One of the young hackers involved in the hijacking of over 130 Twitter accounts including those belonging to Barack Obama and Elon Musk this week is believed to be a British teenager who lives with his mother, according to reports.
An investigation by The New York Times has revealed that a 19-year-old who lives ‘at home in the south of England’ was approached to sell highly-coveted Twitter handles by a mysterious ringleader known by the moniker ‘Kirk’.
The teenager, known as ‘lol’, and another hacker called ‘ever so anxious’ acted as brokers for ‘Kirk’ and sold OG names – accounts which consist of a username and a single character or short word – for thousands of dollars.
‘lol’ and ‘ever so anxious’ claimed that ‘Kirk’ went rogue and started hijacking high-profile accounts after their initial scheme brought in thousands of dollars.
Although the user ‘lol’ did not confirm his real-world identity to The Times, he said that he lived on the West Coast and was in his 20s.
‘Ever so anxious’ said he was 19 and lived in the south of England with his mother.
‘lol’ denied to the Times working with ‘Kirk’ once he began attacking more high-profile accounts on Wednesday afternoon.
Accounts belonging to Joe Biden, Bill Gates, Barack Obama and Elon Musk were among those targeted, with the hackers posting messages on their accounts suggesting followers make ‘donations’ via Bitcoin.
They are being investigated by Twitter and the FBI after Twitter’s chief executive Jack Dorsey apologised for one of the biggest hacks in history.
Twitter CEO Jack Dorsey is seen above. Wednesday’s massive hack of the social media site was perpetrated by a group of young pals with no state ties, according to a new report
The group posted ads on the forum OGusers.com offering to sell ‘OG accounts’ for bitcoin
Millions of followers were told that, that in the spirit of generosity, they would double anyone’s Bitcoin ‘for the next 30 minutes’. Some were duped, sending Bitcoin payments and expecting a double return that never arrived.
Cybersecurity experts were stunned by the startling revelation that Wednesday’s breach, unprecedented in scale for the social media site, had been executed by a group of young hackers, not a sophisticated state actor.
A separate investigation by researcher Brian Krebs and cybersecurity firm Unit 211B claims to have linked another Brit, a notorious hacker who goes by PlugWalkJoe, to the attack.
Hackers in the account hijacking forum OGusers boasted that they could access any Twitter account in the days before the hack, according to Business Insider – and had even offered selling access to accounts for as much as $3,000.
Two Twitter accounts, @shinji and @b, reportedly run by PlugWalkJoe, posted pictures of Twitter’s internal tools on the site shortly before the attack.
Citing a source who works in security at a US-based mobile carrier, Krebs traced @shinji and @b to PlugWalkJoe, which is known for SIM swapping attacks.
PlugWalkJoe is also linked with ChucklingSquad, the group allegedly behind the 2019 hacking of Twitter CEO Jack Dorsey. It is unclear if PlugWalkJoe was acting alone or with others.
The fraudulent posts, which were largely deleted quickly, said people had 30 minutes to send $1,000 in bitcoin, promising they would receive twice as much in return.
More than $100,000 worth of bitcoin was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
Though ‘Kirk’ originally claimed to work for Twitter, ‘lol’ came to doubt the claim after seeing the damage he was willing to inflict on the company.
One hacker interviewed by the Times said he had heard rumours that ‘Kirk’ gained access to an internal Twitter Slack channel where he saw user credentials posted.
The attack affected high-profile accounts including former president Barack Obama
‘ever so anxious’ was able to gain control of the Twitter account he had long coveted, @anxious, which now displays his contact info in the bio, according to the Times
The massive hack of high-profile users from Elon Musk to Joe Biden has raised questions about Twitter’s security as it serves as a megaphone for politicians ahead of November’s election.
‘Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,’ Twitter said in a tweet.
‘For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.’
Posts trying to dupe people into sending hackers the virtual currency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
Twitter said it appeared to be a ‘coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.’
The young hackers maintained they stopped serving as middlemen for ‘Kirk’ when high-profile accounts became targets.
Some hackers are ‘obsessed’ with hijacking ‘Original Gangster’ social media accounts staked out in the services’ early days that have short profile names, according to Brian Krebs of Krebs on Security.
‘Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground,’ Krebs said in a post.
‘An incident such as this could have extraordinary serious consequences – manipulation of the markets, disinformation relating to an election, etc,’ Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.
‘However, in this case, reporting suggests that the hack was carried out by a group of young people who may have done nothing worse than execute a bitcoin scam. Twitter got lucky.’