Hackers shared details of the celebrity hacking on Twitter
Last week, the social network Twitter was subjected to a large-scale cyberattack, during which attackers gained access to the accounts of Microsoft founder Bill Gates, SpaceX CEO Elon Musk, Amazon CEO Jeff Bezos, etc. $ 180 thousand. Journalists of The New York Times talked with the hackers involved in the hacking, and learned some of the details of the incident.
According to the publication, the cybercriminals responsible for the hack met in the Discord chat. Users using the pseudonyms lol and ever so anxious were interested in buying and selling Twitter addresses that consist of one letter or number. They were contacted by a user using the pseudonym Kirk, who allegedly worked on Twitter. Users lol and ever so anxious sold short addresses on Twitter, and Kirk paid them a fraction of the amount from each transaction. One of these deals was the sale of the @y account for $ 1,500, and the money was transferred to the same hackers' wallet that was listed in the celebrity accounts after the hack.
Kirk had access to Twitter's internal tools and showed off a screenshot as proof. According to hacker Joseph O'Connor, known by the pseudonym PlugWalkJoe, Kirk infiltrated the Twitter feed on the Slack service and thus gained access to the service's servers.
Twitter representatives also provided details of their investigation into the incident:
- The incident occurred on Wednesday, July 15, 2020;
- Hackers used social engineering to gain access to Twitter employee accounts;
- The hackers allegedly hacked into Slack employee accounts and found Twitter backend credentials pinned to the Slack channel;
- According to representatives of the social network, the criminals bypassed their two-factor protection, but did not specify whether they referred to backend accounts or Slack accounts;
- After gaining access to the Twitter backend, the attackers used Twitter's own technical support tools to interact with the accounts;
- The hackers also allegedly tried to sell access to some hacked Twitter accounts due to highly coveted usernames;
- In eight cases, the perpetrators uploaded account data using the “Your Twitter data” feature;
- The attackers had access to information about the email addresses and phone numbers of the targeted accounts.
Last week, Twitter was hit by an attack that compromised the accounts of many public figures and large companies, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, CoinDesk, Binance and Gemini, and so on.
The cybercriminals used the gained access to the top accounts by arranging a fake distribution of bitcoins. The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received.
The preliminary results of the investigation state that 130 accounts were hacked. For 45 of them, passwords were successfully reset and compromised. For 8 more accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, none of these 8 accounts were verified (had no blue checkmark).
Alas, even in 2020, there were many people who believed that Bill Gates, Elon Musk and other famous people and companies suddenly started distributing bitcoins. Since all the hacked accounts used the same messages and the same bitcoin wallet , you can see that the scammers "earned" about 13 BTC, that is, about $ 120,000.
However, as it turned out now, this amount could have been much higher. In an interview with Forbes, Philip Martin, director of information security for cryptocurrency exchange Coinbase, said that upon noticing the attack on Twitter and scammers' messages, the exchange employees immediately took a number of actions. In particular, Coinbase prevented 1,100 customers from transferring 30.4 BTC to the attackers' address, that is, approximately $ 280,000 at the current exchange rate.
According to Martin, only 14 Coinbase users managed to send bitcoins to the address of the scammers (for a total of about $ 3,000) before Coinbase blacklisted him.
Other exchanges, including Gemini, Kraken and Binance, also reported that they blocked funds transfers to the hackers' wallet, although their users made far fewer transaction attempts than Coinbase users.
Forbes notes that blacklisting certain addresses (even if they are used by scammers and criminals) has already made the cryptocurrency community start talking about possible censorship from major exchanges and exchangers.
