Twitter's public perception has been dropping rapidly over the past few months, with many users abandoning the platform for alternatives. But, their public perception took its biggest hit this week when a collection of high profile accounts tweeted nearly identical Bitcoin scam posts. The affected accounts included Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, and more. In total, 130 accounts were affected, of which 45 were fully hijacked. The hack generated at least $120k for the hackers.
While the hack itself was newsworthy, the real story was in the way it happened and how the company responded. While the incident was happening, the company and its CEO Jack Dorsey were surprisingly quiet. It was hours after the incident became news before Dorsey addressed it in any way. This has led people to wonder just how involved in the company the CEO actually is. The company itself was equally not existent in the early hours of the hack.
While no public interaction was happening, private interaction was also quiet. This was surprising, as the company was making some big changes to the way verified accounts worked. In fact, they were making them not work. For many high profile users, the ability to tweet and access private messages was completely disabled. This was obviously done in an attempt to stop the spread of the scam, but without explanation, it produced confusion and concern about their own account's safety. Some even created new accounts to let their fans know they were unable to tweet.
However, no information of value came from the company for days. In fact, the first real information came
in a blog post 3 days after the hack. In the post, it was explained that the hackers used sophisticated social engineering tactics to get the credentials for employees. Social engineering involves creating scenarios wherein those being targeted believe you are part of their circle. For some great examples, check out the song Social Engineering by nerdcore rapper ytcracker.
Once the hackers got access to the employees' credentials, they used them to access tools intended specifically for employees. Through those tools, they were able to access the affected accounts and post the scam tweets. While the company was trying to fix the problem, when they would reclaim access to an account, it would be lost again within minutes. That is what led to the shutdown of verified accounts.
As of now, the assault seems to be over, but not all functionality has been restored for all users.
While the rest of the world seems to be melting down, 2020 is going to be a big year for the major gaming brands. Both PlayStation and Xbox will be launching new hardware in the coming months, and Microsoft is already preparing for that transition to the new generation of console. They also announced some of how Project xCloud will work once it comes out of beta and releases to the public.
The first and most immediate move has been for several of the current generation of Xbox consoles to be discontinued. This includes all variants of the Xbox One X and Xbox One S All-Digital Edition. Despite the fact that the Xbox Series X is not slated to release until the 2020 Holiday season, the availability of the current consoles is already depleted. The
Microsoft Store and Amazon already show limited or no availability on both devices, while Best Buy shows all consoles out of stock and Wal-Mart only has them from third-party sellers for a massive markup. Some of the availability issues could be related to increased demand during the lockdown, but it could also become permanent if production has ended.
On a more positive note, the company also gave us some further clarification on the future of Project xCloud, Microsoft's Xbox game streaming service. In November, the company announced that the service would be integrated into the Game Pass family, but gave no real details about what that meant. This week,
we learned that the feature will be a free addition to Xbox Game Pass Ultimate, which has been called the best deal in gaming.
The Xbox Game Pass Ultimate service currently offers a combination of Xbox Game Pass Console ($9.99), Xbox Game Pass PC ($9.99), and Xbox Live Gold ($9.99) for one price of $14.99 per month. Adding the ability to use Project xCloud (or whatever it ends up being called) will make this deal even harder to pass up. However, for those not interested in subscribing to Ultimate, there is no word what the standalone price will be, assuming it will be offered as a standalone service.
Project xCloud will be generally available and be added to the service starting in September. It promises access to "over 100 Xbox Game Pass titles." While this is a smaller selection than the available games on the other platforms, streaming rights can be difficult to secure, so it's an expected situation. The title count still exceeds the current game selection in beta and the selection available from Google's Stadia.
