Twitter Account And Followers Hack Tool
Now, new data acquired by Cybersixgill appears to confirm that a significant portion of inauthentic Twitter accounts may have been built with tools and services found on the deep and dark web. And the problem is getting worse.
Twitter Account And Followers Hack Tool
More followers and activity on any social media platform lead to more engagement. On the underground, Twitter users can purchase bots to inflate their followers and activities, such as likes and replies. This can enable them to churn out spam or to simulate a community. Alternatively, they can simply purchase pre-made accounts with the followings.
Instead of growing a large account via purchasing bots and followers, many may buy accounts that have already been cultivated. Buyers of these accounts receive their usernames, passwords, and complete control. (Some actors that participated in a popular forum for selling accounts took a central role in the hack of celebrity Twitter accounts in July 2020.)
One actor (figure 6) posted a handful of accounts for sale at prices ranging from tens to hundreds of dollars. These accounts were largely crypto/NFT-themed, each with thousands to tens of thousands of followers.
If an actor wishes to target a specific Twitter account, they can find hacking services on the underground. One actor, for example (figure 17), promises to hack any social media account within 24 hours, with pricing set depending on the account type and the number of followers.
These threat actors will watch all of the changes that Musk and his team introduce to the platform and seek new, creative ways to exploit them. Indeed, the launch of Twitter Blue's $8 verification service immediately led to a fiasco of fake verified accounts that impersonated public figures and even Twitter itself. However, while the attack exploited a new feature, in our understanding its techniques of building large accounts quickly relied heavily on existing toolboxes of account amplification and takeover. Many of these attackers, in fact, could have used tools and services that they found on the underground.
A perfect pinned tweet should have the second call to action. For example, if your bio encourages Twitter followers to add your account to their lists, your pinned tweet might offer them to check out your website. If you're trying to develop a Twitter community, it might be a good idea to pin the schedule of your Twitter Chats or Twitter Spaces streams (more on that later), and your Twitter tags.
Mentioning other accounts is always the best way to gain new followers and do it fast, thus Twitter followers are no exception. We proved it ourselves: Awario tweets that tag other brands and users, even bots get the most impressions and engagement. You can learn more about the Twitter lessons we learned from our experience in this article.
Speaking about lists, a Twitter List is a great tool to segment your audience and design specific Twitter strategies to engage with them. A Twitter List unites several Twitter accounts based on one parameter. For example, we at Awario curate lists for digital marketers, social media marketers, agency owners, social media marketing experts, and social media marketing tools.
Combine this tip with the one about tagging and ask questions that prompt followers to tag other accounts in response. For example, asking who their role models are or who gave them the best professional advice or the latest approach to something and what it was can be a true finding for your strategy.
Retweeting is an essential part of Twitter marketing, but if you're running a brand account, the quote retweet button should be your default retweet button. This way you make sure your followers still see your brand first AND you attract attention from the account you retweet. They will be curious to see what you added to your tweet, check your profile, and maybe follow you!
Still a giveaway helps if you'd like to quickly build up the vanity metric of followers, which I think Gumroad is trying to do with their Twitter account, and having more followers might help your business to get actual real involved followers who may become customers later!
On July 15, 2020, between 20:00 and 22:00 UTC, reportedly 130 high-profile Twitter accounts were compromised by outside parties to promote a bitcoin scam. Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees. Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.
Forensic analysis of the scam showed that the initial scam messages were first posted by accounts with short, one- or two-character distinctive names, such as "@6". This was followed by cryptocurrency Twitter accounts at around 20:00 UTC on July 15, 2020, including those of Coinbase, CoinDesk and Binance. The scam then moved to more high-profile accounts with the first such tweet sent from Elon Musk's Twitter account at 20:17 UTC. Other apparently compromised accounts included those of well-known individuals such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, MrBeast, Michael Bloomberg, Warren Buffett, Floyd Mayweather Jr., Kim Kardashian, and Kanye West; and companies such as Apple, Uber, and Cash App. Twitter believed 130 accounts were affected, though only 45 were actually used to tweet the scam message; most of the accounts that were accessed in the scam had at least a million followers.
The tweets involved in the scam hack claimed that the sender, in charity, would repay any user double the value of any bitcoin they sent to given wallets, often as part of a COVID-19 relief effort. The tweets followed the sharing of malicious links by a number of cryptocurrency companies; the website hosting the links was taken down shortly after the tweets were posted. While such "double your bitcoin" scams have been common on Twitter before, this is the first major instance of them being sent from breached high-profile accounts. Security experts believe that the perpetrators ran the scam as a "smash and grab" operation: Knowing that the intrusion into the accounts would be closed quickly, the perpetrators likely planned that only a small fraction of the millions that follow these accounts needed to fall for the scam in that short time to make quick money from it. Multiple bitcoin wallets had been listed at these websites; the first one observed had received 12 bitcoins from over 320 transactions, valued at more than US$118,000, and had about US$61,000 removed from it, while a second had amounts in only the thousands of dollars as Twitter took steps to halt the postings. It is unclear if these had been funds added by those led on by the scam, as bitcoin scammers are known to add funds to wallets prior to starting schemes to make the scam seem legitimate. Of the funds added, most had originated from wallets with Chinese ownerships, but about 25% came from United States wallets. After it was added, the cryptocurrency was then subsequently transferred through multiple accounts as a means to obscure their identity.
As Twitter was working to resolve the situation on July 15, Vice was contacted by at least four individuals claiming to be part of the scam and presented the website with screenshots showing that they had been able to gain access to a Twitter administrative tool, also known as an "agent tool", that allowed them to change various account-level settings of some of the compromised accounts, including confirmation emails for the account. This allowed them to set email addresses which any other user with access to that email account could initiate a password reset and post the tweets. These hackers told Vice that they had paid insiders at Twitter to get access to the administrative tool to be able to pull this off.
TechCrunch reported similarly, based on a source that stated some of the messages were from a member of a hacking forum called "OGUsers", who had claimed to have made over US$100,000 from it. According to TechCrunch's source, this member "Kirk" had reportedly gained access to the Twitter administrative tool likely through a compromised employee account, and after initially offering to take over any account on request, switched strategies to target cryptocurrency accounts starting with Binance and then higher-profile ones. The source did not believe Kirk had paid a Twitter employee for access.
The "@6" Twitter had belonged to Adrian Lamo, and the user maintaining the account on behalf of Lamo's family reported that the group that performed the hack were able to bypass numerous security factors they had set up on the account, including two-factor authentication, further indicating that the administrative tools had been used to bypass the account security. Spokespersons for the White House stated that President Donald Trump's account, which may have been a target, had extra security measures implemented at Twitter after an incident in 2017, and therefore was not affected by the scam.
Twitter subsequently confirmed that the scam involved social engineering, stating "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." In addition to taking further steps to lock down the verified accounts affected, Twitter said they have also begun an internal investigation and have limited employee access to their system administrative tools as they evaluate the situation, as well as if any additional data was compromised by the malicious users.
By the end of July 17, 2020, Twitter affirmed what had been learned from these media sources, stating that "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams." Twitter had been able to further confirm by July 30 that the method used was what they called a "phone spear phishing attack": they initially used social engineering to breach the credentials of lower-level Twitter employees who did not have access to the admin tools, and then using those employee accounts, engaged in additional social engineering attacks to get the credentials to the admin tools from employees who did have authorization for their use.