OpSec is hard. Lessons learned from the Twitter hack arrests.

Twitter LogoAs many of you may already know, social media platform Twitter was attacked on 15 July 2020 and 130 high-profile accounts were taken over and used in a scam to collect Bitcoin. During the attack, there was a lot of discussion and marvel at the scope and complexity of the attack and a $1 million bounty was offered to “those who successfully track down and provide evidence for bringing to justice the hackers / people” [behind the attack]. Coverage of the attack and ‘buzz’ on social media continued for a couple of days.

Fast forward to this morning and one of the first things in my news feed was an article that the 17 year old alleged mastermind of the attack was arrested after authorities tracked him down using a drivers license used to verify a Coinbase account. To be very clear, this post isn’t about ‘how to be a better criminal‘ and is not intended to condone computer intrusion, wire fraud conspiracy, money laundering conspiracy, etc., but this case highlights an excellent example of how poor planning and operational security (OpSec) can completely destroy an otherwise successful operation. Solid planning and implementing good OpSec, can be applied equally to high profile social media platform hacks or new server installs.

I tend to lean on three concepts when I start an operation (project), Begin with the End in Mind by Steven Covey, Visualize the End State by Jocko Willink and “You’ve got to be very careful if you don’t know where you are going, because you might not get there” by Yogi Berra. These concepts all say the same thing, but I think that Yogi said it best. If you don’t know where you’re going, you might not get there. A key to a successful project is understanding what it will look like when it’s done (where you’re going), and the more detail you can visualize up front, the better. If it’s a server install, visualize the server in it’s rack, cabled up, powered on and all of the users using it. Do you have (or need) a rack? Do you have (or need) switch space for the cabling for the server? Do you have (or need) a UPS. Do you have (or need) user licenses? Do you know how many users will be using it and for what? Is there additional software that will run on the server and, if so, do you have it? At each of these steps, there’s also a security component. Is the rack secured? How reliable is the power? Is the switch properly segmented (and are you connecting to the right segment)? Failing to adequately plan any of these can lead to a quick reaction that doesn’t take into account the possible unintended consequences. Ultimately, it looks like the downfall of the operation was that the attacker used a Coinbase account to manage some or all of his Bitcoin, including those acquired as a result of the hack. I have to imagine that, if Kirk#5270 thought the whole thing through, he’d realize he needed some way to cash out, some way to turn the Bitcoin into cash. Following that train of thought, I have to think he would have realized that tying that Coinbase account (which is abiding by the Know Your Customer laws) would make it easy for law enforcement to find him.

Is your company is tired of IT projects going over schedule and over budget or just not working as expected (or promised)? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an IT Service Company with a focus on helping small to medium businesses get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.