How Activist DeRay Mckesson's Twitter Account Was Hacked 86
Racial justice activist DeRay Mckesson became the most recent victim of a high-profile Twitter account hack. Mckesson this week started to endorse for Donald Trump and posted a self-defamatory tweet. Later he announced that his account was hacked. What's interesting about this hack was that Mckesson had two-factor authentication enabled on "all" of his accounts. Hackers apparently resorted to a much-sophisticated attack: Hacker or hackers were able to take over by convincing Verizon to reset his SIM. With the SIM reset, the person responsible was able to receive text messages intended for Mckesson and therefore bypass the two-factor authentication the activist used to keep his account secure.
Trump 2016 (Score:1, Interesting)
Just sayin'
Re: (Score:1)
I hope gets elected.
Not because I like him, but I think that people abbiding to Trumps Newspeak and not to common sense deserve a fair share of their own medicine - Trump is the overlord of Newspeak.
Meaning: Earlier or Later Trump will use his Newspeak also against his prior supporters.
War is peace
Freedom is slavery
Ignorance is Strength
Re: (Score:2)
The alternative is much worse. I'd rather be disappointed by an idiot than played a fool by some sinister evil who's best qualification to date is being the first woman president.
It is not like we have an outstanding field to choose from. I'm not a trump supporter and could be considered a Hillary opposer which makes trump support a neccesity at this point i guess. But most of the trump supporters i talk to already admit he will not do half of what he says. They claim he pushes for stuff that is unacceptabl
Re: (Score:3, Insightful)
It worked well for Obama.
Twice.
Re: (Score:2)
I don't know, he is playing you like a fiddle. You are all upset and butt hurt over it speaking all about it. Maybe it is just publicity to get him free support when you go off.
Trump even said in an interview that he always asked for way more than he knows he can get so it looks like major concessions when he settles for what he really wanted. It may be lying to get the idiots to go along, but I don't think those idiots are who _you_ think they are. If he is elected, I can see a lot of people proudly procla
Re: (Score:2)
One that he seems to be playing well.
Yeah. He bet on the american electorate being even fucking stupider than him, and he's right. Give yourselves some medals.
Re: (Score:2)
As opposed to those getting ready to elect someone who committed multiple felonies while head of the state department, and married to a serial rapist that she continues to defend?
Re: (Score:1)
But most of the trump supporters i talk to already admit he will not do half of what he says.
So these Trump supporters think he's lying to everyone else, but they're the special people who know when he's telling the truth.
Re: (Score:2)
That could be, or they could have read his book which explains this reasoning quite well.
Have you ever had a conversation with a trump supporter where you wasn't trying to antagonize each other? You should try it some time and actually listen to them. Some are complete loons, some act that way to get your goat, some see the cleaver ruse in it all.
SMS was never true 2-factor (Score:1)
Re: (Score:2)
In which case they aren't true 2-factor anymore.
But in this case someone really wanted to hack his account.
It also highlights that you shall never ever trust what anyone writes when it comes to controversial stuff. I sometimes don't even trust myself.
Re: (Score:2)
Re: (Score:2, Insightful)
I know some people leave their phones laying all about, but good luck getting the SIM out of my phone without me being aware of it, or dead.
Re: (Score:1)
I know what you mean, but was replying to hsmith's comment.
Re: (Score:1)
Actually, the pathetic thing is just how easy it is to do this. Verizon store minions don't do jack to verify anything. When I replaced my lost SIM (lost the whole tablet), it took all of 11s, "I lost the tablet that had the SIM in it. Here's the phone number." No name asked for, no ID asked for, NOTHING AT ALL. Drone walks off to get a new SIM.
Re: (Score:2)
Whenever I went into a VZ store, they always asked for the last four of the account holder's social. Perhaps you just went into a poorly trained store?
Re: (Score:2)
For all my stuff I *really* need 2 factor for on I use an old cell phone with custom firmware not connected to anything and Google Authenticator.
Re: (Score:3)
> SMS was never true 2-factor
Sure it is. Two factor is something you know and something you have. Your ATM card is two factor: to use, supply a PIN (what you know) and the card itself (what you have).
SMS (what you have) combined with a password (what you know) is a perfectly valid two factor authentication system.
Re: (Score:2)
In this case it's not tied to a physical device, it's tied to a subscription that's tied to a physical device and the intruder re-routed the subscription to a device he possessed.
At best a SMS solution is a 1.5 factor.
I can also imagine apps hijacking text messages given certain conditions allowing an intruder to use your device to gain access.
This is why I don't use banking apps in my phone.
Re: (Score:2)
SMS is only to spy on you. A dataset with phone number is worth ten times of a dataset without, because companies can link it with datasets from other companies.
