The Limited Times

Now you can see non-English news...

Hackers tell the story of the Twitter attack from the inside

2020-07-18T19:23:30.008Z


They are adept at buying and selling accounts with "original" names like "@y" or "@ 6". "I work on Twitter / don't show it to anyone / seriously," the chat said.


07/18/2020 - 13:07

  • Clarín.com
  • Technology

A Twitter hacking scheme targeting political, corporate and cultural elites this week began with a sneaky message between two hackers on Tuesday night on the Discord chat platform .

"Yoo bro," wrote a user named " Kirk, " according to a screenshot of the conversation shared with the American newspaper The New York Times. "I work on Twitter / don't show it to anyone / seriously."

And then he proved that he could take control of valuable Twitter accounts, which would require internal access to the company's computer network.

The hacker who received the message, with the username " lol, " thought for the next 24 hours that Kirk didn't actually work for Twitter because he was too willing to harm the company.

But Kirk had access to Twitter's most sensitive tools, allowing him to take control of almost any Twitter account , including those of former President Barack Obama, Joseph R. Biden Jr., Elon Musk, and many other celebrities.

Former US President Barack Obama, along with Microsoft co-founder Bill Gates. (EFE Photo, File)

Despite global attention to the intrusion, which shook trust on Twitter and security provided by other tech companies, the details of who was responsible and how they did it were a mystery . Officials are still in the early stages of their investigation.

It is still unclear how Kirk used his access to the accounts of people like Biden and Musk.

The New York Times

But four people who participated in the scheme spoke to the New York Times and shared numerous records and screenshots of the conversations they had on Tuesday and Wednesday, demonstrating their participation both before and after the hack was made public.

Interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers . Instead, it was done by a group of young people, one of whom says he lives at home with his mother, who met because of his obsession with possessing "early" or unusual users, particularly a letter or number, such as "@ and "or" @ 6 ".

Account hacks

Jeff Bezos, one of the targets. (AP)

The Times verified that all four people were connected to the hack by matching their social media and cryptocurrency accounts to the accounts involved with Wednesday's events. They also presented evidence of their participation, such as logs of their conversations on Discord , a popular messaging platform among gamers and hackers, in addition to Twitter.

Kirk played a central role in the attack, pouring money in and out of the same Bitcoin address as the day progressed, according to an analysis of Bitcoin transactions conducted by The Times, with the help of research firm Chainalysis.

But Kirk's identity, his motivation, and whether he shared his access to Twitter with someone else remain a mystery even to the people who worked with him. It is still unclear how Kirk used his access to the accounts of people like Biden and Musk to obtain more inside information, such as his private conversations on Twitter.

The hacker "lol" and another he worked with, whose screen name was " ever so anxious ," told the New York Times that they wanted to talk about their work with Kirk to demonstrate that they had only facilitated address purchases and acquisitions. less known Twitter.

In particular, they specified that they had not continued to work with Kirk once more high-profile attacks began around 3:30 pm EST on Wednesday.

"I just wanted to tell you my story because I think you could clarify something about me and be so anxious, " said "lol" in a chat on Discord, where he shared all the records of his conversation with Kirk and demonstrated his ownership of the cryptocurrency accounts that used to perform with Kirk.

"Lol" did not confirm his identity in the real world, but said he lived on the west coast and was in his 20s. " Ever so anxious ", ("Very anxious" in Spanish) said he was 19 years old and lived in the south of England with his mother.

Investigators following the attacks said several of the details provided by the hackers were in line with what they had learned so far, including Kirk's involvement in both the large later day computer attacks and the low-profile attacks on early Wednesday.

The Times initially contacted the hackers by a California security investigator, Haseeb Awan, who contacted them because, he said, several of them had previously attacked him and a Bitcoin-related company that he once had .

I just thought it was great to have a username that other people would want

"Ever so anxious" (hacker)

They also unsuccessfully approached their current company, Efani, a secure phone provider.

The user known as Kirk didn't have much of a reputation in hacker circles before Wednesday. His Discord profile had only been created on July 7.

But "lol" and "always so eager" were well known on the OGusers.com website , where hackers have gathered for years to buy and sell valuable social media screen names , security experts said.

The “Original gangsters”, coveted users

For gamers, Twitter users and hackers, so-called OG (Original gangster) generally use a short word or even a number, they are highly sought after. Often, the first users of a new online platform, the "original gangsters" of a new application, take over these striking "arrobas".

Users who come to the platform later often crave the credibility of an OG, and pay hackers thousands of dollars to steal them from their original owners.

