Magazine

A Hacker Used Twitter’s Own ‘admin’ Tool to Spread Cryptocurrency Scam – TipsClear

Posted on the 16 July 2020 by Thiruvenkatam Chinnagounder @tipsclear

Hacker behind Twitter wave The account hacks on Wednesday had access to a Twitter "administration" tool on the corporate network that allowed them to hijack high-level Twitter accounts to spread a cryptocurrency scam, according to a person who direct knowledge of the incident.

The account hijacking has hit some of the most prominent users of the social media platform, including major cryptocurrency sites, but has also trapped several celebrity accounts, including Bill Gates, Jeff Bezos, Elon Musk and Democratic Presidential Hope Joe Biden.

Earlier on Wednesday, Vice reported details of the Twitter administration tool.

A Twitter spokesperson, when reached, did not comment on the allegations. Twitter later confirmed in a series of tweets that the attack was caused by "a coordinated social engineering attack by people who managed to target some of our employees with access to internal systems and tools."

A person involved in the underground hacking scene told TipsClear that a hacker, who is called by the handle "Kirk" - probably not their real name - has generated more than $ 100,000 in a few hours by accessing a internal Twitter tool they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of the affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed that all of the funds a victim had sent "will be returned doubled."

The person told TipsClear that Kirk started by selling access to courtesy Twitter accounts, such as short, simple, and recognizable usernames. It's a big deal, if not yet illegal. A stolen user name or social media identifier can range from a few hundred to several thousand dollars.

Kirk is said to have contacted a "trusted" member on OGUsers, a popular forum for traders of hacked social media handles. Kirk needed the trusted member to help sell the stolen vanity usernames.

In several screenshots from a Discord discussion shared with TipsClear, Kirk said, "Email me @ and BTC," referring to Twitter usernames and cryptocurrency. "And I'm going to finish your shit," he said, referring to the hijacking of Twitter accounts.

But later that day, Kirk "started hacking everything," the person told TipsClear.

Kirk would have had access to an internal tool on the Twitter network, which allowed them to effectively take control of a user's account. A screenshot shared with TipsClear shows the apparent administration tool. (Twitter removes tweets and suspends users who share screenshots of the tool.)

The tool appears to allow users - apparently Twitter employees - to control access to a user's account, including modifying the email associated with the account and even completely suspending the user. (We removed the details from the screenshot because it appears to represent a real user.)

The individual did not say exactly how Kirk got access to internal Twitter tools, but speculated that a Twitter employee's corporate account was hijacked. With a hijacked employee account, Kirk could penetrate the internal network of the company. The person also said it was unlikely that a Twitter employee would be involved in the account recoveries.

As part of his hacking campaign, Kirk first targeted @binance, said the person, and then quickly switched to popular cryptocurrency accounts. The person said that Kirk made more money in an hour than selling usernames.

To take control of the platform, Twitter briefly suspended certain actions on the account - and prevented verified users from tweeting - in an apparent effort to stem account hijackings. Twitter then tweeted that it "was working to get things back to normal as quickly as possible."


Back to Featured Articles on Logo Paperblog