The Twitter hack that saw 130 different accounts compromised and embarrassed the popular social media company is still be sorted out. It has been reported that the FBI is involved in the investigation of how exactly the perpetrators gained access to prominent Twitter accounts like Elon Musk and Barack Obama. During the breach, approximately $100,000 in Bitcoin were stolen but perhaps the most concerning aspect of the hack was how it was manifested and that it could have been even worse. Twitter has said it appears that it was the work of a sophisticated social engineering scam.
Crowdfund Insider received a comment from Allison Nixon, Chief Research Officer at Unit 221B, a cybersecurity firm that specializes in financially motivated cyber attacks. Nixon confirmed that the breach came out of the OG community which is a lightly affiliated crime group and “serial fraudsters.”
Unit 221B says it has collected and analyzed a good deal of intelligence regarding this particular incident and are actively working with law enforcement and other entities historically targeted by the OG community so they can move forward with this investigation accordingly.
Nixon explained that the OG community began as a group of hackers interested in Original Twitter handles with single digits or low numbers which have perceived prestige and value, but includes groups interested in all manner of cybercrime and cyber-fraud. She said the motivation for the most recent Twitter attack is similar to previous incidents they have observed in the OG community, a combination of financial incentive, technical bragging rights, challenge, and disruption.
“The OG community is not known to be tied to any nation state. Rather they are a disorganized crime community with a basic skillset and are a loosely organized group of serial fraudsters,” said Nixon. “Unit 221B saw what was happening with Twitter in its early stages. We recognized that the Twitter attack matched similar attacks we had seen in the OG Community, and that it followed the same motivations, tactics and techniques that mirror the OG Community, a group that Unit 221B actively profiles and monitors.”
Nixon said that in tracking the OG community they have observed highly practiced insider recruitment and social engineering. These individuals have access to sophisticated tools and high-level access to password resets and account takeovers, either by tricking lower-level support staff or by corrupting them.
“This criminal community is known for crypto theft and SIM swapping, and insider recruitment is one of the key techniques they use to accomplish this goal. In the SIM swap community, the OG hackers have been able to take over targets cell phone numbers (often repeatedly) by corrupting help desk or similar lower-paid employees, and using the access provided to redirect phone traffic to their phones. This has enabled tens of millions of dollars of losses to Bitcoin vendors. Similar techniques used by the OG community may have permitted them to obtain access to protected Twitter accounts,” Nixon stated. “In this case, internal Twitter administrative tools were used to gain access to the accounts. Hackers changed the account’s email, reset the password and were able to gain access.”
Nixon said this form of hacking is powerful and it has the potential to impact many companies and industries – not just social networking or social media like Twitter.
“If you can get access to the internal administrative tools, or to someone who has them, you can take over anyone’s account virtually anywhere. Because people rely on the integrity of their accounts, and others rely on accounts as being valid, these OG techniques are used for things like currency and market manipulation,” Nixon added. “Entire markets and potentially elections may be manipulated or altered in this way. Victims of account takeovers generally do not know that the fraud has occurred, and generally cannot take security precautions to prevent it.”