Today’s Twitter Hack Is New Take On “Nigerian Prince” Scam

July 15, 2020 by Mike Szczys 52 Comments

Don’t send bitcoin to celebrities… or to random people for that matter. This afternoon a number of high profile Twitter accounts were taken over, including Joe Biden, Bill Gates, Elon Musk, Apple, Jeff Bezos, and Kanye West, and the event appears to be ongoing. Each displayed a message saying they wanted to “give back” by doubling the bitcoin that they are sent. The messages all appear to have the same bitcoin wallet address.

This is reminiscent of the “Nigerian prince” scams, a form of advance-fee scam where an email asks for help with a small sum of money in order to obtain a larger sum. Those usually come in as spam emails which most people are wise to at this point. However, blindly following celebrities on Twitter may still deliver a good dose of naïveté when those platforms are misused.

Bitcoin transactions can be viewed publicly and this wallet is showing 11.8 BTC in and 5.8 BTC out in a total of 288 transactions. The net is roughly 6 bitcoin or $55k USD at the time of writing. Twitter’s response appears to have locked down all verified accounts from publishing new tweets. They retain the ability to retweet and delete existing tweets.

Main image screenshot sources:

Microsoft Bug Tracking Hacked

October 17, 2017 by Pedro Umbelino 15 Comments

It seems that the database containing descriptions of critical and unfixed bugs and/or vulnerabilities in some of the most widely used software in the world, including the Windows operating system, was hacked back in 2013. This database is basically gold for any security researcher, regardless of the color of their hat. To know which programs fail and the preconditions for that to happen is half an exploit right there.

Microsoft discovered the database breach in early 2013 after the highly skilled hacking group Morpho a.k.a. Butterfly a.k.a. Wild Neutron broke into computers at a number of major tech companies, including Apple, Facebook, and Twitter. The group exploited a flaw in the Java programming language to penetrate employees’ Apple Macintosh computers and then use them as pivots into the company internal network.

Official sources say that the Microsoft bug database was poorly protected, with access possible via little more than a password. Four years later, we have official confirmation that it happened. To measure the breach impact, Microsoft started a study to correlate the potential flaws in their databases and subsequent attacks. The study found that the flaws in the stolen database were actually used in cyber attacks, but Microsoft argued the hackers could have obtained the information elsewhere, and that there’s “no evidence that the stolen information had been used in those breaches.”

There is really no way to know besides asking the actual hacking group, which will most likely not happen… unless they are HaD readers, in this case they can feel free to comment.

[via Reuters]

Google As A Password Cracker

November 26, 2007 by Will O'Brien 24 Comments

Usually we’re into hardware hacks, but once in a while I run across something that’s just too good. [Steven]’s blog was cracked a while back, and while he was doing forensics, he was trying to crack the md5 hashed password for the unauthorized account. Eventually he slapped the hash into Google, and guess that it was ‘Anthony’ based on the results that came up. Thanks to [gr] for pointing it out.
(Yes, I know it was on Slashdot a few days ago, but I don’t care.)