Chat between hackers. (The New York Times)

Kirk hooked up with "lol" on Tuesday night and then "very anxious" on Discord early Wednesday, and asked them if they wanted to be his intermediaries, selling Twitter accounts to the online underworld where they were known. They would take a part of each transaction.

In one of the first transactions, "lol" negotiated a deal for someone who was willing to pay $ 1,500, in Bitcoin , for the Twitter username @y .

The money went to the same Bitcoin wallet that Kirk used later in the day when he received payments for hacking into celebrity Twitter accounts , the Bitcoin public transaction book shows.

The group published an announcement on OGusers.com, which offers Twitter IDs in exchange for Bitcoin. "Very anxious" took the screen name @anxious, which he had coveted so much. (Your custom details are still on the suspended account.)

" I just thought it was great to have a username that other people would want ," "very anxious," he said in a chat with the Times.

As the morning wore on, customers came in and the prices Kirk demanded went up. It also demonstrated how much access he had to Twitter's systems . He was able to quickly change the most fundamental security settings on any username and sent photos from Twitter's internal dashboards as proof that he had taken control of the requested accounts.

The group delivered @dark, @w, @l, @ 50 and @vague , among many other users.

Hacking Twitter: the information was found inside the New York Times. (The New York Times)

One of his clients was another well-known figure among hackers dealing with usernames: a young man known as "PlugWalkJoe" .

On Thursday, PlugWalkJoe was the subject of an article by security journalist Brian Krebs, who identified the hacker as a key player in the Twitter intrusion.

Discord's records show that while PlugWalkJoe acquired the Twitter account @ 6 through "always so eager" and briefly personalized it, he was not involved. PlugWalkJoe, who said his real name is Joseph O'Connor, added in an interview with the Times that he had received a massage near his current home in Spain when the events occurred.

"I don't care," said Mr. O'Connor, who said he was 21 and British. "You can come arrest me. I would laugh at them. I did not do anything".

Slack: there were the credentials

Gates, Biden, Musk and Bezos: four of the affected accounts. (AFP)

Mr. O'Connor said that other hackers informed him that Kirk gained access to Twitter's credentials when he found a way on Twitter's internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company servers.

People who investigated the case said it was consistent with what they had learned so far. A Twitter spokesperson declined to comment, citing the active investigation.

All the transactions involving "lol" and "always so anxious" took place before the world knew what was going on. But shortly before 3:30 p.m., tweets from the largest cryptocurrency companies, such as Coinbase, began asking for donations of Bitcoin to the site cryptoforhealth.com.

"We just got to CB," an abbreviation for Coinbase, Kirk wrote "lol" on Discord a minute after taking over the company's Twitter account.

Elon Musk, one of the "targets" of the hackers. (Reuters)

The Bitcoin public transaction book shows that the Bitcoin wallet that paid to set up cryptoforhealth.com was the wallet that Kirk had been using all morning , according to three researchers, who said they were unable to speak in the registry due to the open investigation. .

In several messages on Wednesday morning, "very anxious" spoke about his need for a little sleep, since it was later in England. Shortly before the big hacks began, he sent his girlfriend a phone message saying "nap time," and disappeared from Discord's records.

Kirk quickly stepped up his efforts, posting a message from accounts belonging to celebrities like Kanye West and tech titans like Jeff Bezos: Send Bitcoin to a specific account and your money will be returned, duplicated.

Shortly after 6 p.m., Twitter seemed to stop the attacker, and messages stopped. But the company had to disable access for a wide swath of users, and days later, the company was still rebuilding what had happened.

The hacked tweets all said the same thing: they called to buy bitcoins. (Twitter)

Twitter said in a blog post that the attackers had targeted 130 accounts, gaining access and tweeting from 45 of that set. They were able to download data from eight of the accounts, the company added.

"We are very aware of our responsibilities to the people who use our service and to society in general," the blog post reads. " We are ashamed, disappointed, and, most of all, sorry ."

When "very anxious" he woke up just after 2:30 am in Britain, he searched online, saw what had happened and sent a disappointed message to his fellow broker, "lol".

" I'm not sad, just pissed off. I mean he only earned 20 btc," he said, referring to Kirk's Bitcoin earnings from the scam, which translated to around $ 180,000.

Kirk, whoever he was, had stopped responding to his interlocutors and had disappeared.

By: Nathaniel Popper and Kate Conger

c.2020 The New York Times Company

Source: clarin

All tech articles on 2020-07-18

You may like

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.