Ultimate Resource On Coordinated Twitter Attack That Targeted Barack Obama, Elon Musk, Gemini, And More
Recent events indicate that Binance’s Twitter account may have been compromised. Ultimate Resource On Coordinated Twitter Attack That Targeted Binance, CZ, Gemini, And More
A tweet from Binance CEO Changpeng Zhao, also known as CZ, suggests that shady activity is happening over on Binance’s Twitter account.
“Do not click on this link,” CZ tweeted on July 15 from his personal media page, providing a link to recent post from Binance’s breached twitter account, warning the public.
Binance’s Account Tweeted An Odd Post
As linked by CZ, Binance’s account posted about an odd partnership and giveaway. Massive giveaways hold as a tell-tale sign of foul play.
“We have partnered with CryptoForHealth and are giving back 5,000 BTC to the community,” Binance tweeted from its main Twitter account on July 15, spurring suspicion.
Cointelegraph reached out to Binance for further details on the situation. Updates will follow, pending a response.
Twitter Hack Autopsy: Coinbase, Binance, BitGo May Know Hackers ID
The Twitter hackers left inconspicuous Bitcoin trails leading to and from major exchanges that should be able to uncover their identities.
The hackers who conducted the massive Twitter hijacking on July 15 do not appear to be sophisticated Bitcoin (BTC) users, as they left trails leading to and from major exchanges that presumably hold the keys to their identities.
The Bitcoin address that hackers used to solicit illicit donations is bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. A couple of hours into the hack, the perpetrators started moving Bitcoin into other addresses. The Bitcoin trail they are leaving behind suggests that they are not terribly sophisticated when it comes to blockchain technology. They are reusing the same addresses, they are not covering their tracks from and to exchanges sufficiently enough. They have barely used any mixing services.
According to the on-chain evidence we collected, several major exchanges should have their identities.
Coinbase & BitMex
We will focus on an address one hop away from the original — 1Ai52Uw6usjhpcDrwSmkUvjuqLpcznUuyF. This address received 14.76 BTC, most of it on July 15; however, the address was first activated on May 3. Approximately half of the BTC came from bc1qxy, the rest from various other sources.
Coinbase & BitMex Trail
Some of the incoming Bitcoin originated from Coinbase and BitMex exchanges. Two addresses identified as belonging to Coinbase by Crystal Blockchain, 37p3PS1hKqzYhiVswbqN6nxbwyUoTZvf1E and 32V6a7K46pSb1XQNGdrmdE2wjgndVfJPet, are two hops away from 1Ai52, the same address that received direct transactions from the original hacker address.
What appears to be a 10 BTC Coinbase withdrawal occurred in the morning of July 15. A couple of hours later, 0.4 BTC originating from the presumed Coinbase withdrawal ended up in 1Ai52U. Since it is not a direct route, there is a possibility of the coins changing hands in the interval. However, this seems unlikely, considering there are no major entities in between.
What appears to be a BitMex withdrawal from 3BMEXqT4yGBFiVBeJFHF4Ak5PyhqTnidKP is three hops away from 1Ai52. On April 27, 14.18 BTC was moved from that address, by May 3, it ended up in 1Ai52U.
BitGo, Luno, Binance
The hackers also used the address 1NWJd7BfJLJrEcfGiGfFqbhyaiusWwaZS1 to move the funds from the original address. The former has also received a small amount of BTC from 14kWuX37tgLdYZDSudHuch35NtuGgJqqnz, which, in turn, received BTC from several addresses that appear to belong to BitGo. — The same transaction 89a4ba84043d043d212216718dae4ac3b74e6d08fd4575edab532c1c188dd961 sent small amounts of BTC to several other exchanges, including Bittrex, Luno and Binance (BNB).
On July 16, 0.0011 BTC ended up in 16ftSEQ4ctQFDtVZiUBusQUjRrGhM3JY identified as one of Binance’s deposit addresses. It is three hops away from the original hacker address with no major entities in between.
The hackers appear to be using a proxy as transactions originate from different parts of the world. The Bitcoin addresses generated by hackers come in different formats, some are of the newest Bech32 format, others in the older P2PKH and P2SH formats. If our analysis is correct, then several major crypto entities should be able to identify the hackers.
Hacker From The Twitter Attack Found?
The hacker who launched the Twitter attack may have been found. The hack has targeted as many as 130 official accounts of representatives of the crypto world and not only.
Most probably, according to KrebsonSecurity, this was an attack which fits the “SIM swap” type, allowing to obtain access data and 2-factor authentication (2FA) codes.
This would have allowed hackers to access tools to write posts on the profiles of the users.
The KrebsonSecurity team has also done further research and found a forum where several users sold a service in order to change the email access to Twitter for the modest amount of $250.
