Somewhere in Twitter HQ, there's a button to silence every single blue checkmark. Another button deletes all their followers, without an explanation. Right there, that's our scold-the-president button. Any president. Button to unpin all tweets that match search term "my*onlyfans".
But you can't press any of those buttons, dramatard. Your shift is over.
As you clock out, pudgy jewish broad wearing homemade holocaust badge handcuffs herself to the front door.
Western media is an arm of the totalitarian western security apparatus. No western source should be cited or trusted on any matter, citing a western journalist is essentially like citing the CIA.
It's got to be a demo. They had Space Daddy's account. They could have to set up impossible to trace puts on TSLA and make millions by having him tweet something crazy.
Shit they could have started a war by having Daddy tweet something crazy.
Targeted at Twitter itself, maybe? This doesn't make them look good.
It's possible. I think it's likely they just wanted a bunch of money, but I think making look Twitter look terrible is also a benefit.
Like the security tools to protect admin accounts for reddit is much stronger than this, since they use stuff like 2FA (for admins it has been around since at least 2015 or so iirc), and have procedures to deal with this sort of thing in a much more quick manner.
I'm surprised it took as long as Twitter did for them to do so much as block the bitcoin address being posted.
You either just edit the email, or there might just be a dedicated button to reset the password.
Some of the more interesting takeaways from this:
Twitter can, and uses the ability to, block people from showing up in search
Twitter can, and uses the ability to, block people from showing up in trending
It isn't exactly "shadowbanning" as in the formal definition, but the people talking about it were using this stupid mangled definition to mean "blocked from search" or "blocked from trending."
I just feel like there are so many better ways to make money from this. It makes it feel really amateurish. Which is frankly the scarier scenario imo. Was Twitter admin security so lax that Bitcoin scammers were able to Tweet using any account? Even the former Vice President and President?
Could they have tweeted from Daddy's account, "I'm launching nuclear missles at Tehran!"?
This could have caused an international incident and is more proof that social media is the real plague.
Maybe they were worried about what would happen if they got caught. A $100k bitcoin scam is a lot less serious than tanking the stock market, or inciting nuclear war. Also its safer in general - a bitcoin scam is easier to get away with than some of the other high-payoff shit they could have done.
Going for small potatoes like this might actually be a smarter move.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
I'm trying to find a picture but I'm pretty sure twitter has purged most of them. He made an account with proof of the admin tools to blackist people, he had 814k followers basically in hours and his profile picture was this with Epstein's black book as his background picture.
If they managed to hit an admin with a phish then a bot could easily log in to their tools even before a 2FA token expires. And once they're in, they're in.
maybe but you'd also have to grab the OTP code from the admin if they set up their system correctly unless you can just go into the admin tools without any reauthentication at any point, which is somewhat alarming.
I honestly don't see a phishing angle to this, because you'd have to know enough about the internal system to get access to it.
I bring up the model of reddit because it's the one I know, but it prevents a lot of problems by adding a second step. If I want to grant myself admin powers as an admin, I would need to do a few things
I need to login with my credentials (and OTP code).
I need to click "turn admin on"
I need to reenter my password and OTP code.
I can then perform administrative actions across the site such as banning subreddits, reading your raunchy PMs.
Oh and if someone gains access to my account, a person who has shell access can go into the shell and edit the liveconfig and kill my admin perms, reset my password, and suspend my account while I get my shit together.
The last point is a bit important too because this wouldn't have happened if there was any semblance of monitoring or reporting tools available to a more senior person to fix it.
You have much more faith in twitter's protection of their admin tools than I do hahahah. We can at least agree on the ridiculous lack of oversight though
yeah. I guess it's just baffling to me that this was like "everything burning for 6 hours" and not "someone got kicked out of the admin panel within 10 minutes"
I mean I figure if you placed the orders under multiple stolen IDs over the course of a few days and then laundered the gains through Bitcoin etc, that should be pretty difficult, if not impossible to trace, I would think.
I guess it's doable, yet the logistics scare me. Those stolen IDs won't be coming in with cash, you need bank accounts and make them not tracing to you. Then you need to get the money fast enough, which they might have some time limits in place for lump sums, especially for shorting cases. Then you need to get the money to bank accounts that should not trace to you, then you need to launder the BTC through merging pools because BTC is absolutely transparent. Then you have the issue of BTC having dirty and clean coins. Then you need to safely convert BTC to fiat in an untraceable manner.
On top of that, there can be some ML algo sniffing out these fork-join account patterns in real time.
Oh for sure it would be a pain to set up but it's doable if you're looking to make millions. That's why this feels so amateurish to me. 100k seems like a small amount considering all the scrutiny this is going to be under.
I wouldn't risk decades in prison for 100k but I could imagine some lucky but not so smart Bitcoin scammers doing it.
That gets so complex so fast, and any crumb could be the one that the NSA uses to bust you. Why risk a fat, clean payday, with shit that will surely get you busted?
