How easily can someone hack Twitter?

Security Researcher: Broad Twitter Hack Started Selling Coveted Names

Is it really over yet? After a large number of accounts fell into the hands of hackers in mid-July, Twitter reacted quickly and initially blocked a large number of users in order to gain time for more targeted countermeasures. The service then deleted external messages and gradually released the access again, and on the third day, for example, Tesla CEO Elon Musk was able to resume his intensive Twitter activities. But the intruders previously had extensive access to private messages from many prominent users for hours. It is surprising that they did not cause much more damage - but something could still follow.

The visible events on Twitter began, as security researcher Brian Krebs writes in an analysis, on July 15 at around 3 p.m. US East Coast time: First with the account of the crypto exchange Binance and then with others, the hackers called for Bitcoin donations for one Organization called CryptoForHealth. This was soon followed by tweets from prominent users who promised their followers that, out of sheer nicety, they would return double the amount of any sum sent to a certain Bitcoin address.

Twitter users less naive

According to Krebs, messages of this kind came from Tesla boss Musk, his friend Kanye West, his colleague CEO Jeff Bezos at Amazon, the investor legend Warren Buffet and the US presidential candidate Joe Biden, who each have millions of followers, so one promise high distribution. But Twitter users turned out to be less naive than the hackers might have hoped: In total, only the equivalent of around $ 120,000 should have been sent to the Bitcoin addresses they provided.

And that was possibly the second disappointment for the intruders, according to the report from Krebs: One day before the celebrity attack, a user named chaewon offered email addresses from any Twitter address on a special website for $ 250 each. To change users and to hand over the complete access data for the respective account for 2,000 to 3,000 dollars. Later messages indicated that he had gained access to Twitter's internal management tools.

Initially, it only seemed to be about particularly sought-after user names. The earlier you get to a new service, the more choice you legally have, but in hacking circles, even names that have been bought or by fraudulently have high prestige value. The New York Times later spoke to four people who they said were involved or informed about the event. Two of them said they had brokered sales of catchy Twitter names like @y or @ 6.

Sender of the crypto messages

However, they no longer wanted to have been involved in the subsequent abuse of celebrity accounts. Possibly the hacker, who called himself Kirk elsewhere, continued alone or with other helpers after the name was sold. According to the New York Times report, it is unlikely that someone else with accounts he bought would send the fake crypto messages on Wednesday: The Bitcoin addresses given should be traceable to the four people who participated in the takeover offers from the previous day were involved.

Obviously, it was Kirk, who seems to be the central figure in the Twitter attack, at least as much about hacking merits as simply about money, when the attempt began to direct Bitcoin with the fake messages from celebrities -Collect payments. Observers, however, shook their heads at how little he ultimately achieved with the concentrated Twitter power in the form of accounts with tens of millions of followers.

Twitter hack: private messages also accessed

As Tesla's Musk has already shown, he can move billions with Twitter messages. In 2018, the CEO announced a purchase of Tesla from the stock market, which led to a jump in price, this year he described the price as too high and the share fell significantly. Warren Buffett's word also has the highest weight in the financial world - a hint of a takeover from his account would have been enough to have a significant influence on the course of the alleged target.

On the other hand, trades on official stock exchanges can always be tracked, so the hacker or hackers may have been prudent enough to keep their hands off them. But according to a report by Twitter itself, they also accessed the private messages of 36 of their 130 victims up to the locks, with 8 accounts even downloading the entire Twitter history. Both should still contain some material with which one can earn money or at least cause unrest in politics and business.

(jle)

Read comments (10) Go to the homepage