Other hackers were selling full access to the platform for between $2,000 and $3,000.
This service was offered by a user who called himself Chaewon and may lead back to an individual of Asian nationality.
Deepening the case, it was discovered that the attack was launched, initially, as a demonstration of the feasibility of the system.
The real attack began in a second phase and, analyzing the data, it was discovered that the attack could be attributable to a well-known SIM swapper, PlugWalkJoe.
This would have revealed that this company would have also been involved in the case that made it possible to pierce Jack Dorsey’s profile last year.
This nickname would conceal a 21-year-old guy from Liverpool, Joseph James Connor, who is currently in Spain because of the Covid-19 lockdown.
This data would therefore give sufficient information to be able to proceed with at least a preliminary investigation to confirm or not the relevant suspicions.
In the meantime, Twitter is continuing its internal investigation which allegedly showed that individual users’ passwords would have not been compromised. The affected accounts have been blocked for a long time, waiting for the problem to be identified. Some, such as those of Binance and CZ have been restored and are back up and running.
This represents incalculable damage to Twitter’s reputation.
Twitter Says Hackers Downloaded Some Users’ Personal Data in Recent Attack
Hackers were able to extract personal data of up to eight users in the attack, which targeted 130 accounts.
Twitter Inc. said the hackers behind this week’s attack on its systems and high-profile users walked away with some personal information, indicating that the perpetrators carried out more than a cryptocurrency-related scam.
In its fullest accounting so far of the hack, Twitter said late Friday the attackers targeted 130 accounts and reset passwords on 45 of those, enabling them to send tweets. Many of those posts encouraged Twitter users to transfer cryptocurrency to what appeared to be the attackers’ accounts.
The hackers also downloaded personal data of up to eight Twitter users whose accounts were compromised Wednesday. Twitter didn’t identify the affected users, whose personal messages transmitted via the platform may have been downloaded by the hackers.
Twitter said the data downloads didn’t occur on any of its so-called verified accounts, for which it takes extra measures to link the name to users. Some of the highest-profile victims in the attack, including Joe Biden, Bill Gates and Elon Musk, have verified accounts, which are indicated on the platform by a blue check mark.
Twitter said that the attackers accessed the accounts by manipulating a small number of employees to carry out unspecified actions and divulge confidential information. The hackers were then able to access tools only available to the company’s internal support teams using these employees’ credentials. It didn’t specify how its staff was manipulated.
The company said the attackers were able to view personal information like email addresses and phone numbers via these tools. They may also have attempted to sell some of the usernames of the compromised accounts, Twitter said. In the 45 cases where accounts were taken over, including some verified accounts, the company said the perpetrators may have been able to view other information, too. Twitter said it was still investigating the attack.
In the cases where the hackers downloaded users’ personal data, they may have accessed personal messages using a tool Twitter provides to users to download such information. The company has since suspended users’ ability to use the tool.
The San Francisco-based social-media company said it was working with law enforcement investigating the attack. The Federal Bureau of Investigation and New York’s Department of Financial Services have launched probes. The attackers received over 510 payments totaling more than $120,000 from the scam, according to blockchain analysis company Chainalysis Inc.
Twitter is still grappling with the fallout of the attack, trying to restore accounts that were locked. The company said it was also putting stronger protections around its systems and that it would better train staff not to fall victim to scams.
Pressure on Twitter and how it runs the platform has intensified this week. Republican Sen. Josh Hawley of Missouri wrote a letter Friday to Twitter Chief Executive Jack Dorsey asking for further information about the hack, including whether the company in the past had considered more stringent access control measures and, if so, why it had decided not to implement them.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter said in Friday’s statement.
Dorsey & Co Were Aware of Security Issues With Twitter Users Since 2015
Twitter has been warned about security issues related to employees’ credentials since 2015.
Numerous unnecessary employees at Twitter allegedly have the ability to reset users’ accounts and modify their security settings. This is a problem that Jack Dorsey, chief executive officer, and the company’s board were warned about all the way back in 2015.
According to Bloomberg, Twitter has over 1,500 workers with the abilities to reset accounts and review user breaches. This led to speculation that the hack on July 15 could have been prevented if timelier actions were taken.
Security Concerns Addressed
The report clarified that such credentials gave limited access to most of the workers involved in the social network’s security department. They do note however that it is “a starting point to snoop on or even hack an account.”
The “Risk Factors” section of Twitter’s 10-K annual report, filed in 2015 with the Securities Exchange Commission, or SEC, confirms that Dorsey & Co. had long been warned of this potential attack vector:
“Our security measures may also be breached due to employee error, malfeasance, or otherwise. Additionally, outside parties may attempt to fraudulently induce employees, users or advertisers to disclose sensitive information in order to gain access to our data or our users’ or advertisers’ data or accounts, or may otherwise obtain access to such data or accounts.”
