Three young friends - including a teen who lives in his mom's basement and another with the username 'lol' - hijacked Twitter's most high-profile accounts in a Bitcoin scam that spiraled out of control
Hackers involved in the high-profile hijacking of Twitter accounts earlier this week were a group of young pals with no links to state or organized crime, according to a new report.
The attack, which Twitter and the FBI are investigating, started with a playful message between hackers on the platform Discord, a chat service popular with gamers, according to the New York Times.
Cybersecurity experts were stunned by the startling revelation that Wednesday's breach, unprecedented in scale for the social media site, seemingly amounted to youthful hijinks.
'An incident such as this could have extraordinary serious consequences - manipulation of the markets, disinformation relating to an election, etc,' Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.
'However, in this case, reporting suggests that the hack was carried out by a group of young people who may have done nothing worse than execute a bitcoin scam,' he said. 'Twitter got lucky.'
Twitter CEO Jack Dorsey is seen above. Wednesday's massive hack of the social media site was perpetrated by a group of young pals with no state ties, according to a new report
The group posted ads on the forum OGusers.com offering to sell 'OG accounts' for bitcoin
The attack unfolded when a mysterious ringleader, known by the username 'Kirk', first approached other participants online late on Tuesday, claiming that he worked at Twitter and showing off his ability to hijack accounts, according to Times interviews with four people connected with the scheme.
'Kirk' offered to hijack coveted 'OG accounts' and proposed that the group could sell them. OG, short for 'original gangster', accounts consist of a username with single character or short word, such as @6, @b, or @dead, which would have been created early in Twitter's history. Such accounts are highly coveted by hackers and gamers.
'Kirk' convinced two other young people, who go by the monikers 'lol' and 'ever so anxious' to act as brokers for the sale of OG names, and the two posted an ad on the forum OGusers.com, where they are well known, according to the Times.
The user 'lol' did not confirm his real-world identity to the Times, but said he lived on the West Coast and was in his 20s. 'Ever so anxious' said he was 19 and lived in the south of England with his mother.
After 'Kirk' proved that he had the ability to take over any Twitter account, the group began hijacking and selling coveted OG usernames, including @anxious, which 'ever so anxious' had long desired.
'ever so anxious' was able to gain control of the Twitter account he had long coveted, @anxious, which now displays his contact info in the bio, according to the Times
After their initial scheme saw modest success, bringing in thousands of dollars, 'lol' and 'ever so anxious' claimed to the Times that 'Kirk' went rogue, hijacking high-profile accounts and posting requests to send bitcoin to the wallet address that 'Kirk' had also used to receive payment for the OG names.
The fraudulent posts, which were largely deleted quickly, said people had 30 minutes to send $1,000 in bitcoin, promising they would receive twice as much in return.
More than $100,000 worth of bitcoin was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
Though 'Kirk' originally claimed to work for Twitter, 'lol' came to doubt the claim after seeing the damage he was willing to inflict on the company.
One hacker interviewed by the Times said he had heard rumors that 'Kirk' gained access to an internal Twitter Slack channel where he saw user credentials posted.
The attack affected high-profile accounts including former president Barack Obama
The massive hack of high-profile users from Elon Musk to Joe Biden has raised questions about Twitter's security as it serves as a megaphone for politicians ahead of November's election.
'Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,' Twitter said in a tweet.
'For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.'
Posts trying to dupe people into sending hackers the virtual currency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
Twitter said it appeared to be a 'coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.'
The young hackers maintained they stopped serving as middlemen for 'Kirk' when high-profile accounts became targets.
Some hackers are 'obsessed' with hijacking 'Original Gangster' social media accounts staked out in the services' early days that have short profile names, according to Brian Krebs of Krebs on Security.
'Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground,' Krebs said in a post.
No comments: