Hackers involved in the high-profile hack of Twitter accounts earlier this week were young kids with no links to state or organized crime, The New York Times reported Friday.
Wild. NYT with the follow up article about the twitter hack.
— The Range (@_TheRange) July 17, 2020
The attack, which Twitter and federal police are investigating, started with a playful message between hackers on the platform Discord, a chat service popular with gamers, according to the Times.
Did a group of kids actually hack Twitter?
The paper said it had interviewed four people who participated in the hacking, who shared logs and screenshots backing up their accounts of what happened.
“The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers,” the Times reported.
“Instead, it was done by a group of young people – one of whom says he lives at home with his mother – who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.”
The massive hack of high-profile users from Elon Musk to Joe Biden has raised questions about Twitter’s security as it serves as a megaphone for politicians ahead of November’s election.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,” Twitter said in a tweet.
“For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
What were the hacks?
The tweet that appeared on Tesla founder Musk’s Twitter feed said, “Happy Wednesday! I am giving back Bitcoin to all of my followers. I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!”
It added that the offer was “only going on for 30 minutes.”
The fake messages that appeared on other famous accounts made similar promises of instant riches.
One version of the scam invited people to click on a link at which they would be exploited.
Posts trying to dupe people into sending hackers the virtual currency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
Twitter said it appeared to be a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in cryptocurrency bitcoin, promising they would receive twice as much in return.
More than $100,000 worth of bitcoin was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions. A total of 130 accounts were targeted.
Hackers were obsessed with old Twitter accounts
The young hackers interviewed by the Times said a mysterious user who went by the name “Kirk” initiated the scheme with a message and was the one with access to Twitter accounts.
They contended they were only involved in commandeering lesser-known Twitter accounts, particularly to swipe coveted short handles such as an “@” sign and single letters or numbers that could easily be sold, according to the report.
When the twitter-hack happened, we didn’t jump to “Canaries could help” (not enough info & we avoid this sort of talk anyway)
If the NYT is right, re:rogue employee abusing creds found on an internal slack, this is totally a use-case we’ve discussed before for free Canarytokens pic.twitter.com/jSHDI9hMaf
— haroon meer (@haroonmeer) July 18, 2020
The young hackers maintained they stopped serving as middlemen for “Kirk” when high-profile accounts became targets.
Read more: Turkey rejects Twitter ‘smear’ campaign
Some hackers are “obsessed” with hijacking “Original Gangster” social media accounts staked out in the services’ early days that have short profile names, according to Brian Krebs of Krebs on Security.
“Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground,” Krebs said in a post.
Hackers involved in the attack on Twitter advertised account names at an OGusers.com website, asking for payment in bitcoin, according to the Times report.
AFP with additional input by GVS News Desk