He wouldn't get that high, it's more like the US Attorney calculating the sentence if he found guilty on all accusations. It's likely he will get much less than that number.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Three People Charged in Twitter Bitcoin Hack [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
He wouldn't get that high, it's more like the US Attorney calculating the sentence if he found guilty on all accusations. It's likely he will get much less than that number.
He didn't "hack" anything. He used social engineering on a twitter employee in order to get access to internal tools. Probably tools that allows them to change the email address on accounts. That is not hacking anything. Hacking or vulnerability exploitation is something entirely different. That is something that requires serious skill and knowledge with regards to bug finding, reverse engineering and exploitation tools and techniques. Something that clearly wasn't the case here.
This would also require Twitter to be liable for security holes in their systems.
Last edited:
Do you truly think it’s worthy of such a potential heavy sentence compared to say like the woman who killed a young boy but is being protected by the US justice system?
Sure a punishment is required, but it should be appropriate I think. Nobody died, and there weren’t even great financial losses. Having a criminal record is for those involved already a life sentence.
put his ass under the jail? Lol what are you really trying to say by that lol. That’s not a typo lol.
anywho ... I wonder if the minor can press civil charges against the press that printed his name if it’s illegal as a minor to do so? He’d have some legitimate funds if won whilst he’s in the penitentiary.
They did zero coding hahaha. I would be surprised if they could even write a hello world in any language of their choice.
Wholeheartedly agree... many other sorts of known public thievery for amounts of orders of magnitude higher than this one went totally lenient and not to mention even rewarded at times. It makes this one feel like a prank in comparison.
I’m not saying let him run free, but such a harsh sentence at the same time.
Reminds me of this woman that gave birth, murdered and buried her newborn yet... ok fine completely different sort of case.
Yes, social engineering can be an integral part of hacking, and this kid used it expertly to gain access to these accounts. Your opinion of him and his actions doesn’t change the fact that he pulled it off.
Social engineering is not part of hacking. I also never questioned the guy's ability to pull it off, so why bring it into the discussion?
From the "Hacker" Wiki:
Hacker on Wikipedia said:
Sorry, ignoring this as a part of the process just shows how little one understands it.
Oh yes, this info is available, but history shows that it can't be trusted as all VPN's give out this info after a court order.
From the website arstechnica.(dot) com today,
The attackers then called the employees and used the information obtained from LinkedIn and other public sources to convince them they were authorized Twitter personnel. Work-at-home arrangements caused by the COVID-19 pandemic also prevented the employees from using normal procedures such as face-to-face contact to verify the identities of the callers.
With the confidence of the targeted employees, the attackers directed them to a phishing page that mimicked an internal Twitter VPN. The attackers then obtained credentials as the targeted employees entered them. To bypass two-factor authentication protections Twitter has in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the employees entering their info into the fake one. Once the employee entered the one-time password, the attackers were in.
It was $100k because Twitter stopped it so fast. What if Twitter wasn't so fast? Is $1M ok? $2M?
Either way, 45 years is completely unreasonable. Depending on their criminal history, I would say maybe 4 years with 3 suspended or something like that.
Which will make them walk on egg shells for a while after they're released.
I don't agree with that much of course, but there should be appropriate consequences of such action. If it was just hacking it would be up to Twitter, but he tried to scam people and take their money.
He’s not convicted, and it’s up to 45 years. I don’t see why we need to debate the 45 years before we see how it goes for him.
I know he hasn't been sentenced yet. However it is already ridiculous that 45 years could be levied against someone for that those particular charges alone. Perhaps these types of charges are used for any type of crime in that category no matter the amount stolen and therefore giving it some room for people who commit a potential cyber heist or something haha.
I am not entirely sure what it is you were trying to say here.
I agree with you but the punishment should be equal to the attempt.
A terrorist plants a bomb that in the middle of New York that is powerful enough to kill any one in a half-mile radius, which equals about 20 thousand people. Police caught him, disabled the bomb, no one is dead. Should we let him go free?
We are not saying imaginary "What If"s here, the attempt has been executed.
Actually, they should keep this little idiot behind bars and also END TWITTER as well - a nasty app which causes issues.
Ugh.
I was afraid there were going to be posts like this. =/
It always makes me a bit sad how incredibly out of touch with tech people on a tech forum usually are.
Y’all remind me of every grandma in the 90’s bragging about how their grandchild is the next Bill Gates, as evidenced by the fact that at age 12, they figured out how to change the time on the vcr.
If you read the article... you’d see that this was a particular type of “hacking” known as social engineering. That’s where you trick someone into giving you access to a system, so you don’t actually have to have much in the tech prowess arena, just MAD people manipulation skills!!!
Not saying that’s not a rare talent/ability... it certainly is. However, since it doesn’t follow that someone with that skill set would also be good at finding/repairing software exploits, or anything else I can think of, tech related- the “oooh, they’ll probably get hired up by some government & given a good job, based on their clever scam!”, comes off as extremely uninformed/ignorant to me.
I mean... I guess the government could hire him to come in at the end of a seminar on why not to give away your passwords over the phone to strangers and say “yep, that’s true guys.... or someone like me can use that info nefariously”. Other than that, I struggle to see why the government would want to hire them. Are they on a hiring spree of grifters to pull off a government sponsored Oceans 11 or something, that I’m unaware of??
Put the 17 year old in jail for a while, then Frank Abignale him and make him work for the Government to finish out his sentence.
Absolutely agreed. After spending an appropriate amount of time in jail and make sure he is rehabilitated.
edit: Would be interesting to hear an account about the detective work behind the scenes on how these individuals were tracked down.
I think that guys point is that this wasn’t some incredibly sophisticated technological feat. He duped some Twitter employees into giving him VPN access to internal systems as if he was a remote employee.
This wasn’t some genius decryption job. It was a con. A well planned and executed con, but a con nonetheless.
Which, (and I’m not necessarily pointing at you) makes the hero-worship of this kid incredibly bizarre. He’s not some cyber wiz kid that should be hired by Apple or the Feds. He’s a crook, along the lines of the “Nigerian prince” that Is always asking people for bank information via email. No difference.