It’s been more than 48 hours since Twitter was targeted in the largest hack of the company’s 14-year history. Yet, little is still known about how a hacker or group of hackers to the accounts of former President Barack Obama, Elon Musk, and Kanye West, among others — some of the platform’s biggest verified users — in order to tweet out a Bitcoin scam.
But, one Twitter user involved in the infosec community has a very good idea about how at least one major part of the hack went down. So let’s break it down.
someone has managed to hack a slew of large verified twitter accounts to spread a bitcoin scam. they’ve made around $56k so far it seems… pic.twitter.com/wjjA7mHqCW
— Matt Binder (@MattBinder) July 15, 2020
Lucky225, a deceased hacker, and the Chelsea Manning connection
A security researcher who goes by the Twitter username Lucky225 penned a very interesting on Thursday detailing his own unique experience with the big Twitter hack.
Upon hearing about the attack on Wednesday, Lucky225 immediately checked on the status of one of the accounts he runs which has a rare Twitter handle, @6. These handles are often called an “OG username” due to the fact that they’re so short or generic that they had to have been registered during the early days of the platform.
Lucky225 administers the @6 Twitter account which once belonged to Adrian Lamo, who passed away in 2018.
If Lamo’s name sounds familiar to you, it’s because you’ve almost certainly heard of him before. Lamo was a big name in hacker circles in the early 2000s. But, in 2010, Lamo made news: He’d been informing U.S. authorities on Chelsea Manning’s role in providing Wikileaks with leaked classified information. This resulted in Manning’s arrest.
Upon looking into it, Lucky225 found that he had, indeed, been logged out of the @6 Twitter account, which Lamo’s family granted him permission to run.
It turns out, a few hours before verified Twitter accounts belonging to Microsoft founder Bill Gates and Amazon founder Jeff Bezos started tweeting about the same Bitcoin scam, Lucky225 received an email. The email wasn’t from Twitter; it was from Google Voice, informing him that a text message was sent concerning a password reset for Lamo’s @6 account. Lucky225 had not requested this reset.
Okay since I control @6’s account, which got hit in this massive twitter account BTC scam I can give some insight, they’re either intercepting SMS on password reset or they’re bypassing it somehow. Got this Google Voice SMS code when the account was hacked which had OTP 2FA pic.twitter.com/yQflAUQL6x
— Lucky225🍀 2️⃣ 2️⃣ 5️⃣🍥 (@lucky225) July 15, 2020
What Twitter is telling us right now
As the hack was occurring on Wednesday, screenshots of what allegedly depicted Twitt
Be the first to write a comment.