There’s something strange,
in the media world.
Who you gonna call ?
Well no-one actually !
Twitter announced on Friday 1st Feb on its blog that it has been compromised and various details have been lifted from their servers.
OK – rewind – last time they were compromised (November 2012) we had full disclosure of the incident and yet with this recent blog we have nothing. Odd? I thought so too.
So, speculation time …
1. The Java Cover-up
With the Java 0-day mess at the moment, is this just some front for Twitter to get developers to stop using Java to connect to them… BEFORE… the actual incident happens ? It would make sense in some ways. Twitter cannot afford for the damage to brand and reputation if they were completely left open so if they were to post out a faked article with wishy-washy details about the incident in there, then it would not come to any shock to the industry when they announce in 3 weeks that they no longer support Java apps to connect to them.
Tie this in to the hacks against US Media at the same time and we find even less detail and allegedly they are all related… well how ?!
2. The numbers don’t add up
Let’s assume Twitter was hacked. Let’s pretend it was you who has compromised them… 200 million accounts to play with – you could be rich !! Just think of the value in the data. The spammers would rip your arms off for that kind of data. So why only take 250,000 accounts? Even Twitter admitted :
This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later.
This week ….
shut it down in process moments later.
Which is it? A week or moments ?
3. Who Dunnit?
We know it’s not Anonymous this time – otherwise every script kiddy in the universe would be all over this. We also know that there is no value to organised crime – no financials can be gained. So who is responsible ? Tenuous claims to China ? why > There’s nothing in this hack to suggest that. If it was someone who’d struck lucky with an exploit, we’d have heard about it by now. This would be great kudos for the person/group involved. And yet … nothing. Twitter states :
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.
So Twitter knows it was not isolated and has hit others similarly (but didn’t link to the US Media as above). Who else has been attacked and who is this mystery shadowy non-amateur person/group that takes data and not for the kudos or lulz…
I know I just could be sceptical, but after just writing the corporate blog for Secarma on this, I just got a funny feeling that I’d somehow missed the point. Where’s the best place to hide something … in plain sight. So why not hide it in the Twitter blog.
I went back and re-read the Twitter blog.
Paragraph 1 – US Media and Java
Paragraph 2 – timeframes and no. of accounts
Paragraph 3 – what they have done
Paragraph 4 – password tips
Paragraph 5 – Java tips
Paragraph 6 – attacker
I just wonder … is this another nail in Java’s coffin or is this a real incident. There is nothing conclusive in this blog, no reveal … just nothing. As someone who reads a lot of this kind of article, it just feels like Twitter are playing a good game of poker here and are holding their face firm.
What do you think ?