obvious that most of the people who were affected (if not all of them) were on Donnie's shitlist in some way. It's just bullying, like grabbing a someone's book while the teacher isn't watching and throwing it out of the window. I would hope that the higher echelons of the Democrat party have better ways to communicate than Twitter DMs. I'm not certain that hope is justified.
posted by Grangousier at 12:00 AM on July 17, 2020 [3 favorites]

"Hacked" is a bit of a misnomer here; they planted multiple spies inside the company as employees

@Nelson, where's this from, that operatives were placed in some of the Aurora-attacked companies? And by "misnomer" are you saying there were *not* external attacks from the Elderwood group, or that both occurrent?
posted by away for regrooving at 12:08 AM on July 17, 2020

It is really, really difficult to protect systems against attacks from the inside.

Yes, but (speaking from the outside) they probably could have done a lot better against this class of attack. This was done by changing the account's email address through an admin tool. The tool could require review of such changes -- for all verified accounts or for high-tier ones -- by another employee not chosen by the change-requester.

Not bulletproof, and not friction-free, but requiring review is a prettty powerful tool against insider risk.

What is reallyⁿ difficult to protect against is the people who in some way have "root" to bypass a tool policy, by manipulating the underlying storage and communication systems. But this wasn't that.
posted by away for regrooving at 12:20 AM on July 17, 2020 [3 favorites]

As a visible WOC on twitter, back before they suspended three variations of my true nym accounts, none of which are accessible to me, I've been mentioning the problems with what I call "god mode" - the backend of twitter hijacking control over your tweeting experience including changing text as you type so that by the time you hit send you're saying the opposite of what you would have - for some years now, since fall 2017 from direct experience at least.

They've always behaved in misogynist racist ways and I've tended to lump these attacks together with the usual trumpytroll crowd i.e. mra/gamergaters/incels and what have you.

A few years back on metafilter, there was an FPP about a guy who infiltrated a white supremacist tech community in the Valley somewhere, and in that thread there were conversations exploring the possibility that these guys - the white/nazi agents - were all emplaced in various godmode backend roles across the tech giants (remember the recent FB oopsie with a moderator mistagging a hate post? heh) given that the RTFA said that was the planning by these supremacists, to rise up one day and take over the comms channels of the world and dominate and control bla bla bla

This move looks to be a power move to show they've got the power of the troll king's platforms, and now everyone else everywhere else in the tech giant ecosystems who is part of their uprising will take over controls from the backend.

Prove me wrong and ask me what I'm smoking.
posted by infini at 3:43 AM on July 17, 2020 [6 favorites]

it's reasonable to assume that every account had its DMs slurped up, not just the ones who sent out bitcoin scam messages

and this is why I prefer the Keybase messaging model, where the only way to send a message that its receivers will recognize as being from me is to send it from one of the devices that has my private keys in it. Doesn't matter what Keybase staff do server-side; they don't have my private keys, so they can't sign my messages even if they're being paid or scammed or coerced or just want to.

Signal and WhatsApp do this too, but Keybase does a better job of verifiably adding keys on new devices to the collection I already have for old ones, so that my recipients don't have to decide whether or not to trust my signatures every time I start sending from a new device.

When I become aware of something that's as easy to use as Keybase, with crypto that works the same way Keybase's does but running over a federation of (preferably self-hostable) servers, then I will jump ship; regardless of how well built the crypto is it remains true that funnelling comms through any single organization, especially a commercial one, creates a potential SPOF and is therefore inherently risky. But until then, I'm way more impressed with Keybase than with any of its competitors.
posted by flabdablet at 4:34 AM on July 17, 2020

there was an FPP about a guy who infiltrated a white supremacist tech community in the Valley somewhere, and in that thread there were conversations exploring the possibility that these guys - the white/nazi agents - were all emplaced in various godmode backend roles across the tech giants

You don’t need secret nazis if you have Zuckerberg and @jack openly supporting and enabling your presence on their platforms.
posted by His thoughts were red thoughts at 6:44 AM on July 17, 2020 [3 favorites]

@Nelson, where's this from, that operatives were placed in some of the Aurora-attacked companies? And by "misnomer" are you saying there were *not* external attacks from the Elderwood group, or that both occurrent?

Sorry for imprecision, and I'm gonna make it worse. My initial comment is based on a synthesis of rumors I heard at the time and afterwards. That the Chinese attacks on Google in 2010 were not just external attacks but included inside access from Chinese spies who were employees.

Typing this out and looking at public sources online, I realize I'm way out on a limb beyond the consensus understanding of what happened to Google. I trust my sources of rumors and ability to sift them. But I have no evidence to document my claim. I'm doubting myself a little bit, and you should definitely doubt me. However, two things to vaguely support my claim:

Google took an unprecedented step in even talking publically about the Chinese government attack; at that time companies were pretending in public it wasn't happening. It shouldn't surprise anyone they may not have disclosed the extent of the attack's methods.