It's actually kind of crazy, they literally programmed a way to make people tweet whatever they want into Twitter admin access itself. They could just make trump tweet n bombs whenever they want.
50 comments
66 mqL49J 2020-07-15
Somewhere in Twitter HQ, there's a button to silence every single blue checkmark. Another button deletes all their followers, without an explanation. Right there, that's our scold-the-president button. Any president. Button to unpin all tweets that match search term "my*onlyfans".
But you can't press any of those buttons, dramatard. Your shift is over.
As you clock out, pudgy jewish broad wearing homemade holocaust badge handcuffs herself to the front door.
20 600_lbs_of_sin 2020-07-15
go on ๐
17 Lifting_Sexytimes 2020-07-15
Hold on, let me get comfortable first
2 SPQAC 2020-07-15
Maybe sheโs just a Texas Ranger
1 htmlcoderexe 2020-07-15
I'm getting hard, keep going
50 Albert_Cole_ 2020-07-15
Wait seriously? Have I died and gone to the great beyond? Where are my 72 virgins?
29 GourmetImp 2020-07-15
Hiiiiiiiiii โบ๏ธ
4 watermark1917 2020-07-15
Journalist = Spy
Western media is an arm of the totalitarian western security apparatus. No western source should be cited or trusted on any matter, citing a western journalist is essentially like citing the CIA.
3 TrailerParkRide 2020-07-15
This but unironically
1 [deleted] 2020-07-15
[removed]
38 AlecOzzyHillPitas 2020-07-15
Just came back but there has been some kind of gigantic hack of Twitter at a site level. The BTC scam link used received over 100k USD.
Either a Twitter admin account got owned or there is an API 0 day.
Shame the attacker didnโt do something crazier - imagine the drama they could have wrought.
33 The_Homocracy 2020-07-15
It's got to be a demo. They had Space Daddy's account. They could have to set up impossible to trace puts on TSLA and make millions by having him tweet something crazy.
Shit they could have started a war by having Daddy tweet something crazy.
Just a simple Bitcoin scam? No fucking way.
10 justcool393 2020-07-15
there's screenshots of the twitter admin panel floating around.
8 The_Homocracy 2020-07-15
Really. Now that's interesting. Maybe this was just someone in over their head? Or why else would you leak that?
Targeted at Twitter itself, maybe? This doesn't make them look good.
4 justcool393 2020-07-15
who knows.
It's possible. I think it's likely they just wanted a bunch of money, but I think making look Twitter look terrible is also a benefit.
Like the security tools to protect admin accounts for reddit is much stronger than this, since they use stuff like 2FA (for admins it has been around since at least 2015 or so iirc), and have procedures to deal with this sort of thing in a much more quick manner.
I'm surprised it took as long as Twitter did for them to do so much as block the bitcoin address being posted.
Their admin panel looks decent, but it shows everything, from linked email addresses to phone numbers. Here's what it looks like, with all of the personal details censored. It's likely how things got reset.
You either just edit the email, or there might just be a dedicated button to reset the password.
Some of the more interesting takeaways from this:
It isn't exactly "shadowbanning" as in the formal definition, but the people talking about it were using this stupid mangled definition to mean "blocked from search" or "blocked from trending."
4 The_Homocracy 2020-07-15
I just feel like there are so many better ways to make money from this. It makes it feel really amateurish. Which is frankly the scarier scenario imo. Was Twitter admin security so lax that Bitcoin scammers were able to Tweet using any account? Even the former Vice President and President?
Could they have tweeted from Daddy's account, "I'm launching nuclear missles at Tehran!"?
This could have caused an international incident and is more proof that social media is the real plague.
3 Pinksister 2020-07-15
Maybe they were worried about what would happen if they got caught. A $100k bitcoin scam is a lot less serious than tanking the stock market, or inciting nuclear war. Also its safer in general - a bitcoin scam is easier to get away with than some of the other high-payoff shit they could have done.
Going for small potatoes like this might actually be a smarter move.
2 justcool393 2020-07-15
Given what Twitter is claiming, your first theory seems right.
https://twitter.com/TwitterSupport/status/1283591846464233474
2 The_Homocracy 2020-07-15
Holy fucking shit.
1 Shitposting_Skeleton 2020-07-15
It could be a legitimate security firm doing this underhandedly to market their pre-existing research/products on the subject.
1 Swagbag6969 2020-07-15
The guy was shitposting with we wuz kangs pol stuff on his own Twitter account. He probably didn't want deumf to lose.
1 The_Homocracy 2020-07-15
Hahahaha it was a poltard? The mysterious hacker known as 4chan strikes again!
2 Swagbag6969 2020-07-15
I'm trying to find a picture but I'm pretty sure twitter has purged most of them. He made an account with proof of the admin tools to blackist people, he had 814k followers basically in hours and his profile picture was this with Epstein's black book as his background picture.