While everyone agrees on how annoying robocalls, especially scam calls, really are, it has long seemed that there was nothing that could be done about it. However, over the last couple of years, the FCC has figured out that this scourge is within their purview and decided to try to alleviate it. The problem has been that enforcing these new rules has been difficult. The
biggest fine ever levied against a medical scam ring is likely to never be collected. So, the FCC is giving more control to the carriers.
biggest move has been the implementation of a safe harbor within the Telephone
Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act enforcement. This will allow telecom companies to block all calls "from bad-actor upstream voice service providers that pass illegal or unwanted calls along to other providers, when those upstream providers have been notified but fail to take action to stop these calls."
The safe harbor aspect refers to protection for the companies from unintended consequences from the decision. In the past, a lack of such safe harbor protection has prevented many carriers from implementing a robust approach to protecting their subscribers from illegal calls. By extending these protections, the FCC hopes that telecoms will begin to implement more stringent policies against these "bad actors" which have been identified and contacted by the FCC.
But, not all illegal calls come from these "bad actor" services. In an attempt to deal with those calls that come through larger services, such as through automated calls on standard SIM cards or VoIP services, the combined T-Mobile and Sprint have begun to roll out protections for their subscribers. T-Mobile subscribers will not get
free access to the Scam Shield service, which was previously a subscription service.
The service offers some common features available through other services, such as identifying and blocking spam and scam calls and getting full caller ID information. In addition, the service gives you a proxy number. This works similarly to Google Voice, in that you get an additional phone number that you can give out that will also ring to your device. You can then dump that number if it becomes a problem. These features will go live starting on July 24, 2020. Unfortunately, Sprint customers will not get access to all of the T-Mobile capabilities just yet, but can still access the Sprint equivalent.
Social media companies have been making strange moves in the past few weeks. Decisions seem arbitrary and inconsistent at the vest of times. Some posts from government officials advocating violence have been marked as dangerous, while others are promoted as honorable. One of the newest instances of this has been with Twitter. The company recently suspended the account of DDoSecrets, a government transparency hacker group that was making private documents available.
This group has been called the new WikiLeaks. That is likely because, during Julian Assange's absence while in a British prison, WikiLeaks has been far less active than in its past. DDoSecrets took up the mantle and has been releasing data in the absence. But, while WikiLeaks Twitter account has been unchanged, DDoSecrets account has been permanently suspended. Twitter has claimed that the suspension comes because the account violates the service's rules, saying,
We don't permit the use of our services to directly distribute content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets.
Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact our support team.
This message was sent after the "BlueLeaks" post, releasing a massive 269 GB collection of data from law enforcement agencies across the country. In the current climate, law enforcement data is in high demand, as the vocal minority rage against the police. Why, then, would a post like this trigger Twitter to suspend the account, when equally damning and culturally relevant posts from WikiLeaks had no such response? Twitter claims that part of the move is because the site can infect users with malware, which is untrue. There is no such malware on the site. We may never know exactly what it is about DDoSecrets that has attracted the ire of Twitter.
One of the new features of iOS 14 is a more honed control over the live permissions that apps receive. Among the new notifications is an alert when an app accesses your clipboard data. This has created an uproar in the Apple user community as more and more apps are discovered to be accessing the clipboard, seemingly without need. Some apps have a legitimate use for accessing the clipboard, some do it for convenience purposes, and others do it for no real reason at all. So far,
54 high profile apps are in question.
For some apps, clipboard data makes sense. An app like TrueCaller accessing the clipboard to see if you have a phone number stored can make it easier for you to check the history of that phone number. But, it could be just as easy to paste the phone number into a textbox and TrueCaller can continue to just be what it is. Other apps, like
New York Times and Wall Street Journal have no reason to access the clipboard except to snoop on that content.
The original concern, and possibly the most glaring, is the controversial app TikTok. There are a number of reasons why there is great concern over the app's behavior. It is a Chinese app with strong ties to the Chinese government. It has been actively used to censor content and regularly discriminates against people the Chinese government disagrees with, such as the LGBT community. Giving the Chinese government access to additional content on your device could create a privacy issue unlike any other.
The company has said that they have already removed the clipboard access, but users are reporting that the app is still throwing notifications about clipboard access. For a platform that is so
well-known for privacy violations, this is not surprising.