Twitter Hackers May Have Bribed an Insider

Motherboard is reporting that this week’s Twitter hack involved a bribed insider. Twitter has denied it.

I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don’t know — and probably won’t for a couple of weeks.

EDITED TO ADD (8/10): It was social engineering and not bribery.

Posted on July 17, 2020 at 6:04 AM55 Comments

Comments

Stephen Craven July 17, 2020 6:38 AM

What option is less likely to impact their stock price: paid insider or compromised security on their internal systems?

wiredog July 17, 2020 7:28 AM

As Rob Pegoraro said “I, for one, look forward to an NTSB-level unpacking of what the hell happened.”

Given who got hit, and how much damage could have been done (there are some very inventive “Let’s start World War 3 using hacked Twitter” scenarios), the various national and international law enforcement and intelligence agencies are taking very public (and quite private) looks at this.

IRAN July 17, 2020 7:59 AM

IRAN regime also use insiders in western countries to hack systems.

When an Iranian goes to Iran to visit family, IRGC terrorist organization asks them to coopporate with IRGC for spying and other things.
If they deny, they would be arrested under name of spy and they goto jail for as least 10 years.

Right now, there are a lot of educated Iranians in jail who also have western countries passport.

Clive Robinson July 17, 2020 10:08 AM

@ IRAN,

I’m assuming that it you are just speculating on who has carried out this attack, as there is no publically released information.

Typically the US Government blaims one of only four nation states,

1, China,
2, Iran,
3, North Korea,
4, Russia.

For what are virtually “knee jerk” reactions to gain political points.

In reality there is probably over 100 nations SigInt agencies capable not only of doing this but also leaving a false trail to another country. Worse there are many criminal orgabisations numbering in the thousands who could do the same just for “5h1ts and giggles”. There are also many commercial organisations who would for what is a modest amount do it for any orher of the Nations who don’t have sufficiently competent coders.

As I’ve said befor,

    “Atribution is very very hard”

Also laying a false trail on a False Flag operation is comparitively rediculously easy.

So jumping the gun is realy not a good idea, patient methodical detective work is what is required, and I’m not seeing either currently.

V July 17, 2020 10:39 AM

I’m waiting for the FBI (etc.) to announce they’ve deanonymized the blockchain and are charging someone with multiple felonies.

Al July 17, 2020 11:53 AM

Says here that Twitter released details of the hack.
https://threatpost.com/twitter-elite-accounts-are-hijacked-in-unprecedented-cryptocurrency-scam/157463/
““We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company tweeted. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.””

So, it sounds like social engineering to obtain access, and social engineering once they had access to these accounts.

vas pup July 17, 2020 3:01 PM

@V and other bloggers with sufficient experise:
Is it really possible to ‘deanonymize the blockchain’?

echo July 17, 2020 4:20 PM

I don’t treat the high attention seekers on twitter seriously at all. The best information on twitter comes from “no names” and ordinary people. The high attention seekers and media often follows a few days or several weeks behind. Value is too often placed on not what is said but who says it. This seems to be the default in large hierarchial organisations or large online pools of people. Government today is like this only bigger and slower.

I’ve read through some of the media on this and almost all the story is devoted to speculation based on possibilities and joining dots which may not exist. This is ten minutes of my life I will never get back. Needless to say the publications hyperventilating over this aren’t in my top ten of regular media consumption.

“5h1ts and giggles” or money or both seem to be the motivator.

SpaceLifeForm July 17, 2020 4:22 PM

It will not surprise me if early forensic investigation led to this:

hXXps://www.bleepingcomputer.com/news/security/federal-agencies-told-to-patch-wormable-windows-dns-bug-in-24-hours/

It is over 24 hours now.

Northern Realist July 17, 2020 4:40 PM

@Harry Budwin Seriously? You actually think a security firm that uses a GMAIL account is trustworthy?

Phaete July 17, 2020 4:57 PM

@vas pup

Is it really possible to ‘deanonymize the blockchain’?

That question almost has more ifs, ands and buts then the question if we can solve the Israel-Palestine deal successfully.

