According to sources, the Twitter hack where several famous accounts were stolen was carried out by a group of young people. That is the view of The New York Times, which has spoken to four of those involved.
The American newspaper managed to get in touch with the key figures about the hack, who were able to provide evidence of their involvement in the theft of Twitter accounts. According to The New York Times , someone with the pseudonym Kirk played a central role; he was the one with access to Twitter’s systems, communicating with two other hackers under the pseudonyms “Lol” and “Ever so anxious”. Lol is said to be in his twenties who lives on the American west coast, while Ever so anxious is a 19-year-old Brit who still lives with his mother.
Those two acted as intermediaries for the sale of Twitter accounts that Kirk had taken over. For example, one of the first accounts @y was sold, for about $ 1500. The money was channeled to Kirk via bitcoin. The @dark, @w, @l, @ 50 and @vague accounts were also sold for bitcoin.
The New York Times also spoke to one of the hackers’ clients, named Joseph O’Connor. O’Connor, who didn’t mind getting known by his real name, states that he bought the @ 6 account, and was told by Kirk that he obtained credentials on the Twitter systems through an internal Slack channel he logged into. Whether this story by Kirk is correct is not clear; critics argue that it is unlikely that Twitter will share admin logins through a Slack channel.
After selling a number of accounts, with prices eventually reaching tens of thousands of dollars, Kirk decided to choose a different revenue model. He had accounts to which he had access shared links to Bitcoin cams. For that, accounts of famous people were also used. According to The New York Times, Kirk would have made about $ 180,000 in total with the actions.
On Wednesday it already appeared that the Twitter accounts of famous people, including Elon Musk, Bill Gates, Joe Biden, Warren Buffet, Kanye West, and Uber, had been taken over. Those accounts sent messages urging them to donate bitcoin. The promise in the fraud was that the double amount of bitcoin would be returned. It was striking that at the same time the account of Geert Wilders was taken over, without sending bitcoin cam messages.
Twitter says it is investigating the hack, in collaboration with the American authorities. Messages were reported from 45 accounts, out of a total of 130 accounts that were stolen. With four to eight accounts, all data from the account is also downloaded, so that deleted DMs can also be viewed. Incidentally, these were not verified accounts. In addition, the social media site believes that the attackers entered by finding out the login details of Twitter employees via social engineering.
The company says it will provide training to employees to prevent social engineering, as well as consider future security measures to prevent such hacks.