Twitter Contractors Tested Issues In 2017
Bloomberg mentions that at one point in 2017 and 2018, Twitter contractors created a “game” which consisted of flooding the help-desk with bogus inquiries, allowing them to access celebrities’ accounts. They used this access to trace personal data and approximate locations based on the owner’s IP addresses.
Twitter’s 2020 10-K Annual Report, Filed With The SEC, Referred To “Unauthorized Parties” Access:
“Unauthorized parties may also gain access to Twitter handles and passwords without attacking Twitter directly and, instead, access people’s accounts by using credential information from other recent breaches, using malware on victim machines that are stealing passwords for all sites, or a combination of both.”
The recent Twitter attack posted a fake Bitcoin (BTC) giveaway via the accounts of some of the most powerful verified accounts in the world. These included Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama, and Jeff Bezos, among others.
Twitter Releases Details of Attack Vector Used by Crypto Hacker
Twitter has published an update on its investigation into the causes of the recent hack, during which 12 Bitcoin was conned out of the platform’s users.
Twitter released an update on July 30 revealing how hackers gained access to its internal network and account management tools in the recent attack.
It also gave details of additional measures taken to improve security since the hack, which netted 12 Bitcoin (BTC) through targeting the Twitter accounts of celebrities and crypto businesses.
Phishing For Complements
The update confirmed that Twitter had been the victim of a social engineering attack, putting paid to rumors that the hack could have been an inside job.
According to the report, the July 15 incident started with a spear-phishing attack, targeting a small number of employees by telephone to gain network access credentials:
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”
The attackers then used this knowledge to target additional employees with access to account support tools.
A Poor Workman Loses His Tools
Responding to reports that over 1,000 employees had access to the admin tools, Twitter explained that it has teams around the world that help with account support.
However, access to the tools is strictly limited and only granted for legitimate business reasons. Since the attack it has further limited access, and will continue a continuous education program on the risks of phishing attacks.
During the hack the attackers accessed 130 Twitter accounts, tweeted from 45 of these, got into the direct messages inbox of 36 and downloaded the Twitter data of seven.
A 17 Year Old Was Just Arrested In Connection With Twitter’s Recent Hack
Authorities have taken a teen into custody, claiming him to be the brains behind the recent Twitter breach.
Authorities have taken a teen into custody, believing him to be the brains behind the recent Twitter breach.
Authorities have taken a 17-year old into custody, claiming the not-yet-adult as the brains behind the recent massive Twitter breach.
“Early this morning, the FBI, IRS, US Secret Service, and Florida law enforcement placed a 17-year-old in Tampa, Florida, under arrest — accusing him of being the ‘mastermind’ behind the biggest security and privacy breach in Twitter’s history,” a July 31 article from The Verge said.
The massive exploit saw many top Twitter accounts breached on July 15, including the likes of Elon Musk, Joe Biden, and Bill Gates.
The teen reportedly faces north of 30 felony accusations, The Verge said. “I can’t comment on whether he worked alone,” the suspect’s lawyer, Andrew Warren, told The Verge.
Three People Are Charged in Twitter Hack
Several prominent accounts, including those of Joe Biden and Elon Musk, were taken over on July 15 to promote a cryptocurrency scam.
TwitterInc.’s worst-ever hack began months earlier with a teenager on a telephone, according to an indictment filed Friday by federal authorities charging three males in connection with the episode.
The three were charged in connection with the July 15 hack, including a 17-year-old juvenile whom authorities have accused of masterminding the scam.
Graham Ivan Clark, of Tampa, Fla., was arrested and charged as an adult Friday with orchestrating the hack that sent Twitter’s security team scrambling over several hours on a Wednesday afternoon two weeks ago. As the world watched, prominent accounts, including those of Joe Biden, Elon Musk, and Apple Inc., were taken over, one by one, to promote a cryptocurrency scam.
According to prosecutors, people familiar with the investigation and Twitter’s own account of the incident, the hack started with a telephone call. The criminal activity, prosecutors said, began more than two months before the high-profile scam brought it to Twitter’s attention.
On Thursday, the microblogging company said that the hackers essentially talked their way into the company’s computer network, calling up Twitter employees and using “social engineering” techniques to trick workers into divulging information that they should not have shared.
They then learned sensitive information about how Twitter operates and used that knowledge to access other parts of the system, ultimately gaining the ability to circumvent Twitter’s protections and reset the passwords of dozens of user accounts.
In total, 130 accounts were targeted. The hackers tweeted from 45, accessed the direct messages of 36 and downloaded the data from seven, Twitter has said.