Factors here:
– Which blockchain?
– just a user or the entire chain? (ID everyone?)
– savy users vs users?
– unclaimed money?
– money usage in shops/atm that are hip and blockchainmoney friendly?
– acceptable losses comparable to money laundering (cents on the dollar)
– etc

Short answer, no.
Long answer, in some cases yes, and with lots of time and resources, some more cases yes, but never all.

MarkH July 17, 2020 6:35 PM

@vas pup:

I haven’t studied blockchain, and don’t know the nuts and bolts. I’ll do my best with my limited understanding, requesting readers to please correct what I get wrong.

According to articles I’ve read, BitCoin in particular, and presumably other blockchain “currencies” also, can in fact be traced to individuals.

As Clive has explained more than once, blockchain is just a fancy name for a set of data structures combined with certain fields and protocols meant to authenticate links between them (hope I got that right Clive, writing from my fuzzy recollection).

The function of blockchain in cryptocurrencies is to establish a ledger (transaction list) which an entire user community can agree is valid. As I understand it, it’s somewhat analogous to a ledger recording account numbers (for example, the famous Swiss secret number accounts), or a cash transaction ledger in which the currency serial numbers are recorded.

The ledger by itself doesn’t reveal identities … but as a complete and accurate record of the “money trail” it can help to identify parties in combination with other data.

BitCoin anonymity is sufficiently poor, that a newer medium called Monero was designed as a more anonymous alternative in order to satisfy “customer demand”.

A couple of years ago, Bruce made a blog post here about research indicating that Monero anonymity could be broken too.

It seems to me that there’s an inherent tension between the hope for anonymity (which is one motivation for these systems), and the paramount need to establish with absolutely no ambiguity that a certain quantity belongs to one party and no other.

Although this isn’t technical data, I recall that more than 10 years ago, when BitCoin was still a novelty, it was said the U.S. federal prosecutors have given it the nickname “prosecution futures” (a joking reference to the “futures contracts” traded in commodity markets).

This would seem to indicate, that the U.S. Department of Justice had concluded that BitCoin anonymity is porous.

I’m sure that Phaete has it right when he write that deanonynimization is never possible in all cases. On the other side, a cryptocurrency user who places absolute reliance on its supposed anonymity may be headed for a nasty surprise.

PS The U.S. Federal Tax forms for 2019 have a form of question I don’t remember seeing before (on 1040 Schedule 1):

At any time during 2019, did you receive, sell, send, exchange, or otherwise acquire any financial interest in any
virtual currency?

A person who answers this falsely is risking prison time. A person who fails to answer might have their return rejected, and be required to either answer the question or face penalties.

echo July 17, 2020 7:00 PM

I’m somewhat bothered by the amount of electricity cryptocurrencies use in aggragate. I also think by and large they are a con, or a solution in search of a problem. This pretty much makes me impervious to crytocurrency fraud as I never use the things.

Mike D. July 17, 2020 7:36 PM

One of the design features of cryptocurrencies like BitCoin is that charges cannot be reversed, so everyone who sent money to these scam artists are out their coins for good.

Seriously, if a system, run by humans, that can’t correct errors is your idea of freedom, I can’t help you.

Al July 17, 2020 8:00 PM

@echo
Insofar as cryptocurrencies being “a solution in search of a problem”, there is a problem present right now, and that is central bank money creating/printing, which is diluting the dollar and euro.

Where did that $3T stimulus come from? If you said “out of thin air”, you’re pretty close. The treasury issued about $3T of debt and the Fed Reserved created/printed $3T and pulled an offsetting $3T of debt from the debt markets and put it onto the bookd of the Fed. The rise in this chart used newly created money.
https://fred.stlouisfed.org/series/WALCL

I was hoping Libra would work as that solution to escape the problem. In fact, when the government was resisting Libra, interference with monetary policy was given as one of the reasons. They want people holding dollars as they print. And they don’t have an exit strategy. There is so much debt out there that, if they stop printing and lending, interest rates will shoot through the roof.

echo July 17, 2020 8:36 PM

@Al

Government being able to create money is a good thing. Without going into all the pluses and minus of fractional reserve banking or whatever mechanism is used the basics are very simply that money is a director of effort and allows resource effort to shift from one area of an economy to another. Money in itself is make believe and cannot be seperated from social and economic policy and tax and incomes and welfare policies etcetera. At the base of this is the “real economy” which printing money is directing.