Also, one response from Google to the attack was to build BeyondCorp, a series of internal security systems. There's a lot written about it. Most tech companies have a VPN and once you're VPNed in you're a trusted employee with broad access. My understanding is that's not been true at Google since the Chinese government attacks. Instead

This is known as a Zero-Trust approach to the problem of a remote workforce, starting from the assumption that nobody can be trusted, no matter where they are connecting from, and those users are then allocated permissions to access only what they can be trusted with.

That change was a major shift in Google company culture. Also a huge PITA. But it's exactly the kind of protection you want when you no longer trust your employees fully, but just give them access to the specific things they need access to. (I realize this security model sounds like common sense, but I think if you look you'll find very few companies do anything this sophisticated.)

Back to Twitter, I have no idea what their internal security practices are like. It's not clear something like BeyondCorp would help; if the "pretend to be another user" support tool exists and you compromise an employee who uses that tool, you're in. Like away from regrooving says, maybe a solution for a tool like this is to require a second employee for serious changes. But now you're making security / usability tradeoffs and it won't be perfect.

The one thing I'm 100% confident of is that a lot of other tech companies are going to be vulnerable to an attack where an employee is compromised.
posted by Nelson at 7:58 AM on July 17, 2020 [5 favorites]

Gosh, if you're shocked by this all I can say is never look at the backend security of a bank.

Wouldn't learn much if you did, unless you know COBOL.
posted by The Bellman at 10:29 AM on July 17, 2020 [4 favorites]

When I become aware of something that's as easy to use as Keybase

That's a low bar.
posted by Jahaza at 1:28 PM on July 17, 2020

Hackers Tell the Story of the Twitter Attack From the Inside --NYTimes.
posted by Nelson at 4:30 PM on July 17, 2020 [2 favorites]

Hackers Tell the Story of the Twitter Attack From the Inside --NYTimes.

That's a helluva scoop!
posted by Jahaza at 9:57 PM on July 17, 2020

@Nelson, appreciate your candor on the nature of the sourcing involved.

I believe Forbes has overread on what "zero trust" is referring to:
"the assumption that nobody can be trusted, no matter where they are connecting from" -- yes, this switch to an untrusted corporate network is how Google sells BeyondCorp, and this where the rubber hits the road in the Forbes story about using it for remote access instead of a trusted VPN.

"those users are then allocated permissions to access only what they can be trusted with" -- this is your ACL design, a whole different layer than whether you grant trust on network access.

And though as you say "don't give dangerous access to randoms" is common sense and necessary, it's equally necessary against a spearphished credentials compromise as it is against an credentialed insider attack. And spearphishing with a zero-day is a lot cheaper. So I don't see that ACL lockdowns would point in the direction of a credentialed insider.
posted by away for regrooving at 11:16 PM on July 17, 2020

Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers.

i am ded
ded
ded if true

This admin tool has non-2FA credentials?
That get shared around on a Slack channel?
posted by away for regrooving at 11:19 PM on July 17, 2020 [1 favorite]

Twitter: An update on our security incident. It sounds like at least 8 accounts got all of their DM archive downloaded.
posted by gwint at 5:13 AM on July 18, 2020 [4 favorites]

O RLY? only 8?

That sounds like a crisis mgt pr specialist post - my bet is the social engineering was identifying a trumpet inside
posted by infini at 7:32 AM on July 18, 2020

This admin tool has non-2FA credentials?
That get shared around on a Slack channel?

Cue @jack telling us all he's appalled to have found such laxness inside his org, and that until now he'd been completely unaware that any such thing was happening.
posted by flabdablet at 8:59 AM on July 18, 2020 [2 favorites]

Worth noting that the security update specifies that "None of the eight were verified accounts" but that statement is strictly referring to the use of the Your Twitter Data download tool and doesn't rule out manual scraping of DMs for compromised verified accounts or API access, etc.
posted by metaphorever at 12:32 PM on July 18, 2020 [1 favorite]

I've heard rumblings the bitcoin was a cover to go after the real goods - all the direct messages from those high profile accounts.

Accessing the DMs could be the target, but if that's your target, why broadcast all over the world you've attained your goal, you could just quietly have the DMs and nobody would be the wiser.

Unless the attack is sure to be noticed and you need to make everybody look at something else. This is like a weird cross of Spy Games and The Prestige.
posted by WaterAndPixels at 6:56 PM on July 19, 2020 [1 favorite]

Graham Ivan Clark, 17, is accused of hacking prominent Twitter accounts. Prosecutors and the defense argued over whether the teen's considerable assets were legally obtained.

He allegedly has $3 million in bitcoin. Prosecutors are throwing the book at him and trying him as an adult. No word on how or who gave him access to the backend tools.
posted by photoslob at 5:29 PM on August 1, 2020 [2 favorites]