The four sources that are part of the hacking communities, or that are very close to them, made available to the public several screenshots of the tool that was used. The images reveal information about the status of the compromised accounts, indicating whether they have been suspended, permanently banned or if they are protected.
As Twitter began to act to deal with the attack, some users of the platform began to publish screenshots of the internal tool, prompting the service to remove the tweets in question and to suspend accounts.
As for the Tech Crunch website, a source who is part of the hacking community has made it known that a hacker using the name Kirk is behind the attack. The source confirms that the cybercriminal had access to an internal tool, using it to gain control of compromised accounts and clean up associated email addresses.
Apparently, Kirk contacted a member of OGUsers, a popular forum among those trying to hack accounts on social media, to help sell the stolen accounts, despite having decided later that he would embark on the solo adventure. However, the source says that the hacker was able to access the tool by hijacking the internal account of a company employee, ruling out the possibility of advanced bribery by other sources.
What to do to avoid falling into the hacker trap
In a statement, Dmitry Galov and Dmitry Bestuzhev, Kaspersky experts explain that the practice of hacking accounts to use them in fraud schemes is not new. In the attack in question, cybercriminals combined new attack vectors with ancient and effective social engineering techniques to gain the confidence of the victims.
For Dmitry Galov, there are two major lessons to be learned from the incident: The first, that users should be aware of schemes and remain cautious on social media; above all, they must be prepared to know how to recognize them. The second, you should be extra careful with all your goods online, as any sensitive information must have at least two authentication factors.
To recognize possible scams there are some aspects that you should take into account. For example, the most important element in such an attack is the time limit. Not only does it prevent the victim from having time to check in depth the veracity of what is happening, but it also puts pressure on them psychologically, making details more likely to be ignored, say the researchers.
The cybercriminals behind the attack on Twitter designed it to adapt the user's personality or the tone of the hacked account to make the campaign more legitimate. It must be borne in mind that official campaigns or individual initiatives of such a scale always have documents to support their offers or promotions of short duration, and are published outside of social networks, recall the experts.
Furthermore, it is important to remember that it is very unlikely that any official company or medical figure will, in fact, request money transfers due to possible tax implications.
It is recommended to use strong and unique passwords and to change them frequently so that, in case your credentials are filtered by hackers and put on sale, your accounts are kept secure.
The authentication of two factors is also essential, as well as making an exhaustive review of all applications that have access to the Twitter account. You should eliminate access to the same accounts or those that you think do not have sufficient protection.