- After Twitter suffered a massive hack on Wednesday that took over dozens of high-profile
He verified accounts and stopped the site, the search began to identify the culprits.
- Many assumed that the scale of the hack meant that it was carried out by sophisticated actors such as a nation-state, but new findings from researcher Brian Krebs and cybersecurity firm Unit 211B suggest that the heist may have been led by a relatively unsophisticated group of
- The researchers identified an account that, in the days leading up to the robbery,
demonstrated on Twitter and hacker forums that it could carry out the type of attack that
played on Wednesday. The account belongs to a 21-year-old from Liverpool, UK,
named Joseph James Connor.
- It’s unclear whether Connor acted alone or with others to carry out the hack on Wednesday and cybersecurity experts told Business Insider that hackers probably have more plans in store.
The massive twitter attack
New evidence presented by cybersecurity researchers suggests that the massive hack that Dozens of verified Twitter accounts compromised on Wednesday were not performed by a sophisticated nation-state actor, as some thought, but rather by a group of young people hackers
The heist started when the Binance cryptocurrency exchange tweeted that users Whoever sent bitcoin to a specific address would receive even more bitcoin in return. Inside minutes, similar messages were sent from the accounts of Bill Gates, Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, President Barack Obama, and Kim Kardashian West urge people to send bitcoin to the link in exchange for more bitcoin.
The fraudulent tweets continued to appear for over an hour with helpless Twitter to stop them. In many cases, tweets were quickly removed, only for similar tweets to be sent minutes later. Twitter finally blocked the sending of all verified accounts. He tweeted for about 30 minutes as he tried to take control of the situation.
Before the order was reset, over 13 bitcoins, or roughly $ 117,000, appeared to be transferred to the linked bitcoin wallet on malicious tweets.
Using in-admin tools
Twitter said in a statement Wednesday night that it had evidence to suggest to hackers. Specific Twitter employees who use social engineering to “access internal systems and tools. “
“We know that they used this access to take control of many highly visible (including verified ones) accounts and Tweets on your behalf. We are investigating what other malicious activity may have made or information that they could have accessed and will share more here as we have “Twitter said in the statement.
It is the most potent hack in Twitter history, but cybersecurity experts began to point Indicators that the attack was not carried out by a well-funded piracy operation or a sophisticated nation-state actor. On the one hand, their reach was not ambitious, the attackers could have taken advantage of access to mass accounts to disrupt the stock market, influence a choice, or even try to start a war. And the amount of money stolen through the bitcoin scam is relatively small given the level of access. Some experts saw the noisy hack as a signal that a more dire attack may have taken place simultaneously.
Twitter accounts @shinji and @b
Now, investigator Brian Krebs and cybersecurity firm Unit 211B have emerged new evidence shows users bragging on hacker forums and Twitter that they could compromise any Twitter account in the days before the hack. A person in the account of OG users forum said in a post days before Wednesday’s attack that they could compromise any Twitter account, offering to sell account access for prices ranging from $ 250 to $ 3,000, according to Krebs’ findings.
Before that, at least two Twitter accounts @shinji and @b – Screenshots posted from Twitter’s internal tools. Motherboard reported Wednesday that internal tools can be used to change the email address associated with an account and Take over the account without notifying the original owner of the account
Citing a source who works security at a US-based mobile operator, Krebs plotted the @shinji
and @b Twitter handles a notorious hacker who uses PlugWalkJoe.
PlugWalkJoe is known for SIM swap attacks or heists in which hackers bribe or cheat mobile phone operator employees to give them control of someone else’s cell phone number in to compromise your other accounts. PlugWalkJoe is also affiliated with ChucklingSquad, a group of heat exchangers.
According to Krebs’ security sources, the plugwalkJoe, which is 21 years old from Liverpool, UK, in the name of Joseph James Connor, who currently lives in Spain. The source told Krebs that A female Undercover investigator recently convinced Connor – operating under him PlugWalkJoe Handle, to accept a video call that showed a group in the background Connor has also posted on his Instagram.
It is unclear whether Connor acted alone or with others to carry out the hack on Wednesday, nor Is it clear if the attack has run its course? The details of the hack suggest that the attackers could have seen direct messages from each compromised account, which could theoretically, it will be used for lucrative blackmail schemes.
Twitter now faces demands from state and federal lawmakers to further explain how the accounts were compromised and why it took so long to regain control. Both the FBI and New York state regulators opened investigations into the attack Thursday and the Senate The Select Intelligence Committee said it would request information from Twitter.
The attack is probably not over.
“In security, they pay you to be paranoid “Kevin O’Brien, the CEO of the Cloud email security company GreatHorn told Business Insider on Thursday. “And the paranoia says something else happened at the same time, or that these accounts were being It is accessed in much more damaging ways. “