Unjustifiable tax cuts for the rich and printing money just to do something stupid with it are a stupid idea I would agree but this is a political question. I’m still lost on how cryptocurrencies mitgate this. It’s another one of those replace what with what questions. You’d be better putting your money into shoe leather to walk to the voting booth.

If you’re that worried about currency movement buy some Yen and sell it back in a year. The transation fees will be lower than a cryptocurrency electricity bill and you can use it as firelighters if the economy collapses.

Ping-Che Chen July 18, 2020 1:16 AM

To “deanonymize” Bitcoin is always about how the holder chooses to use it.
Right now, most high profile virtual currency exchanges all require some forms of KYC. Therefore, if you use them, it’s really not too much different from using a bank.
There are some virtual currencies designed with anonymity in mind, using zero knowledge proof algorithms. However, to use them, you have to convert your bitcoin to these virtual currency first. Since they use a different blockchain, you need to have someone willing to trade with you, and that could be a problem.

To handle the “trading” problem, there are some automatic “hashrate for hire” platforms which require very little KYC (many only require an e-mail address to sign up), and you can use your bitcoin to buy some “hashrates” to mine for other, more anonymous virtual currencies, and thus, in theory, they are “laundered” and can be traded on normal exchanges after a few transactions to hide the tracks. Of course, one always has to be careful when using a centralized 3rd party server, to avoid leaving possible digital fingerprints on their servers.

SpaceLifeForm July 18, 2020 1:22 AM

Twitter provides an update via their blog.

No bribery. They Say Social Engineering.
They do not address WFH (Work From Home) as a factor, but I think they need to look into VPN and Zoom usage as the employees WFH.

https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html

In this post we summarize the situation as of July 17 at 8:35p Pacific Time. The following information is what we know as of today and may change as our investigation and outside investigations continue.

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.

SpaceLifeForm July 18, 2020 2:22 AM

“The following information is what we know as of today and may change as our investigation and outside investigations continue.”

Outside investigations. Plural. Not just FBI.

SpaceLifeForm July 18, 2020 3:40 AM

@Ping-Che Chen, @La Abeja

Very interesting.

In theory, one can launder their crypto currency.

How does one trust the broker/exchange?

What if they are a front?

… none of the crypto currencies in existence are “backed” by gold or precious metals or anything else of intrinsic worth, as far as I can tell.

Nor are any fiat currencies since 1935.

Checks note. Yep, a 1934 $5 Silver Certificate (not in mint condition).

“This certificate is legal tender for all debts public and private”

and at bottom

“Five dollars in silver payable to the bearer on demand”

Current fiat money says ‘note’ instead of ‘certificate’.
And of course, no mention of Silver or Gold.

Which, circling back around a bit, leads me to wonder.

The Twitter hack was really stupid. As Marcus Hutchins noted on Twitter, sometimes hackers just aren’t creative.

But, what if they really actually were creative?

What if what looks like a hack to scam bitcoin is actually a pure misdirection play?

What if there is actually a bigger hack that already happened inside Twitter and now Twitter, FBI, etc are paying attention to the wrong shell?

Uncertified Unexpert July 18, 2020 7:23 AM

@SpaceLifeForm:
“What if there is actually a bigger hack that already happened inside Twitter and now Twitter, FBI, etc are paying attention to the wrong shell?”

Sounds like foolishness: A few days ago, this hypothetical “bigger hack” was either undiscovered or noticed only by Twitter security insiders without any word getting out to the media which is always watching for that kind of story. Nobody would be investigating it except a few people on their own security team, which has not shown the fastest nor deepest forensic capability.

Now, there are federal agencies, and whichever serious security companies Twitter called in, and all their internal resources, and no doubt several teams operating on behalf of Russia and China and other nations (not only those on the standard-blame list) digging hard through every aspect of Twitter’s operations and audit trails and data exfiltration tracks and human factors. They’re not just searching for “who got tricked into giving up the password to the password-hash file” … they’re poking for all forms of vulnerability in the whole company. If there is some other deal that has gone down lately, it’s far more likely to get discovered than it would have been.

