A YOUNG British lad has denied being behind one of the worst Twitter attacks in history but admits buying a stolen account with Bitcoin as three hackers come forward.
Joseph O'Connor, a 21-year-old hacker who goes by the name 'PlugWalkJoe' online, denied the accusations he was a key player and said he was merely getting a massage near his home in Spain at the time.
Wednesday night's attack successfully broke into 130 Twitter accounts including Kanye West, Kim Kardashian, Elon Musk, Jeff Bezos, Barack Obama, Apple, Uber and Bill Gates.
The hacked accounts urged people to send $1,000 on cryptocurrency Bitcoin to another online account and has so far allegedly netted $180,000.
Security journalist Brian Krebs accused a small group of hackers of infiltrating a Slack channel to pull off the bold stunt.
On Thursday he tweeted: "Who's behind Wednesday's epic compromise of Twitter? This post holds some very convincing answers" alongside a screenshot of Joseph's account.
Mr O'Connor has denied he was a key player in the hack, saying he was just a customer of the assailants.
Logs on Discord – a chat platform used by gamers – show that while 'PlugWalkJoe' acquired the Twitter account @6 through “ever so anxious,” and briefly personalized it, he was not otherwise involved.
'COME ARREST ME'
The young hacker told The New York Times: “I don’t care. They can come arrest me.
"I would laugh at them. I haven’t done anything.”
Mr O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers.
The New York Times has made contact with three of the hackers who proved that they were behind the hit.
I don’t care. They can come arrest me. I would laugh at them.
The hack began on Tuesday on an online messaging platform Discord, with two hackers named lol and Kirk.
“Yoo bro,” wrote Kirk, according to a screenshot of the conversation shared with the paper.
“I work at twitter / don’t show this to anyone / seriously.”
'DON'T SHOW THIS TO ANYONE'
He then showed 'lol' that he could take control of valuable Twitter accounts, something that would need insider access to the company’s computer network.
Kirk may not have worked for Twitter, but he had access to Twitter’s most sensitive tools, which allowed him to take control of almost any Twitter account including VIP's.
In spite of the colossal damage done to the reputation of online security caused by the hit, the basic details of those who were responsible, and how they did it, are still unknown.
Officials are still in the early stages of their investigation.
Twitter has revealed some of its employees with access to internal systems had been targeted by a “coordinated social engineering attack”.
The people who spoke with the NYT shared multiple logs and screenshots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public.
The Times verified that the four people were connected to the hack by matching their social media and cryptocurrency accounts to accounts that were involved with the hack.
The interviews indicate that the attack was done by a group of young people, possibly even teenagers.
One of them says he still lives at home with his mom in England.
Kirk, who is still unidentified, is deemed the mastermind and is known to have been taking money in and out of the same Bitcoin account over the course of the day.
'I WORK AT TWITTER'
It is still unclear how much sensitive information Kirk gained from inside access to the account, which includes private messaging.
'lol' and another hacker, 'ever so anxious' said they had only facilitated the purchases and takeovers of lesser-known Twitter addresses early in the day and had stopped when Kirk started hitting high profile targets at around 3:30pm Eastern time on Wednesday.
'lol' said he lived on the West Coast and was in his 20s. 'ever so anxious' said he was 19 and lived in the south of England with his mother.
Kirk did not have much of a reputation in hacker circles before Wednesday. His profile on Discord had been created only on July 7, whereas 'lol' and 'ever so anxious' are relatively well known in handle hacker circles.
Kirk approached them as his middlemen and they would take a cut from each transaction.
The group set about hacking and then selling hotly desired short 'O.G.' twitter handles, that can sell for thousands of dollars.
In one of the first transactions, 'lol' brokered a deal for someone who was willing to pay $1,500, in Bitcoin, for the Twitter user name @y.
The money went to the same Bitcoin wallet that Kirk used later in the day when he got payments from hacking the Twitter accounts of celebrities, the public ledger of Bitcoin transactions shows.
The group posted an ad on OGusers.com, offering Twitter handles in exchange for Bitcoin.
'Ever so anxious' took the screen name @anxious, which he had long coveted.
“I just kinda found it cool having a username that other people would want,” 'ever so anxious' told The Times.
Customers poured in and Kirk upped his prices and demonstrated his access to Twitter’s systems, changing the most fundamental security settings on any user name and sending out pictures of Twitter’s internal dashboards as proof that he had taken control of the requested accounts.
The group handed over @dark, @w, @l, @50 and @vague, among many others.
A Twitter spokesman declined to comment, citing the active investigation.
Shortly before 3:30pm, tweets from the biggest cryptocurrency companies, like Coinbase, started asking for Bitcoin donations to the site cryptoforhealth.com, which was Kirks Bitcoin wallet, according to investigators.
“We just hit cb,” an abbreviation for Coinbase, Kirk wrote to “lol” on Discord a minute after taking over the company’s Twitter account.
Kirk quickly escalated his efforts, posting a message from accounts belonging to celebrities like Kanye West and tech titans like Jeff Bezos: "Send Bitcoin to a specific account and your money would be sent back, doubled."
Shortly after 6pm, Twitter seemed to catch up with the attacker, and the messages stopped.
The company had to turn off access for broad swaths of users, and days later, the company was still piecing together what had happened.
Twitter said in a blog post that the attackers had targeted 130 accounts, gaining access and tweeting from 45 of that set.
They were able to download data from eight of the accounts, the company added.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," TwitterSupport said on Friday.
"Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident.
"For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry.”
When 'ever so anxious' woke up just after 2:30 a.m. GMT, he looked online, saw what had happened and sent a disappointed message to lol.
“I’m not sad more just annoyed. i mean he only made 20 btc,” he said, referring to Kirk’s Bitcoin profits from the scam, which translated to about $180,000.
Kirk had stopped responding to his middlemen and had disappeared.
Twitter said in a blog post that the attackers had targeted 130 accounts, gaining access and tweeting from 45 of that set
Source: Read Full Article