1 The_Homocracy 2020-07-15
Holy shit that's hilarious. He's probably going to get caught too so that'll be funny
1 YoshFromYsraelDntBan 2020-07-15
If they managed to hit an admin with a phish then a bot could easily log in to their tools even before a 2FA token expires. And once they're in, they're in.
1 justcool393 2020-07-15
maybe but you'd also have to grab the OTP code from the admin if they set up their system correctly unless you can just go into the admin tools without any reauthentication at any point, which is somewhat alarming.
I honestly don't see a phishing angle to this, because you'd have to know enough about the internal system to get access to it.
I bring up the model of reddit because it's the one I know, but it prevents a lot of problems by adding a second step. If I want to grant myself admin powers as an admin, I would need to do a few things
Oh and if someone gains access to my account, a person who has shell access can go into the shell and edit the liveconfig and kill my admin perms, reset my password, and suspend my account while I get my shit together.
The last point is a bit important too because this wouldn't have happened if there was any semblance of monitoring or reporting tools available to a more senior person to fix it.
2 YoshFromYsraelDntBan 2020-07-15
You have much more faith in twitter's protection of their admin tools than I do hahahah. We can at least agree on the ridiculous lack of oversight though
2 justcool393 2020-07-15
yeah. I guess it's just baffling to me that this was like "everything burning for 6 hours" and not "someone got kicked out of the admin panel within 10 minutes"
1 SPQAC 2020-07-15
Impossible to trace puts are hardly a thing. The trick is to have no-one looking into your shorting.
1 The_Homocracy 2020-07-15
I mean I figure if you placed the orders under multiple stolen IDs over the course of a few days and then laundered the gains through Bitcoin etc, that should be pretty difficult, if not impossible to trace, I would think.
2 SPQAC 2020-07-15
I guess it's doable, yet the logistics scare me. Those stolen IDs won't be coming in with cash, you need bank accounts and make them not tracing to you. Then you need to get the money fast enough, which they might have some time limits in place for lump sums, especially for shorting cases. Then you need to get the money to bank accounts that should not trace to you, then you need to launder the BTC through merging pools because BTC is absolutely transparent. Then you have the issue of BTC having dirty and clean coins. Then you need to safely convert BTC to fiat in an untraceable manner.
On top of that, there can be some ML algo sniffing out these fork-join account patterns in real time.
1 The_Homocracy 2020-07-15
Oh for sure it would be a pain to set up but it's doable if you're looking to make millions. That's why this feels so amateurish to me. 100k seems like a small amount considering all the scrutiny this is going to be under.
I wouldn't risk decades in prison for 100k but I could imagine some lucky but not so smart Bitcoin scammers doing it.
1 SPQAC 2020-07-15
If they hacker lives in Abkhazia, Transnistria, or the disputed Ukrainian territory, he's risking nothing.
1 The_Homocracy 2020-07-15
True. Maybe I just wish they did something more substantial. Still feels like amateur hour to me though.
1 SPQAC 2020-07-15
Itโll follow the economy, as is tradition
1 superscout 2020-07-15
That gets so complex so fast, and any crumb could be the one that the NSA uses to bust you. Why risk a fat, clean payday, with shit that will surely get you busted?
1 The_Homocracy 2020-07-15
I suppose so. I just feel like a more sophisticated attacker could have done that from overseas without too much risk.
1 Wewraw 2020-07-15
They definitely have added security on dipshits account. The fact that he wasnโt hacked too proves it.
Probably only CTO and select staff are allowed to even look at it after going through hoops in pairs and logging what they do.
1 The_Homocracy 2020-07-15
True. Didn't some Twitter employee ban Daddy's account for a little while one day? Probably added more security then too
2 Wewraw 2020-07-15
Yeah. They were fired and deleted it as a parting shot.
The real interesting thing here is that the DMs were accessible so get ready for supposed screenshots to make the rounds.
1 The_Homocracy 2020-07-15
๐๐พ๐๐พ๐๐พ thank you drama gods ๐๐พ๐๐พ๐๐พ
2 drovid5 2020-07-15
over a 100k? How does 10 million sound???
1 Swagbag6969 2020-07-15
It's actually kind of crazy, they literally programmed a way to make people tweet whatever they want into Twitter admin access itself. They could just make trump tweet n bombs whenever they want.
29 hackfraud199930 2020-07-15
Twitter is going full CHAZ
18 600_lbs_of_sin 2020-07-15
u can't say that and then not post a link for those of us who don't use that trash website
10 Bagtot 2020-07-15
Looks like Twitter may not be as r-slurred as I previously thought.
1 MrRightIsWhite 2020-07-15
Indeed, they're even more retarded than previously thought possible.
8 CosmoSucks 2020-07-15
it's hilarious right now make it permanent.
2 YourLocalMonarchist 2020-07-15
this is like cocaine but retarded and I love it
1 grogocean 2020-07-15
inshallah