- SIM swapping is a form of crime that involves bribing, hacking, or coercing employees at mobile phone and social media companies into providing access to a target’s account.
- A Krebs on Security report indicates that a 21-year-old student from the UK could be behind the high-profile hacks that Twitter witnessed.
- The SIM swapper who goes by the name PlugWalkJoe was reportedly a participant of a group that hijacked Twitter CEO Jack Dorsey’s account last year.
Twitter witnessed the biggest security breach on Wednesday as approximately 130 high-profile accounts were targeted as part of a broad crypto scam. Some of the compromised accounts belonged to Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, and Kanye West. These accounts posted a spam message directing users to spend bitcoin money on the specific links which would then be doubled and sent back.
Twitter on Thursday acknowledged that the high-profile Twitter accounts were hacked because some employees with access to internal tools were targeted by hackers using a "coordinated social engineering attack."
The Federal Bureau of Investigation (FBI) has opened an investigation to look into the matter. As speculations continue to rise, reports about social engineers and SIM swappers have begun to emerge.
It could be possible that the Twitter hack on Wednesday was carried out through "SIM Swapping". A detailed report by Krebs on Security has stated that SIM swapping is a form of crime that involves bribing, hacking, or coercing employees at mobile phone and social media companies into providing access to a target's account.
Krebs on Security found that ahead of the Twitter attack, there was an ad posted on OGusers, a forum dedicated to account hijacking. The ad was posted by a user named Chaewon who said that they could change email addresses tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 a piece.
Security researcher Brian Krebs has noted in the report that a source who works in security at one of the largest US-based mobile carriers, said that an Instagram accounts of a user who goes by the name "j0e" and "dead" are tied to a notorious SIM swapper who goes by the nickname "PlugWalkJoe."
As per the report, investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists.
According to Kreb's source, this notorious SIM swapper was also a key participant in a group of SIM swappers that adopted the nickname "ChucklingSquad."
Chuckling Squad is thought to be behind the hijacking of Twitter CEO Jack Dorsey's account last year. Dorsey's hackers are believed to have done a SIM swap attack against AT&T, the mobile provider for the phone number tied to his Twitter account.
The source told Krebs that PlugWalkJoe in real life is a 21-year-old from Liverpool, UK named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He also said that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic.
It will be interesting to see if the FBI finds a different culprit or if a 21-year old did hack some of the world's richest and most influential people. The hackers potentially made off with $120,000 in the process.