Uncertified Unexpert July 18, 2020 7:28 AM

@Northern Realist:
“You actually think a security firm that uses a GMAIL account is trustworthy?”

Hint: “Harry Budwin” is just a bot casting a wide net to lure suckerfish into a trap to get deceived and ripped off again, having shown their gullibility by falling for a silly scam and desperately looking for a solution without consulting any established legitimate company.

Anders July 18, 2020 11:33 AM

Forget the bitcoin, it’s smokescreen.

mobile.twitter.com/RachelTobac/status/1284411948176535560?p=v

vas pup July 18, 2020 1:34 PM

@Phaete, @MarkH, @Anders – thank you for clarification on crypto currency features.

In particular:

“The ledger by itself doesn’t reveal identities … but as a complete and accurate record of the “money trail” it can help to identify parties
=>in combination with other data.”

Other data usually is not technical, but rather from human sources (Confidential Informants, ‘snitches’, Cooperative Witness – you name it).

L July 18, 2020 3:13 PM

I’m seeing a lot of ignorant discussion about cryptocurrency and Bitcoin in particular. I don’t say that with the intention of trying to insulting anyone, I just think that there needs to be a lot more understanding before a truly constructive discussion can efficiently take place. The spelling of Bitcoin is a somewhat trivial topic, but for the record, BitCoin is incorrect. Bitcoin is also, by default, pseudonymous. Transactions can be traced back to real-life individuals in practice. The are however, various methods which can be used to make tracing transactions back to real-life individuals effectively impossible in practice. Immutability of the blockchain is a feature, not a bug. The reliance on proof of work (electricity) for the foundation of a consensus mechanism is a literally the rules of our universe mirrored into an organized programmable system. Note, that wasn’t a A > B argument; just an explanation for why actors can and do place so much trust in the system. Is Bitcoin a currency? Yes, but not a fiat currency. Bitcoin, like traditional money, can be used as an expression of one’s will. That’s a pretty obvious statement. But combine that truth with the fact that Bitcoin is decentralized and can, effectively be anonymous, and you start to realize the impact Bitcoin has made and will make on the modern world. In the original whitepaper, Satoshi Nakamoto described Bitcoin as electronic cash. That’s a fairly decent depiction, but it only scratches the surface of Bitcoin’s potential.

echo July 18, 2020 3:15 PM

@SpaceLifeForm

Not even gold is backed by gold. It is well known there are more gold certificates in existance than actual gold. Yes, those gold certificates are actually a form of fiat money and no they are not backed by gold. The only gold worth having is the gold in your hands.

I personally think gold should either be left in the ground, stored for something useful, or used as jewellery. Using gold as money or storing a lump of it a vault for gloating value is a waste of gold. Most (read all) of my jewellery is costume jewellery. One of my favourite and irreplaceable earring and necklace sets (which I cobbled together from seperate purchases by blind luck) is made of plastic. I daresay a time will come where oil based plastic jewellery will be rare and the secrets of manufacture as lost as Damascus steel.

SpaceLifeForm July 18, 2020 3:16 PM

@ Uncertified Unexpert

I believe we basically agree.

I was just pointing out misdirection angle.

I’m sure Google and Amazon are involved.

Even to this point, Twitter “believes” it was Phishing. I do not.

They “believe” that no hashed passwords were exfiltrated. Even old passwords.

Why are they keeping old password hashes anyway? Recovery?

SpaceLifeForm July 18, 2020 3:47 PM

@ echo

Last I checked, one can not eat gold nor cryptocurrency, Well, ok, gold, yes one can eat, but no nutritional value.

I launder my fiat money.

At stores. Food, petrol.

The best use of gold is on PCBs, so you can mine cryptocurrency.

MarkH July 18, 2020 6:19 PM

Kathryn Haun, former U.S. federal prosecutor, referring to blockchain:

The government was able to use that same technology to actually track down criminal activity it might not otherwise have been able to. Without the technology underlying Bitcoin, we never would have been able to catch those people.

