It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

The start of a cyberwar?

page: 1
9
<<   2 >>

log in

join
share:

posted on Jul, 15 2020 @ 10:45 PM
link   
It's been awhile for me to be posting here, so please bear with me...

I've been watching for last couple days and seeing interesting events happening.

The first event was this executive order... Probably geared towards tiktok.

Followed up by today's twitter attack, disguised as a bitcoin fraud thing, but affecting much more than just trying to grab a few bitcoin from stupid people. with the possibility of a compromised admin control panel (This thread)

This has prompted senator Josh Hawley to send a letter to twitter ceo Jack Dorsey...

Senator Hawley's twitter feed

Letter from Senator

Was the twitter attack a cyber "Shot across the Bow" response to yesterday's executive order?

I know the bitcoin thing has been going for a bit now, it's not just something new today. but it definitely jumped into a higher gear today. Apparently, some of the accounts compromised were using 2 factor authentication. How does that happen?
edit on 15-7-2020 by gspat because: Spelling




posted on Jul, 15 2020 @ 10:55 PM
link   
a reply to: gspat

Takes some serious technical know how and inside intel. I work IT. A country and a spy my guess and now is a beautiful time to pull the trigger.



posted on Jul, 15 2020 @ 11:12 PM
link   
a reply to: FlyinHeadlock

I don't work in I.T,

Any chance you can put into laymans terms why you think that?



posted on Jul, 15 2020 @ 11:18 PM
link   

originally posted by: Tim2win
a reply to: FlyinHeadlock

I don't work in I.T,

Any chance you can put into laymans terms why you think that?

Hear Here.



posted on Jul, 15 2020 @ 11:28 PM
link   
a reply to: carewemust

Damn you, you wet knickered rube.

Your posts infuriaate me, please don't agree with me.



posted on Jul, 15 2020 @ 11:29 PM
link   
No it doesn't. All it takes is one compromised admin account with access to the leaked admin dashboard. Breaches occur far more often as a result of phishing privileged accounts.

a reply to: FlyinHeadlock


edit on 15-7-2020 by hombero because: (no reason given)



posted on Jul, 15 2020 @ 11:33 PM
link   
a reply to: Tim2win

You'll want to look into APT groups APT Wiki Article, that's going to be your first start. Then you'll want to look into how tech hiring is done, specifically the H1B visa program, which allows foreign nationals to work in the US, specifically in the tech sector. Most large firms, even medium firms, are absolutely awful at the execution of data loss prevention (DLP), which if properly implemented and tuned would help mitigate exfiltration of some data.

This is my personal opinion on how this could have occurred, without personal inside knowledge of what happened. Thus, only speculation at this point.



posted on Jul, 15 2020 @ 11:34 PM
link   

originally posted by: Tim2win
a reply to: carewemust

Damn you, you wet knickered rube.

Your posts infuriaate me, please don't agree with me.


LMAO..I just about spit out my drink


It's ok to find common ground on something.



posted on Jul, 15 2020 @ 11:40 PM
link   
a reply to: hombero

Maybe it was not compromised but given to someone for something.



posted on Jul, 15 2020 @ 11:42 PM
link   
a reply to: hombero

A compromised admin account with multiple layers of security control failure in place? Zero day attack then? Because I would imagine Twitter has at bare minimum; a PAM solution, two-factor auth., a jump host or other enclave for admin access, an EDR solution, some sort of logging and monitoring platform (Splunk?), and a SOC capable of eyes on glass. Who knows what else they may have in place.

Or it's also possible that due to working at home due to Covid has exposed a vulnerability in their remote access process, which is alarmingly common. I'm interested to see how it all plays out in the end.



posted on Jul, 15 2020 @ 11:46 PM
link   
a reply to: Hypntick

I'm clueless about this but from some articles that I have read, it seems that some moderators accounts were compromised allowing access to apparently secure accounts.

Is it not possible that this was just some very savy bitcoin scammer or is it something much bigger?

Thanks for the info, this is the first tim I have rad about APT.
edit on 15-7-2020 by Tim2win because: because im a retard



posted on Jul, 15 2020 @ 11:53 PM
link   
a reply to: Tim2win

Is it possible? Absolutely. Is it likely? I would say less so. Then again based on some of the breaches of large orgs in the last few years, it wouldn't shock me if it was a misconfiguration that allowed this to happen.



posted on Jul, 16 2020 @ 12:00 AM
link   
a reply to: gspat

Twitter is now saying an employee gave access to the admin panel. Hacker has posted they paid the employee to give them access.

If this is true, this is an incredibly stupid twitter employee. No way did they get paid enough to have their life destroyed, which is what will surely happen once they figure out their identity.

edit on 16-7-2020 by proximo because: (no reason given)



posted on Jul, 16 2020 @ 12:04 AM
link   
a reply to: proximo

Damage control, really sounds like that.



posted on Jul, 16 2020 @ 12:04 AM
link   
a reply to: Tim2win

If you want to read more into how organized some of these groups are APT1 Report from Mandiant. Dry if you're not really technical, but the executive summary is really damn interesting.

a reply to: proximo

Insider threat is a huge concern for a lot of companies. If this is what happened, I can't say that I'm shocked, useful idiots abound.
edit on 7/16/20 by Hypntick because: Additional Reply



posted on Jul, 16 2020 @ 12:06 AM
link   

originally posted by: Tim2win
a reply to: carewemust

Damn you, you wet knickered rube.

Your posts infuriaate me, please don't agree with me.

Awesome! Thanks for the compliment.



posted on Jul, 16 2020 @ 12:10 AM
link   

originally posted by: Hypntick
a reply to: Tim2win

You'll want to look into APT groups APT Wiki Article, that's going to be your first start. Then you'll want to look into how tech hiring is done, specifically the H1B visa program, which allows foreign nationals to work in the US, specifically in the tech sector. Most large firms, even medium firms, are absolutely awful at the execution of data loss prevention (DLP), which if properly implemented and tuned would help mitigate exfiltration of some data.

This is my personal opinion on how this could have occurred, without personal inside knowledge of what happened. Thus, only speculation at this point.


So would that be a way to access secure data/info, in addition to generating chaos and headlines.



posted on Jul, 16 2020 @ 12:12 AM
link   
a reply to: Hypntick

Sweet baby jesus, this could be a whole new thread.

No proven financial direct links to APT1 and CCP though after skimming, money could be from anywhere.

Im not technical, may well have missed something.



posted on Jul, 16 2020 @ 12:13 AM
link   
a reply to: carewemust

Absolutely. One of the common attack paths seen in a lot of APT or financially motivated groups (FIN), is obtain a foothold, escalate privileges in the environment, perform lateral movement into sensitive systems, and then exfiltrate data out. In doing so some groups will also drop ransomware in an unrelated area as a distraction, or possibly in this case, a campaign of posting bitcoin spam. Same principle as a magician, gotta have misdirection somewhere.
edit on 7/16/20 by Hypntick because: Typo



posted on Jul, 16 2020 @ 12:28 AM
link   
Anyone that tries to expose Twitter and Dorsey is doing the United States and the world a favor. I doubt it is an enemy of America that did this.



new topics

top topics



 
9
<<   2 >>

log in

join