It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The start of a cyberwar?
page: 1share:
It's been awhile for me to be posting here, so please bear with me...
I've been watching for last couple days and seeing interesting events happening.
The first event was this executive order... Probably geared towards tiktok.
Followed up by today's twitter attack, disguised as a bitcoin fraud thing, but affecting much more than just trying to grab a few bitcoin from stupid people. with the possibility of a compromised admin control panel (This thread)
This has prompted senator Josh Hawley to send a letter to twitter ceo Jack Dorsey...
Senator Hawley's twitter feed
Letter from Senator
Was the twitter attack a cyber "Shot across the Bow" response to yesterday's executive order?
I know the bitcoin thing has been going for a bit now, it's not just something new today. but it definitely jumped into a higher gear today. Apparently, some of the accounts compromised were using 2 factor authentication. How does that happen?
I've been watching for last couple days and seeing interesting events happening.
The first event was this executive order... Probably geared towards tiktok.
Followed up by today's twitter attack, disguised as a bitcoin fraud thing, but affecting much more than just trying to grab a few bitcoin from stupid people. with the possibility of a compromised admin control panel (This thread)
This has prompted senator Josh Hawley to send a letter to twitter ceo Jack Dorsey...
Senator Hawley's twitter feed
Letter from Senator
Was the twitter attack a cyber "Shot across the Bow" response to yesterday's executive order?
I know the bitcoin thing has been going for a bit now, it's not just something new today. but it definitely jumped into a higher gear today. Apparently, some of the accounts compromised were using 2 factor authentication. How does that happen?
edit on 15-7-2020 by gspat because:
Spelling
a reply to: FlyinHeadlock
I don't work in I.T,
Any chance you can put into laymans terms why you think that?
I don't work in I.T,
Any chance you can put into laymans terms why you think that?
originally posted by: Tim2win
a reply to: FlyinHeadlock
I don't work in I.T,
Any chance you can put into laymans terms why you think that?
Hear Here.
a reply to: carewemust
Damn you, you wet knickered rube.
Your posts infuriaate me, please don't agree with me.
Damn you, you wet knickered rube.
Your posts infuriaate me, please don't agree with me.
No it doesn't. All it takes is one compromised admin account with access to the leaked admin dashboard. Breaches occur far more often as a result of
phishing privileged accounts.
a reply to: FlyinHeadlock
a reply to: FlyinHeadlock
edit on 15-7-2020 by hombero because: (no reason given)
a reply to: Tim2win
You'll want to look into APT groups APT Wiki Article, that's going to be your first start. Then you'll want to look into how tech hiring is done, specifically the H1B visa program, which allows foreign nationals to work in the US, specifically in the tech sector. Most large firms, even medium firms, are absolutely awful at the execution of data loss prevention (DLP), which if properly implemented and tuned would help mitigate exfiltration of some data.
This is my personal opinion on how this could have occurred, without personal inside knowledge of what happened. Thus, only speculation at this point.
You'll want to look into APT groups APT Wiki Article, that's going to be your first start. Then you'll want to look into how tech hiring is done, specifically the H1B visa program, which allows foreign nationals to work in the US, specifically in the tech sector. Most large firms, even medium firms, are absolutely awful at the execution of data loss prevention (DLP), which if properly implemented and tuned would help mitigate exfiltration of some data.
This is my personal opinion on how this could have occurred, without personal inside knowledge of what happened. Thus, only speculation at this point.
originally posted by: Tim2win
a reply to: carewemust
Damn you, you wet knickered rube.
Your posts infuriaate me, please don't agree with me.
LMAO..I just about spit out my drink
It's ok to find common ground on something.
a reply to: hombero
A compromised admin account with multiple layers of security control failure in place? Zero day attack then? Because I would imagine Twitter has at bare minimum; a PAM solution, two-factor auth., a jump host or other enclave for admin access, an EDR solution, some sort of logging and monitoring platform (Splunk?), and a SOC capable of eyes on glass. Who knows what else they may have in place.
Or it's also possible that due to working at home due to Covid has exposed a vulnerability in their remote access process, which is alarmingly common. I'm interested to see how it all plays out in the end.
A compromised admin account with multiple layers of security control failure in place? Zero day attack then? Because I would imagine Twitter has at bare minimum; a PAM solution, two-factor auth., a jump host or other enclave for admin access, an EDR solution, some sort of logging and monitoring platform (Splunk?), and a SOC capable of eyes on glass. Who knows what else they may have in place.
Or it's also possible that due to working at home due to Covid has exposed a vulnerability in their remote access process, which is alarmingly common. I'm interested to see how it all plays out in the end.
a reply to: Hypntick
I'm clueless about this but from some articles that I have read, it seems that some moderators accounts were compromised allowing access to apparently secure accounts.
Is it not possible that this was just some very savy bitcoin scammer or is it something much bigger?
Thanks for the info, this is the first tim I have rad about APT.
I'm clueless about this but from some articles that I have read, it seems that some moderators accounts were compromised allowing access to apparently secure accounts.
Is it not possible that this was just some very savy bitcoin scammer or is it something much bigger?
Thanks for the info, this is the first tim I have rad about APT.
edit on 15-7-2020 by Tim2win because: because im a retard
a reply to: gspat
Twitter is now saying an employee gave access to the admin panel. Hacker has posted they paid the employee to give them access.