She’s now an executive at a firm trading cryptocurrency.


Those of us who follow security technology see an oft-repeated pattern.

Ingenious people design an elegant system intended to provide some set of information integrity assurances to its users. A few examples of such assurances:

• confidentiality
• authentication
• anonymity
• unforgeability

When these elegant designs meet the real world, their success in enforcing the assurances is often disappointingly weaker than the designers promised.

An old economics joke:

Ok, maybe it works in practice … but it will never work in theory!

Such is the reality of security system weaknesses.


As I wrote above, Monero is said to have been developed because bitCOiN users learned that its protection of anonymity was not as strong as they had been led to believe.

SpaceLifeForm July 18, 2020 6:20 PM

@ echo, Anders

“Using gold as money or storing a lump of it a vault for gloating value is a waste of gold.”

Speaking of a vault…

Code I wrote years ago was stored at Ft. Knox

Certainly bit-rotted at this point in time, in both a logical and physical sense.

It was worth more than all the gold at Ft. Knox.

Ah, nevermind, there was and is no gold at Ft. Knox.

But, at the time, it was very valuable. The concepts behind that code are still in use today.

Here we have modern bitrot:

hxxps://www.zdnet.com/article/github-just-buried-a-giant-open-source-archive-in-an-arctic-vault-for-1000-years/

GitHub cancelled plans for a team to “personally escort the world’s open-source code to the Arctic” due to the coronavirus pandemic, leaving the job to local partners who received the boxed films and deposited them in an old coal mine on July 8.

Anders July 18, 2020 6:42 PM

@SpaceLifeForm

github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic/

Aah, so many film rolls…so few terabytes…

echo July 18, 2020 7:12 PM

@SpaceLifeForm

The best use of gold is on me so I can wear it as jewellery and attract a man who has so much money he doesn’t have to mine cryptocurrency out of a sense of desperation. Not that I’m especially motivated that way. It’s more of an IQ and values test. I also don’t see the point in wearing fakes and keep the real things in a safe. It’s easier and cheaper just to wear fakes and pretend I have fakes in a safe and spend the money on something else. I’m not especially interested in this either so just wear trash.

I have some bitrotted code myself. All of the concepts behind it are “out there” just not all gathered in one place which is what my code does. I have read of partial implementations but never the whole being implemented. My entire codebase is a fraction of the size of a single framework used in modern applications. This isn’t to say my code is amazing or all singing or all dancing because it’s not. The only realiseable value is sentimental and when I remember the next thing I will do is delete it. I will never code again nor get a job which requires those skills again. And that suits some people very well. It also suits me too as I no longer get any fun out of it and don’t want to hang around a room full of people who do.

Wears trash and doesn’t code. Yay for uselessness.

Clive Robinson July 19, 2020 3:24 AM

@ L,

I’m seeing a lot of ignorant discussion about cryptocurrency and Bitcoin in particular.

Oh dear, one man’s meat…

So are you “fanboi”, “idealist”, “Speculator”, some combination or something else?

The reality is it does not matter what you think are the plus points there are plenty of minus points to go around. No currency is perfect because different people want different things from them. Thus what you see as “ignorance” is your point of view -v- someone elses point of view.

At the end of the day crypto-currancy is just a token that some chose to say has some value that is entirely unrelated to it’s real world value.

To see why, in the board game “Monopoly” you get a big pile of printed currency with numbers printed on them. In the game the rules give those numbers value, but outside of the game they are just pieces of paper.

Well a unit of crypto-currancy is just a number nothing more it does not have even a physical presence. Thus it’s value is only dependent on which game you are playing nothing more.

MarkH July 19, 2020 6:49 AM

@Clive:

Thanks for your crystal-clear illumination of the question of value.

In recent years, I’ve noticed that repugnance toward “fiat currency” has grown into an obsessive fascination for some resentment-fueled corners of political commentary.

It can’t be because such currencies are unable to function, because for states with powerful economies and at least moderately stable governance, they function surprisingly well.

An example of a seemingly immortal belief is that increasing money supply will inevitably “debase” the currency. The germ of truth is that optimizing national economies generally requires an inflation rate in the range of 2 to 4 percent, so currency does “fade” over time.

