Friday, July 17, 2020

"There are two explanations for the lame Bitcoin-scam payload for the [Twitter] hack. Both should make you less worried about cyber-security"

From this post by Byrne Hobart (which also includes a discussion of Neal Stephenson's Cryptonomicon):

There just isn’t a great supply chain linking the ability to move markets through hacks to the ability to realize profits from those hacks. Both skills exist, independently, but the social gap, information gap, and trust gap make it almost impossible for the two to combine. Add that to the low probability of the hacks themselves—it’s not every day that someone exploits a major tech tech company so effectively—and the odds drop to nearly nil.

This is good news. The fact that cheesy Bitcoin scams work means that hackers have an incentive to break into vulnerable companies. But the fact that they work a lot better than more drastic exploits means that Bitcoin creates a sort of global bug bounty. If Bitcoin scammers hadn’t found this vulnerability, maybe North Korean hackers or the PLA would have.
This is assuming that whatever the hackers did did not give them access to the account holders' DMs: