According to sources, the Twitter hack in which several famous accounts were stolen was carried out by a group of young people. That says The New York Times, which has spoken with four of those involved.
The US newspaper managed to get in touch with key figures surrounding the hack, who were able to provide evidence of their involvement in the theft of Twitter accounts. According to The New York Times, someone with the pseudonym Kirk played a central role; he was the one with access to Twitter’s systems, and communicated with two other hackers, using the pseudonyms “Lol” and “Ever so anxious”. Lol is said to be in his twenties who lives on the American west coast, while Ever so anxious is a 19-year-old Briton who still lives with his mother.
Those two acted as middlemen for the sale of Twitter accounts that Kirk had acquired. For example, @y was one of the first accounts to be sold for about $ 1500. The money was channeled to Kirk via bitcoin. The @dark, @w, @l, @ 50 and @vague accounts were also sold for bitcoin.
The New York Times also spoke to one of the hackers’ clients, named Joseph O’Connor. O’Connor, who did not mind being known with his real name, says he bought the account @ 6, and was told by Kirk that he obtained login credentials to the Twitter systems through an internal Slack. channel he was able to log in to. Whether this story of Kirk is correct is not clear; critics argue that Twitter is unlikely to share admin logins through a Slack channel.
After selling a number of accounts, with prices eventually reaching tens of thousands of dollars, Kirk decided to choose a different business model. He let accounts he had access to share links to bitcoin cams. Before that, accounts of famous people were also used. According to The New York Times, Kirk would have made a total of about $ 180,000 from the actions.
On Wednesday it appeared that the Twitter accounts of famous persons, including Elon Musk, Bill Gates, Joe Biden, Warren Buffet, Kanye West and Uber had been taken over. Those accounts sent messages asking to donate bitcoin. The promise with the fraud was that double the amount of bitcoin would be returned. It was striking that at the same time the account of Geert Wilders had been taken over, without this bitcoin cam messages being sent.
Twitter says investigate the hack, in conjunction with US authorities. Messages would have been sent from 45 accounts, out of a total of 130 accounts that were stolen. With four to eight accounts, all data from the account has also been downloaded, so that deleted DMs are also visible. Incidentally, this did not concern verified accounts. In addition, the social media site thinks that the attackers entered by retrieving the login details of Twitter employees through social engineering.
The company says it will provide training to employees to avoid social engineering, as well as thinking about future security measures to prevent such hacks.