In contrast to this gradual erosion, there were many dire warnings that dollars would become worthless because of money supply increases in response the the global recession. This imagined hyperinflation never happened — and economists who focus on data and models (instead of political ideology) knew that it wouldn’t.

But the people who hate fiat currency will never let go of their ideas about it. It’s like a wrote above: monetary policy has been proven to work in practice, but it will never work according to my theory, so I reject it absolutely!

The cryptocurrency fanboi mob hates fiat currency, because it’s invented, arbitrary, and has no intrinsic value … so they adore something that’s even more invented, arbitrary, and lacking intrinsic value.


Nonetheless, I predict that CC will be around for some time to come. Yes, you can use it (usually inconveniently) to buy toothpaste, but how many people are doing that?

As far as can be judged, the predominant usage for CCs is the facilitation of crime … demand in that market is wonderfully robust!

MarkH July 19, 2020 6:57 AM

@echo:

I value the thoughtfulness and civility of your contributions here.

Because in debate I tend to get like a dog chewing on an old bone, I try to set some limits for myself. I’ve learned not to engage those who don’t make intellectually serious arguments, and I’ve raised my threshold for what constitutes such an argument.

I have a “short list” of commenters here whose writings I mostly skip over, and to whom I won’t respond.

There are other folks who are quite reasonable on some topics, but so passionate on others that their adherence to fact and reason utterly melts down when they weigh in on them … when it starts to look like a theological debate, I make for the exit 🙂

Dave's Not Here July 19, 2020 10:23 AM

I also think by and large they are a con, or a solution in search of a problem.

For people in countries with stable currencies, you are correct.
For people in countries where the govt currency is under hyperinflation, crypto currencies with tiny, tiny, transaction fees are far better than legal or illegal changes to stable currencies like the USD or EUR.
Imagine if your pay needed to increase 10-100x every month to match inflation. In some of those countries, having other currency than what the govt backs is illegal.

If countries like the US, the tiny transaction fees involved with crypto currency is much better than typical methods to xfer money using a credit card for 3% fee. All prices in the US are effectively 3% higher than they should be due to this credit card tax everyone has agreed to pay.

Years ago, I remember being in South Africa at a jewelry shop. They had a clear discount for paying cash not a credit card. I mentioned paying with BTC and they looked at me funny. The next day, I returned and they had done research and decided to accept BTC as payment like cash. The rand was depressed at the time, which was part of the reason we were there. Stayed in 2,000 sqft penthouse suite for US$90/night.

echo July 19, 2020 5:48 PM

@Dave’s Not Here

I do accept your point and it may be an acceptable “black” use or in your case “grey” use of crytocurrency but it does defeat the purpose of economic policy.

Systems often have slack and everyone knows it goes on and for those at the top who mark their own homework equivalent mechanisms exist. But were it begins passing through various “walls” the system begins resisting and then enforcement begins. For example there are persuasive arguments in favour of liberalisation of drugs and intellectual property piracy which have an economic and social benefit not to mention a human rights and security angle.

I’m still not persuaded by cryptocurencies though. Yes they can and have been a legitimate solution for some people whether to preserve their capital or, like VPNs, avoid some of the more mistaken legislation and political and commercial unlawfully repressive behaviour (women and abortion pills springs to mind) but givign cryptocurrencies an undiluted free pass and hailing them as a universal to all the ills of the world? I’m not prepared to go down that path if for no otherreason than they remove incentives for a natural “pushback” and remove incentives to find solutions.

The problem when you are dealing with things at the public policy level is like code there is no such thing as a simple fix. Cryptocurrencies are like the quick hack done on a wheeze because someone got ticked off then it grew to become an in-use tool available to everyone. It’s badly regulated and has its hook in some quarters which was leveraged into a social engineering project some speculators managed to manipulate in their favour and monitize but even so.

Maybe I’m missing something and consequence free speech and unlimited social media and cryptocurrencies are the way forward. I’m just not persuaded of this.

