As we suspected, claims that the Twitter hack was perpetrated by a state actor because it was ‘among the most sophisticated hacks in history’ have proven suspect, as the New York Times has apparently tracked down a group of hackers (all of whom refused to reveal their identities even to the paper’s reporters, a major no-no when using anonymous sources) who say they helped perpetrate Wednesday’s hack, which saw dozens of accounts including high-profile ‘blue checkmark’ accounts belonging to Joe Biden’s campaign, Elon Musk, Jeff Bezos and others.
Among other things, the hack has revived fears about foreign manipulation and “disinformation” on social media (or at least that’s what the mainstream media has reported).
But if the NYT has this right, the hack was actually perpetrated by a bunch of bored twenty somethings working with a mysterious mastermind only identified by the screenname “Kirk”. Though that sn betrays the mastermind’s status as an avowed Trekkie, it conveys little else. In total, the NYT says it spoke with four people who claimed to be involved in the attack.
According to the NYT, it connected with the hackers via a security researcher in California named Haseeb Awan who had been communicating with them. The hackers had previously targeted a bitcoin-related company Awan once owned, and had once unsuccessfully targeted his current company.
Why Awan would want to help these hackers after they purportedly tried to destroy his livelihood doesn’t exactly make sense to us. But the two individuals who spoke with the Times – one who went by the screenname “lol” and another who went by the screenname “ever so anxious” – are both twentysomethings, one of whom lives in California, and the other somewhere in England. One claimed to still be living in his mother’s basement.
As if all of this background didn’t sound strange enough, the NYT reported that the two hackers claimed they met their co-conspirators via a penchant for owning and/or selling rare screen names on social media, names like @y or @6.
The interviews indicate that the attack was not the work of a nation-state or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.
But after committing fraud on such a massive scale, why would these men come forward? Their explanation is vague and not entirely convincing.
They said they wanted to get out in front of the story and get it on the record that they didn’t participate in the hacks of the big-name blue checkmarks who helped pull in most of the bitcoin when the fraudulent tweets were sent. Kirk did that solo, they said. But the story doesn’t reveal anything about the cybercriminals behind the attack. Perhaps they have a reason to worry that the true story of their exploits will eventually leak, either to the press, or to law enforcement.
Or might this just be another classic bit of misdirection? To be sure, the NYT has chat logs and other evidence backing up its reporting.
“I just wanted to tell you my story because i think you might be able to clear some thing up about me and ever so anxious,” “lol” said in a chat on Discord, where he shared all the logs of his conversation with Kirk and proved his ownership of the cryptocurrency accounts he used to transact with Kirk.
“lol” did not confirm his real-world identity, but he said he lived on the West Coast and was in his 20s. “ever so anxious” said he was 21 and lived in the south of England with his mother.
Investigators looking into the attacks said several of the details given by the hackers lined up with what they have learned so far, including Kirk’s involvement both in the big hacks later in the day and the lower-profile attacks early on Wednesday.
The men were able to convince the NYT reporters of their credibility by sharing chat logs showing the planning and execution of the attack with “Kirk”. They also reportedly demonstrated that they had control over the bitcoin wallet where the stolen coins had been sent.
But something here just doesn’t sound right. The Times says right at the beginning that lol didn’t trust Kirk’s claim of being an employee at Twitter. Instead, lol concluded, he probably gained access in some other way.
A Twitter hacking scheme that targeted political, corporate and cultural elites this week began with a teasing message between two hackers late Tuesday on the online messaging platform Discord.
OAKLAND, Calif. — yoo
bro, wrote a user named “Kirk,” according to a screenshot of the conversation shared with The New York Times.
i work at twitter
don’t show this to anyone
He then demonstrated that he could take control of valuable Twitter addresses — the sort of thing that would require insider access to the company’s computer network.
The hacker who received the message, using the screen name “lol,” decided over the next 24 hours that Kirk did not actually work for Twitter because he was too willing to damage the company. But Kirk did have access to Twitter’s most sensitive tools, which allowed him to take control of almost any Twitter address, including those of former President Barack Obama, Joseph R. Biden Jr., Elon Musk and many other celebrities.
But if a Twitter insider didn’t mastermind the attack, then who did?
Wait a minute…