Mr. Clark began his work on breaking into Twitter’s network on May 3—months before the high-profile hack, prosecutors allege.
Between then and July 16, he sold access to Twitter accounts to brokers who would then find buyers for them. Mr. Clark himself took over 17 high-profile accounts, including those of Bill Gates, Barack Obama and Mr. Musk, used them to make more than $100,000 promoting the bitcoin scam, said Hillsborough County, Fla., State Attorney Andrew Warren.
“This was not done on a whim,” Mr. Warren said in an interview. “This was an organized, highly sophisticated attack and scam that took 2½ months of planning and execution.”
The incident was investigated by numerous law-enforcement agencies, including the Federal Bureau of Investigation, the Secret Service and local and international agencies, Mr. Warren said. That investigative full press led to the charges being filed within 2½ weeks, a remarkably short period of time, he said.
“We appreciate the swift actions of law enforcement in this investigation,” Twitter said Friday.
The investigation is ongoing, Mr. Warren said.
Also charged were Mason Sheppard, 19, of the U.K., and Nima Fazeli, 22, of Orlando, Fla., who the Justice Department described as brokers in the crime. Both were charged by the U.S. Department of Justice on Friday.
The hackers all met in an online forum called OGUsers, where access to a variety of gaming, social media and other types of accounts are bought and sold, investigators say.
In an interview with The Wall Street Journal before his arrest, a British man who claimed to use the same alias as Mr. Sheppard, “ever so anxious,” described himself as an OGUsers broker who believed that he was paying a Twitter employee for access to these accounts. He and others charged between $500 and $10,000 for account access. The price would go up if the account had a desirable name—with single-letter names such as @6 being the most coveted, he said.
Earlier this month OGUsers had thousands of discussion threads offering to sell access to stolen Twitter accounts, many of which were dormant.
Account-takeover specialists, such as those who congregate on OGUsers, have been operating under the radar for years, gaining access to accounts at gaming and social-media companies and honing their skills on phone companies, too, where they specialize in a form of telephone-number-takeover called SIM swapping, said Allison Nixon, chief research officer at cyber-services company Unit 221b.
“A lot of these guys get into online fraud at a very early age and the justice system is not equipped to make them stop what they are doing,” she said.
Messrs. Clark and Fazeli were arrested on Friday morning. They couldn’t immediately be reached for comment.
The case shone a light on the security practices of a company that is facing pressure from many fronts. Earlier this year, activist investor Elliott Management Corp. pressured Twitter to find a full-time chief executive, which is run by Jack Dorsey, who also serves as chief executive of the payments company Square Inc.
Twitter also has come under pressure from President Trump, who accused Twitter’s fact-checking system of censoring him after the company flagged some of his tweets about mail-in voting as requiring a fact check.
After a series of security problems more than a decade ago, Twitter entered into a consent decree with the U.S. Federal Trade Commission, promising to improve user-privacy protections.
Twitter hasn’t had a chief information security officer since December 2019. The company has about one-tenth the employees of Facebook Inc. and 5% the annual revenue of its social-media rival. Twitter has 186 million daily users, compared with Facebook’s nearly 2 billion.
After this latest hack, observers say there is still work for the company to do.
“It really demonstrates that despite the advances in technology and the controls to protect it, the human link is still the weakest link and often the most targeted,” said Michael Coates, the chief executive of Altitude Networks Inc., who was Twitter’s top security executive until 2018.
Twitter Hacker Owns $3.4M In Bitcoin, Court Sets Bail At $725K
The 17-year-old alleged ringleader behind the recent Twitter hack reportedly has more than $3 million worth of bitcoin – enough to pay his $725,000 bail.
* At Hillsborough County Courthouse, Florida, on Saturday, the attorney representing Graham Ivan Clark said his client owned 300 bitcoin, the Tampa Bay Times reported Sunday.
* CoinDesk data shows this stash is worth $3.4 million at current market prices.
* Bail was set at $725,000 during Clark’s first court appearance on Saturday.
* Arrested Friday, authorities see Clark as the ringleader and mastermind of July’s “CryptoForHealth” Twitter hack, a coordinated attack of some 30 high profile accounts, including CoinDesk, that promised to double the money of users who sent cryptocurrency.
* In total, some $117,000 worth of cryptocurrency went to the hackers in one afternoon.
* Two accomplices have also been charged in California.
* In an investigation last year, authorities confiscated 400 bitcoin from Clark, but later returned 300.
* Although prosecutors have suggested Clark’s bitcoin stash was illegally acquired, his attorney has argued it was legitimate because the authorities returned it.
* Clark now stands accused on 17 counts of communications fraud, 11 counts of fraudulent use of personal information, as well as one count of breaking into an electronic device and another for organized fraud.
Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,Ultimate Resource On Coordinated,