Anders July 19, 2020 6:07 PM

edition.cnn.com/2020/07/19/opinions/twitter-hack-us-election-2020-alaimo/index.html

Russia once already meddled with the US elections.
I don’t know who is behind this hack but i know for sure
if APT28/29 wants, they can pull out 100 times more devastating
hack.

echo July 19, 2020 9:25 PM

@MarkH

Thanks. We live interesting times and I have my own laundry list of faults and failings. Without wishing to crawl to obviously you should probably thank Bruce for his below the radar congenial think tank.

wire walker July 20, 2020 1:31 AM

@SpaceLifeForm

Account recovery, twas why they were keeping hash of old password.
There was a trick to use old password if you forgot the new password,
a technique which I have now forgotten exactly, but it involved using the right account recovery options and then use old password to gain access again to your
twitter account.

I believe originally cryptocurrency was created to avoid the monopoly that banks
excerpt over markets, fee gouging and the increasing control over who individuals could donate or do business with. Banks allowing money laundering through their services and predatory lending practices probably didn’t impress many either, and added an extra incentive. In may cases bank managers had been involved with floating branch holdings (other people’s money) on trades over weekends, and sometimes losing it all. In other cases people’s savings accounts were outright being raided.
The increasing rollback of financial regulations imposed after previous financial crisis, combined with lack of enforcement by regulators, may add to the lack of faith many have in financial institutions.

MarkH July 20, 2020 2:52 AM

@echo:

I take “Dave’s Not Here” at his word, concerning the “tiny, tiny transaction fees” for bitCOiN.

It’s also the case that the transaction costs are estimated to be enormous, at least USD 10 and quite likely several times that.

Those costs — which are one of several reasons why proof-of-work systems can never function like ordinary currencies — are not visible to ordinary users, because they are subsidized by the lustful greed of “miners”.

As the quota of Bitcoin is approached, the same heavy costs will apply, but without the same motivation for subsidy.

By that time, the nearly fruitless mining operations will presumably need to charge transaction costs back to the users.

The entire concept is a clumsy Heath Robinson contraption with designed-in obsolescence. But it’s handy for facilitating crime, and useful or profitable to legitimate parties as well … at least, for now.

echo July 20, 2020 4:29 AM

@MarkH

Yes, Crytopcurrency “deferred TCO” (or should that be derogated TCO?) is being paid for by the extra none fiat currency called “atmospheric carbon” and as you suggest by the social and other costs of none legitimate activities. This is fine I suppose if you’re in the market for oven baked crack cocaine.

RealFakeNews July 20, 2020 9:26 AM

Why is Twitter treated as if they’re handling nuclear launch codes?

It’s a site used by over-opinionated, and mostly useless people with egos larger than the mass of the Sun.

The hack itself is moderately interesting, but otherwise… why does it matter?

The instant one of the four are rolled out, it must be BS.

There is still the on-going argument that a few hacked Twitter accounts rigged the UK GE last year. Seriously.

I don’t know anyone who uses, and I couldn’t care less about it. If it went bust and disappeared never to be seen again, I would actually hold a party because I’m sick of hearing about it.

Why is so much stock put in it? It’s junk.

L July 20, 2020 11:26 AM

I hesitate to post again since the topic of Bitcoin and crypto in general has already seemingly derailed this thread quite a bit. Nevertheless, I do want to put out one question on the table. Why do people always seem to assume Bitcoin is trying to replace fiat currency? Why can’t crypto and fiat both exist? Even if there is some overlap, can they not both serve a fairly unique purpose simultaneously?

Replacing fiat currency isn’t a goal of the Bitcoin development team. Bitcoin is being worked on in order to simply provide an alternative for people who have never been given such an option before. Imagine you are living in the United States and have family living in a dangerous part of Syria, or some other country sanctioned by the US. Wire transfers aren’t an option because they’re illegal. Perhaps you have some way to get money to your family but it’s probably a very risky and lengthy process. Bitcoin can accomplish this feat almost instantly, with no other immediately involved individuals required other than you and your family and a network connection of some medium.

I apologize in advance if these words come off rude, but anyone who is able to comprehend a payment system that can send money from one person to another, anywhere in the world, seemingly instantly and without third-party involvement, and yet, still continues to claim that such a payment system has no use, clearly does not understand the reality of life in a non-first-world country.

