Security expert Brian Krebs has identified a possible backer for the recent attacks on celebrity and corporate Twitter accounts. Evidence seems to indicate a perpetrator from the SIM card hacker community who is supposed to be hiding behind the pseudonym PlugWalkJoe. According to a security industry source, it is a 21-year-old from Liverpool named Joseph James Connor.
He is currently said to be in Spain for university studies. He is still there due to travel restrictions resulting from the COVID 19 pandemic. The Brit was identified by a detail in a photo that PlugWalkJoe published on his Instagram account. It is also said to be seen in a video chat that investigators conducted with the 21-year-old.
According to the British, Krebs got on the trail of the British via tweets from users from the SIM hacker scene. On hijacked by themAccounts were screenshots of Twitter employees’ internal tools posted – the tools that Twitter said were used to hijack celebrity accounts.
Originally, the backers of OG accounts are said to be targeting, whose account names are very short and consist of only one or a few characters. In the circles of SIM hackers, the takeover of such accounts should be seen as a status symbol.
Shortly before the Twitter hack, a user named Chaewon boasted in a forum of the SIM hacker community that he could change the email address to any Twitter account for just $ 250. For $ 2,000 to $ 3,000, he even provides direct access to a special account. His offer even included a money back guarantee.
A few hours before the attacks, the backers hijacked the Twitter account @ 6, previously owned by hacker Adrian Lamo and now owned by a security researcher named Lucky225, according to Krebs. He was automatically informed by Twitter about the change in the email address of his Twitter account. The attackers had successfully levered out the two-factor authentication used by him via mobile app and locked him out of his account.
“The attack worked so that it appears that Twitter’s admin tools can update every Twitter user’s email address without any kind of notification to the user,” the researcher told KrebsOnSecurity. “So could [die Angreifer] Avoid discovery by first updating the account email address and then turning off two-factor authentication. “
Twitter itself has so far not commented on the course of the attack. The company said, however, that it has so far found no evidence that the hackers have also compromised user passwords. Therefore, it is currently not planned to reset user passwords.
However, according to Twitter, the process of changing the password has been suspended for some accounts. This is to prevent further accounts from being hijacked.
Twitter continues its investigations. US law enforcement officers have also opened investigations.