A British man, 21, has denied being behind this week's Twitter hack but admitted he bought a stolen account with Bitcoin, as it's revealed three young gamers carried out the attack after allegedly infiltrating a Slack channel to make $180,000.
Joseph O'Connor, a well-known hacker who goes by the name 'PlugWalkJoe' online, told the New York Times he was not involved in Wednesday's massive breach and was getting a massage near his current home in Spain at the time.
The 21-year-old, who is said to hail from Liverpool, brushed off accusations made by security journalist Brian Krebs Thursday that he was a key player in the hack, and said he was merely a customer of the assailants'.
Logs on Discord, a chat platform used by gamers, obtained by the Times show he bought the Twitter account @6 through one of the hackers who has come forward - 'ever so anxious' - and personalized it, but was not involved in the rest of the conversations among the known hackers involved in the breach.
Authorities are grappling to identify the perpetrators of Wednesday's attack which broke into 130 Twitter accounts including those of some of the world's most famous faces such as Barack Obama, Joe Biden and Elon Musk.
The culprits then posted messages from the famous accounts telling followers to send Bitcoin payments to email addresses, swindling more than $180,000 out of unsuspecting victims in the process and downloading the details of eight unverified accounts.
British man Joseph O'Connor, 21, (pictured) has denied being behind this week's Twitter hack but admitted he bought a stolen account with Bitcoin, as it's revealed three young gamers carried out the attack after allegedly infiltrating a Slack channel to make $180,000
Joseph O'Connor (pictured), a well-known hacker who goes by the name 'PlugWalkJoe' online, told the New York Times he was not involved in Wednesday's massive breach and was getting a massage near his current home in Spain at the time
'I don't care - they can come arrest me,' O'Connor told the Times about his links to the breach.
'I would laugh at them. I haven't done anything.'
According to O'Connor, who KrebsOnSecurity said is at university in Spain, the word in the hacking community is the ringleader of the attack - known only as 'Kirk' - hacked into the Twitter accounts.
'Kirk' managed to infiltrate Twitter's internal Slack messaging channel. O'Connor theorised that the hacker found a way to use a global admin login.
The hacker then accessed individual Twitter accounts and removed two-step verification - a security system where the user must provide two pieces of proof of identity such as a password and a code sent to a mobile phone.
From there, they changed the email address to their own, did a password reset and had full control of the account, O'Connor said.
'The fact he hacked every celebrity in the world and only made $100,000 is embarrassing,' O'Connor told The Sunday Times.
The ringleader then recruited at least two other hackers - 'lol' who identified himself as a man in his 20s living on the West Coast and 'ever so anxious' who said he was 19 and lived in the south of England with his mother.
Nothing is yet known about the identity of 'Kirk' including their nationality, location or whether they are also a lone young hacker or if they work for a higher force.
Before Wednesday, the hacker was not known in the murky hacking world and his Discord profile was only created on July 7.
It is also not clear how much information the mastermind stole from his high-profile victims such as their private conversation history.
'Kirk' first approached 'lol' online late on Tuesday, claiming he worked at Twitter and showing off his ability to hijack accounts, 'lol' told the Times.
'ever so anxious' was able to gain control of the Twitter account he had long coveted, @anxious, which now displays his contact info in the bio, according to the Times
The group posted ads on the forum OGusers.com offering to sell 'OG accounts' for Bitcoin
'yoo bro. i work at twitter / don't show this to anyone / seriously,' wrote 'Kirk' in the conversation seen by the Times.
'Kirk' showed 'lol' he could take control of Twitter accounts and lured in 'ever so anxious' the same way Wednesday morning, they allege.
The mystery ringleader then offered to hijack coveted 'OG accounts' and proposed that 'lol' and 'ever so anxious' could sell them.
OG, short for 'original gangster', accounts consist of a username with single character or short word, such as @6, @b, or @dead, which would have been created early in Twitter's history.
Such accounts are highly coveted by hackers and gamers, with people paying high amounts to buy the stolen accounts.
The group sold @dark, @w, @l, @50 and @vague among others that day and 'ever so anxious' also took the screen name @anxious for himself.
The attack affected high-profile accounts including former president Barack Obama and Bill Gates
After their initial scheme saw modest success, bringing in thousands of dollars, 'lol' and 'ever so anxious' claimed to the Times that 'Kirk' went rogue, hijacking high-profile accounts and posting requests to send bitcoin to the wallet address that 'Kirk' had also used to receive payment for the OG names.
The young hackers maintained they stopped serving as middlemen at this point and insist they were not involved in the high-profile Bitcoin scam that drew in $180,000 using celebrity accounts.
The posts said people had 30 minutes to send $1,000 in bitcoin, promising they would receive twice as much in return.
They say 'Kirk' has since vanished and 'lol' now doubts the ringleader works for Twitter after seeing the damage they were willing to inflict on the company.
Analysis of the Bitcoin transactions by The Times and research firm Chainalysis confirmed that 'Kirk' was taking money in and out of the same Bitcoin wallet used in the lower level scam of the stolen OG accounts and the progressively higher level attacks on the celebrity accounts.
Three investigators also confirmed to the Times that the Bitcoin wallet was used in both schemes.
The fraudulent posts managed to draw in more than $180,000 worth of Bitcoin before Twitter shut it down by deleting the posts and shutting off access for broad swaths of users.
Cybersecurity experts were stunned by the startling revelation that the breach, unprecedented in scale for the social media site, seemingly amounted to youthful hijinks.
'An incident such as this could have extraordinary serious consequences - manipulation of the markets, disinformation relating to an election, etc,' Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.
'However, in this case, reporting suggests that the hack was carried out by a group of young people who may have done nothing worse than execute a bitcoin scam,' he said. 'Twitter got lucky.'
The massive hack has raised questions about Twitter's security as it serves as a megaphone for politicians ahead of November's election.
Twitter said Saturday that hackers had 'manipulated' some of its employees to access the accounts.
It also confirmed that 130 accounts were breached, including 45 where passwords and logins were reset and tweets sent.
Personal data was downloaded from eight unverified accounts.
'We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,' said a statement posted Saturday on Twitter's blog.
'As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.'
It continued: 'For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information through our 'Your Twitter Data' tool. We are reaching out directly to any account owner where we know this to be true.'
Twitter said it will not divulge who owns the eight accounts from which details were downloaded but explained that they were not verified.
This means the most high-profile figures impacted by the hack were not victims of this most significant level of breach.
'There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts,' Twitter said Saturday.
Screenshots alleging to be Twitter's internal account management software were circulated on social media but have since been removed.
The software is used by authorized employees to manage high-profile accounts, several former employees told CNN.
They said hackers likely used this tool to access accounts and reset passwords of the famous victims.
Twitter, the FBI and Congress are all investigating the breach.
Twitter CEO Jack Dorsey is seen above. 130 Twitter accounts were breached and $180,000 Bitcoin swindled in Wednesday's massive hack
No comments:
Post a Comment