Friday, August 14, 2020

'Master Mind' - hacking Twitter!

 17-year-old 'Master Mind' shocks the world by hacking Twitter!


U.S. prosecutors on Saturday charged three people with involvement in a recent Twitter hacking case. The timetable of the hack has also been made public in a court document issued by the Ministry of Justice.


The document also details how US investigators tracked down the suspected hackers. According to court documents, the entire hacking activity started on May 3.

A teenage clerk from Tampa, Florida (who had been living in California) gained access to a portion of Twitter's network on May 3.


But what happened between May 3 and July 15 is still unclear. However, Clark initially failed to gain access to the Twitter admin tool used to kill the account.


But on the second day of the Twitter hack, according to the New York Times, Clerk initially had access to Twitter's internal slack workspace, not Twitter.


New York Times reporters quoted a hacker community source as saying that the hacker had found the login details of a Twitter tech support tool. From there, he broke into a slack channel of the company.


On the day of the hack, a picture of the tool, which controls all Twitter accounts, was leaked online by Twitter employees. However, the login details of the tool were not enough to access the back end of Twitter.

According to Twitter's blog post, Twitter's administrative back-end is protected by two-factor authentication. How long it took the clerk to do all this work is still unclear.


But according to Twitter researchers, the hacker used a "phone spare phishing attack" to trick Twitter employees into accessing their accounts and break two-factor authentication.


All of this happened on July 15. It was the same day that the company that hacked Twitter made it public.


Shortly afterwards, the clerk, who reached out to OG Users' Discard Channel from Kirk # 5270 ID, talked to two people and asked for help in monetizing Twitter's access, according to an FBI chat.


OG Users Discard Channel is a special forum where hackers buy and sell social media accounts. Through the channel, the clerk claimed that Fazeli (22 years old) who used Rolex # 037 ID and Separd (19 years old) who used Angius # 0001 ID were Twitter employees.


He asserted that his confession had been obtained through torture, and that his confession had been obtained through torture.


The clerk also sold access to various short-form Twitter accounts to Separd. 


The clerk thus reassured both of them about their access level. The trio then agreed to post an ad to promote the clerk's ability to hack Twitter accounts on the OGUser Forum.


Many people are believed to have bought access to their Twitter accounts after the ads were posted. A record message posted on YouTube by a U.S. Attorney's Office official states that investigators are monitoring several users involved in the hack.


 One of the three parties had posted a cryptocurrency scam message on July 15 by purchasing access to the celebrity's authentic Twitter account.


Such messages were seen on the accounts of celebrities including Barack Obama, Joy Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, Floyd Mayweather.


In which users were requested to send Bitcoin to different addresses. According to court documents, 12.83 bitcoins, or about १७ 117,000, were found in the hacker's operating wallet in the scam.


In the course of the investigation, the cryptocurrency exchange company Coinbase intervened in the matter and stopped trading at the scam address on the day of the hack. In the end, the मर 280,000 that went into the scammers' accounts was saved.


By then, the subject was known to be hacked. Twitter staff blocked the clerk from tweeting on his official Twitter account.


According to the investigation, the clerk had access to Twitter's admin tool and communicated with 130 accounts. In 45 of them he had reset the password and in 36 he had access to secret messages.


On the second day of the hack, Twitter went to the administration and filed a criminal complaint against the hack. The FBI and the Secret Service then launched an investigation.


According to court documents, the FBI obtained users' details and chat logs from Discord using data and news shared on social media.


The FBI used a copy of the OG user's forum database, which was leaked last April, as some hacker ads were also posted on OG users. The database contained details of users registered in the forum, including email and IP addresses, as well as personal messages.


The FBI was collecting data from Coinbase with the help of the Internal Revenue Service and the address of Bitcoin where the hackers were involved. After studying the data from these sources, the FBI was able to track the identities of the hackers in all three directions. It was linked to email and IP address.


For example, the FBI tracked down Fazelli after he linked his discarded username to an OGUser. This was an operational security upset mistake of Fazeli.

Similarly, Fazeli also made many mistakes in hiding his identity. Initially, he used the address [email protected] to register on the OG Users Forum, but later he used the address [email protected] to hack a Twitter account called Foreign.


He used the same two email addresses in his Coinbase account. Which was later certified by his driver's license.


In addition, Fazeli used a home connection to access all three sites. The three services Discard, Coinbase and OG user's connection log showed his home IP address.


Another person, Separd, had a similar weakness. He had infiltrated the OG user with an ID named Cheiwan. According to investigators, on the day of the hack, Separd was able to access his discarded account with the help of an advertisement posted on the OG user's site.


After that, the researchers got the confirmation from the leaked database of OG user. There, Cheyenne was buying video games from a Bitcoin username, and fortunately on the day Twitter was hacked, Separd was connected to the same address.


Like Faizelli, Separd also uses the actual driver's license to manage the accounts at Coinbase to authenticate his various accounts. However, the FBI has not linked the clerk to the Kirk hashtag 5270 Discarded User.


But according to details released by various US government sources on Saturday, Clark appears to be the man. Hillsburg State Attorney Andrew Warren claimed that the 17-year-old Tampa teen clerk who was arrested on Saturday was the mastermind of the hack.


In a press release issued from the northern district of California, the administration told the state attorney that the clerk was a juvenile. The hacker, who was arrested by Florida, revealed his name was Graham Evan Clerk.

No comments:

Post a Comment

If you have any doubts. Please let me know.