Do you remember what happened this week on Twitter? On Wednesday the alarms went off around the world, because several accounts of public and / or famous people had suffered a hack. Bill Gates, Elon Musk, Jeff Bezos, Barack Obama or Joe BidenIn addition to large companies such as Apple or Uber, they suffered an attack with which those responsible for the attack tried to defraud the followers of these personalities. That as you can imagine, are not few. Absolutely.
Plunged into chaos, these Twitter users began sharing links to scams related to cryptocurrencies and specifically bitcoin. But who is behind this attack? What would be the motivation and the people who have wanted to defraud the users of this social network en masse?
Well, Twitter already has a reason on the table. It seems that the attack was launched because someone in some way coerced one of the company’s employees, with the aim that will provide direct access to the administration tools that Twitter drives internally.
But, let’s start at the beginning, how did the attack develop?
One of the first posts was made from the account of Binance, a cryptocurrency exchange service. The tweet said that they had partnered with CryptoForHealth to give up to 5,000 bitcoins as a donation, with a direct link to send money.
From that moment on, a storm of tweets broke out very similar, but in this case from the accounts of Joe Biden, the Democratic presidential candidate for the United States elections; Jeff Bezos, the president of Amazon; Barack Obama, the former president, Elon Musk, the CEO of Tesla; Michael Bloomberg, former mayor of New York City or tycoon Warren Buffett.
Okay, so you might think with this message that nobody can believe it. As well: you should know that in 24 hours almost 400 transactions were achieved, worth 13 bitcoins, which would be more than $ 100,000.
Twitter is perfectly aware that the attack has been forged from within. That is, someone has managed to coerce someone who works on Twitter, in such a way that they have been able to access the accounts of the aforementioned celebrities and tweet on their behalf.
Attackers would be specialized in account hijacking
Experts consider that the attack has been perpetrated by someone who knows a lot about hijacking accounts on social networks, through SIM Swapping, a form of attack that involves bribing or coercing employees of large technology companies to provide them access to the accounts of important people.
In this marketing of hackers, the sale and purchase of accounts on social networks is offered and the possibility of accessing them for a small price per unit (between $ 2,000 and $ 3,000). Modical for many benefits that one can get using this technique.
The hijacking of accounts would have been formalized from within. Attackers would have changed the linked email addresses, disabling the possibility for the real user to receive any notifications and thus to trigger an alarm. One of the first things attackers have done when accessing accounts has been disabling two-step authentication. From there, hackers would have had a free hand to launch tweets.
Through the hijacked accounts, different images were shared, among others, those of some internal Twitter tools. Upon realizing the attack, those responsible for the platform blocked these accounts to render them unable to operate.
The accounts from which this outrage would have been committed would be linked, according to KrebsOnSecurity, to PlugWalkJoe. Investigators believe that this character would be linked to different attacks in the past.
It seems, then, that the person behind this profile is Joseph James Connor, a 21-year-old from Liverpool, United Kingdom, who is in Spain. Here he was studying since the beginning of the year, but due to the restrictions caused by COVID-19, it could not have been moved from here. And, therefore, it would have carried out the attacks from our country.
Other news about … Twitter