Clive Robinson July 20, 2020 5:11 PM

@ RealFakeNews,

It’s a site used by over-opinionated, and mostly useless people with egos larger than the mass of the Sun.

I knew there was a reason I did not use Twitter 😉

But you do have a point the signal to noise ratio appears to be very high even with quite esoteric subjects.

With regards,

The instant one of the four are rolled out, it must be BS.

Yup whenever one of the four nations the US has on it’s cyber-existential threat list comes up you can take a reasonable guess on a few things,

1, It’s probably wrong or false flag.
2, like as not the evidence publically presented will be circular reasoning, weak, unsupportable, or factualy incorrect.
3, Someone is going for political mileage.

The sickening thing is just how quickly other people especially alleged experts jump on the band waggon or in line just to be in on the parade…

As I’ve pointed out time and again any state that can do it, will be doing cyber-espionage of one form or another. Those countries that do not have home grown talent can buy it in at quite modest prices.

So how come we only get to hear of those four countries and only at a time….

So a couple of questions arise,

1, What’s happened to all the other Nations in the world?
2, How come the four synchronize so it’s only one of them at any one time?

The answer in both cases is of course as you point out it’s “B.S.” infact “It’s pure weapons grade baloneium” as well… But heck nobody in the US Main Stream Media stops for a second to think, and state the obvious of,

    Hey guys and gals what looks like a pile and smells like a pile, probably is a pile!

I guess, calling out US Politico’s “good and hard”, is not a second nature behavior for many US jornos…

echo July 20, 2020 8:56 PM

@Clive

The people who think in stereotype shortcuts and are available to give their opinion in televisions studios at the drop of a hat and their followers and enablers have a tactical advantage. Think OODA loop.

I suspect the only picking on one of the four usual suspects can be explained by this. It’s a cognitive least effort wich fills their emotional needs and which keeps the message fresh. One would getboring. Five is the general useful maximum for a group and would probably switch the game from dominate to cooperate which the don’t want. Social media with its focused interface and need to be on trend and dodgy alorithms provides a medium which amplifies this.

So what’s the cure? Longform media. Upto three day lead time rather than the ten minute cycle. On the record and accountable views so opinion can be analysed for inconsistences and factual errors and punishable by removal of access to broadcast mediums.

echo July 20, 2020 9:12 PM

@L

Because cryptocurrencies don’t exist in a vacuum for the reasons I already stated and there is a Total Cost of Ownership… It’s not just an energy cost or an environmental cost but a human cost.

Nvida has a long history of cheating specifications to produce performance. ATI (now owned by AMD) always used to produce the most conformant drivers (and the best quality image). If you cave in to the “Yeah but they make money maaaaaaaaaaaan” and ignore the fact NVidea drivers let through none conformant code from your bug riddled sourcecode then sure. Go with Nvidea. I you want to let driver writers off the hook and insert a workaround in your code, like what happened with ATIs famously broken Rage Pro hardware texture matrix, go do it.

I simply don’t see what problem Bitcoin et al is trying to solve. imho it’s a product of obsessive thinking or a wheeze which got out of control. I’d rather people focus on fixing the real issues with the system which matters than putting energy into speculative displacement activities like Bitcoin.

Clive Robinson July 21, 2020 1:30 AM

@ RealFakeNews, ALL,

I made a mistake last night…

When I said,

    But you do have a point the signal to noise ratio appears to be very high even with quite esoteric subjects.

It should have been “noise to signal ratio”.

I shall blaim a tired mind and old eyes for my mistake which of course in the best political traditions in current usage means it could not possibly have been forseen, thus I must be entirely blaimless (Not) 😉

echo July 21, 2020 5:26 AM

@Clive

Keep your mistakes and inconsistences in separate topics and flannel hard. That way only an obsessive would spot anything iffy.

That’s what I did…

SpaceLifeForm July 21, 2020 7:05 PM

@Clive

Sorry. My bad. My meme may be wrong.

The Signal is the Noise.

Are we sure I am incorrect?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.