If this is true, this is an incredibly stupid twitter employee. No way did they get paid enough to have their life destroyed, which is what will surely happen once they figure out their identity.
Twitter is now saying an employee gave access to the admin panel. Hacker has posted they paid the employee to give them access.
If this is true, this is an incredibly stupid twitter employee. No way did they get paid enough to have their life destroyed, which is what will surely happen once they figure out their identity.
edit on 16-7-2020 by proximo because: (no reason given)
a reply to: Tim2win
If you want to read more into how organized some of these groups are APT1 Report from Mandiant. Dry if you're not really technical, but the executive summary is really damn interesting.
a reply to: proximo
Insider threat is a huge concern for a lot of companies. If this is what happened, I can't say that I'm shocked, useful idiots abound.
If you want to read more into how organized some of these groups are APT1 Report from Mandiant. Dry if you're not really technical, but the executive summary is really damn interesting.
a reply to: proximo
Insider threat is a huge concern for a lot of companies. If this is what happened, I can't say that I'm shocked, useful idiots abound.
edit on
7/16/20 by Hypntick because: Additional Reply
originally posted by: Tim2win
a reply to: carewemust
Damn you, you wet knickered rube.
Your posts infuriaate me, please don't agree with me.
Awesome! Thanks for the compliment.
originally posted by: Hypntick
a reply to: Tim2win
You'll want to look into APT groups APT Wiki Article, that's going to be your first start. Then you'll want to look into how tech hiring is done, specifically the H1B visa program, which allows foreign nationals to work in the US, specifically in the tech sector. Most large firms, even medium firms, are absolutely awful at the execution of data loss prevention (DLP), which if properly implemented and tuned would help mitigate exfiltration of some data.
This is my personal opinion on how this could have occurred, without personal inside knowledge of what happened. Thus, only speculation at this point.
So would that be a way to access secure data/info, in addition to generating chaos and headlines.
a reply to: carewemust
Absolutely. One of the common attack paths seen in a lot of APT or financially motivated groups (FIN), is obtain a foothold, escalate privileges in the environment, perform lateral movement into sensitive systems, and then exfiltrate data out. In doing so some groups will also drop ransomware in an unrelated area as a distraction, or possibly in this case, a campaign of posting bitcoin spam. Same principle as a magician, gotta have misdirection somewhere.
Absolutely. One of the common attack paths seen in a lot of APT or financially motivated groups (FIN), is obtain a foothold, escalate privileges in the environment, perform lateral movement into sensitive systems, and then exfiltrate data out. In doing so some groups will also drop ransomware in an unrelated area as a distraction, or possibly in this case, a campaign of posting bitcoin spam. Same principle as a magician, gotta have misdirection somewhere.
edit on 7/16/20 by Hypntick because: Typo
Anyone that tries to expose Twitter and Dorsey is doing the United States and the world a favor. I doubt it is an enemy of America that did this.
new topics
-
What Comes After January 20th
Mainstream News: 38 minutes ago -
Canada as a state .. how would it work?
General Chit Chat: 47 minutes ago -
Those stupid GRAVITE commercials
Rant: 1 hours ago -
Let's Buy Greenland
General Chit Chat: 2 hours ago -
Planned Civil War In Britain May Be Triggered Soon
Social Issues and Civil Unrest: 5 hours ago -
Claim: General Mark Milley Approved Heat and Sound Directed Energy Weapons During 2020 Riots
Whistle Blowers and Leaked Documents: 6 hours ago
top topics
-
Claim: General Mark Milley Approved Heat and Sound Directed Energy Weapons During 2020 Riots
Whistle Blowers and Leaked Documents: 6 hours ago, 11 flags -
Planned Civil War In Britain May Be Triggered Soon
Social Issues and Civil Unrest: 5 hours ago, 5 flags -
Let's Buy Greenland
General Chit Chat: 2 hours ago, 4 flags -
What Comes After January 20th
Mainstream News: 38 minutes ago, 4 flags -
Those stupid GRAVITE commercials
Rant: 1 hours ago, 2 flags -
Canada as a state .. how would it work?
General Chit Chat: 47 minutes ago, 1 flags
active topics
-
Claim: General Mark Milley Approved Heat and Sound Directed Energy Weapons During 2020 Riots
Whistle Blowers and Leaked Documents • 21 • : BeyondKnowledge3 -
Let's Buy Greenland
General Chit Chat • 12 • : CriticalStinker -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3955 • : Thoughtful3 -
What Comes After January 20th
Mainstream News • 4 • : JadedGhost -
Those stupid GRAVITE commercials
Rant • 3 • : Cre8chaos79 -
Canada as a state .. how would it work?
General Chit Chat • 5 • : CriticalStinker -
Gravitic Propulsion--What IF the US and China Really Have it?
General Conspiracies • 30 • : Lazy88 -
Remember These Attacks When President Trump 2.0 Retribution-Justice Commences.
2024 Elections • 133 • : Oldcarpy2 -
Sorry to disappoint you but...
US Political Madness • 40 • : cherokeetroy -
January 6th report shows disturbing trend (nobody is shocked)
US Political Madness • 72 • : JadedGhost