Do you know analytics.twitter.com? Go look what your audience looks like. You can see, if people are interested in buying automobiles, etc. Stuff people never twittered? Why? Because twitter cooperates with ad companies, which return your interests when twitter gives them your phone number. And they aggregate from many different services, which have
Social engineering is king (Score:2, Informative)
Verizon accounts are unsecure?! (Score:4, Funny)
What's next, people fooling Comcast?! -_-
Re:Verizon accounts are unsecure?! (Score:5, Funny)
What's next, people fooling Comcast?! -_-
They're way ahead of you- Comcast has its own "Fool Ourselves" division. Just dial their 800 number and press any button to be connected to be connected to a fool.
Re: (Score:1)
Lucky you. At least you got connected to something
Don't understand (Score:2)
What does "much-sophisticated" mean?
Re: (Score:2)
Re: (Score:1)
That's why people come here, for shitty journalism. If they wanted real journalism they'd invent a time machine since it's been decades since that existed.
Re: (Score:1)
Re: (Score:2)
What does "much-sophisticated" mean?
It is similar to regular sophistication, except that it is also much.
Mckesson (Score:2)
Any relation to the medical supply company?
the family that owns that must be billionaires.
Re: (Score:2)
"racial justice activist" WTF? (Score:4, Interesting)
So these days the word for "racism" is now "racial justice"?
Re: (Score:1, Insightful)
Day of Rest (Score:1, Troll)
This story about DeRay Mckensson has been on Slashdot for over half an hour on a Sunday morning and there still aren't any blatantly racist posts.
They must all be in church or a Trump rally.
Re: (Score:1, Troll)
Yeah, I guess it's too early for a Trump rally.
WTF is DeRay Mckesson? (Score:2, Offtopic)
Is this — his being a "Racial Justice Activist" — the best way to describe a person? The supposed profession seems straight out of the Onion's polls [theonion.com] — along with other gems like "Grammar Innovator" and "Cactus Purchaser".
Seriously, has he done something more profound in his life than raising awareness and, if he did, why is not that mentioned in the write-up instead?
Well, at least now I have heard of the guy — the hack and /. have achieved for
Re: (Score:2)
The article is describing them in relation to the twitter account, which, it seems, was primarily used for racial justice activism. I've never heard of this person before either, but I could give two shits if the actual person is a plumber or a mailman the rest of the day. The story is about the twitter account.
Re: (Score:3)
Well, when Sarah Palin's private e-mail was hacked, reports weren't referring to her as just a mother and grand-mother — the capacity in which she used it and, incidentally, achievements far more serious than being an awareness raiser. No, the reports [wikileaks.org] were referring to her as the Governor of Alaska and a VP-contender.
The story is, indeed. And yet, if they describe him, they should've listed things that make hum especially (i
Re: (Score:1)
OMG! This guy?! He's more phony than Jesse Jackson. A typical subway scammer. And he's not even entertaining. Too bad people are falling for this shit. I think somebody like Soros or Koch is putting up some money. This stuff can't possibly make it on its own. Not when there's real tweets worth reading [twitter.com]
Re: (Score:2)
This man advocates violence against whites. This man advocates killing whites.
I've been following his twitter for a few years. Can you link me some of that? I must have missed that.
Seriously, do so.
Single-level Security Model flaw (Score:5, Interesting)
Users should be able to choose their own level of security to match their individual situations (consequences). With just one provider-imposed level, the same compromises between security and useability have to be selected and imposed on all users.
For instance, a user could choose to set security very lax (pwd over phone) if they have little to protect and value convenience. Someone with something to worry about might set security very tight (long/rand pwds, resets only in meatspace with two forms of ID).
Re: (Score:2)
I would say the 2fa via SMS is a very weak level of protection and should be understood as such. Ideally you would have challenge/response on the phone to get the authorization code, plus a password for the account-- if you must use the phone.
Personally would much rather use an RSA-ID or Nubikey as my "something I have".
Re: (Score:2)
Re: (Score:2)
If you want each factor of your security identity to be secure, you need to manage it yourself.
That means not using a free email account from someone else and using your own VOIP setup for SMS or audio confirmations.
The issue is not the technology, but allowing others to access the systems hosting your security mediums.
Why I don't want "internet-enabled" cloud crap. (Score:2)
Going off on a bit of a tangent about IOT, but it is relevant. OK, cellphones have to be controlled by the cellphone provider.
But do you like the fact that your GM car can be de-activated from the cloud (Onstar)?
Do want "Cloud connect" controlling your home router (Linksys; withdrawn quickly after backlash) https://tech.slashdot.org/stor... [slashdot.org]
Do like spending good money on a home light controller (Revolv), only to have it bricked when the new owners after an acquisition decide they can't be bothered with it? h [slashdot.org]