The hacker who launched the Twitter attack may have been found. The hack has targeted as many as 130 official accounts of representatives of the crypto world and not only.
Most probably, according to KrebsonSecurity, this was an attack which fits the “SIM swap” type, allowing to obtain access data and 2-factor authentication (2FA) codes.
This would have allowed hackers to access tools to write posts on the profiles of the users.
The KrebsonSecurity team has also done further research and found a forum where several users sold a service in order to change the email access to Twitter for the modest amount of $250.
Other hackers were selling full access to the platform for between $2,000 and $3,000.
This service was offered by a user who called himself Chaewon and may lead back to an individual of Asian nationality.
Deepening the case, it was discovered that the attack was launched, initially, as a demonstration of the feasibility of the system.
The real attack began in a second phase and, analyzing the data, it was discovered that the attack could be attributable to a well-known SIM swapper, PlugWalkJoe.
This would have revealed that this company would have also been involved in the case that made it possible to pierce Jack Dorsey’s profile last year.
This nickname would conceal a 21-year-old guy from Liverpool, Joseph James Connor, who is currently in Spain because of the Covid-19 lockdown.
This data would therefore give sufficient information to be able to proceed with at least a preliminary investigation to confirm or not the relevant suspicions.
In the meantime, Twitter is continuing its internal investigation which allegedly showed that individual users’ passwords would have not been compromised. The affected accounts have been blocked for a long time, waiting for the problem to be identified. Some, such as those of Binance and CZ have been restored and are back up and running.
This represents incalculable damage to Twitter’s reputation.