Let me break it down what's going on with this spam. 1./
2/ Reply spammers fight a cat & mouse games with platforms like #Twitter.
One way they get spotted is by the platforms examining links.
If spammers hammer a platform by sending the same link in a thousands replies to the same scam site, it's not hard to spot & scale blocking.
3/ Remember spam emails w/misspellings, weird names, blocks of garbage text, mixtures of words & numbers etc?
These were all tactics to avoid spam filtering done by looking at each of these things for patterns.
Each new filtering strategy = new workarounds.
4/ These incessant Twitter replies are doing the equivalent of old school email scammers.
They want targets to get curious & greedy like "oh cool look here's a website with an account that already has a balance...let me just log in & get rich!"
Who falls for this? Well...
5/ People greedily typing in the site URL & "logging in" see a big account balance!
1.5 million dollars in USDT
They are instantly rich!
But to get it out? Well looks like you'll need to talk to the scammers.
& maybe sign up for the "VIP plan"
6/ Here's the thing. Platforms don't just look at the text & links of posts for evidence of spamming.
(Reports help too)
They scrutinize things like IP addresses & tech used for account creation & posting.
Enough signals of badness & you can scale up blocking.
7/ Speculation: anti-bot filtering that should happen before anyone can create an account or post... is failing.
So spam accounts are posting like crazy.
Then avoiding #Twitter's secondary defenses (e.g. text & URL filters) by mucking up their URLs to be less blatant.
8./ Reply spam is a numbers game.
Hope some users see a reply. (e.g. 14 views on a 60k tweet ain't great but...)
Eventually you get one user ready to go the whole way & get conned.
Even if 99.99999999% of us don't, there's still potential for ROI.
9/ Now, here's the thing. You have seen this reply spam for a while because the network has been up before.
NEW: @WhatsApp caught & fixed a sophisticated zero click attack...
Now they've published an advisory about it.
Say attackers combined the exploit with an @Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody)
Quick thoughts 1/
Wait, you say, haven't I heard of @WhatsApp zero-click exploits before?
You have.
A big user base makes a platform big target for exploit development.
Think about it from the attacker's perspective: an exploit against a popular messenger gives you potential access to a lot of devices.
You probably want maximum mileage from that painstakingly developed, weaponized, and tested exploit code you created/ purchased (or got bundled into your Pegasus subscription).
3/ The regular tempo of large platforms catching sophisticated exploits is a good sign.
They're paying attention & devoting resources to this growing category of highly targeted, sophisticated attacks.
But it's also a reminder of the magnitude of the threat out there...
WHOA: megapublisher @axelspringer is asking a German court to ban an ad-blocker.
Their claim that should make everyone nervous:
The HTML/ CSS code of websites are protected computer programs.
And influencing they are displayed (e.g by removing ads) violates copyright.
1/
2/ Preventing ad-blocking would be a huge blow to German cybersecurity and privacy.
There are critical security & privacy reasons to influence how a websites code gets displayed.
Like stripping out dangerous code & malvertising.
Or blocking unwanted trackers.
This is why most governments do it on their systems.
3/Defining HTML/CSS as a protected computer program will quickly lead to absurdities touching every corner of the internet.
Just think of the potential infringements:
-Screen readers for the blind
-'Dark mode' bowser extensions
-Displaying snippets of code in a university class
-Inspecting & modifying code in your own browser
-Website translators
3/ What still gives me chills is how many cases surfaced of people killed by cartels... or their family members... getting targeted with Pegasus spyware.
The #PegasusProject found even more potential cases in Mexico.