Hackers found a way to resurrect suspended and inactive Twitter accounts
Bill Pugliano/Getty Images
"Spain Squad" gained control of a number of accounts they allege were obtained with the exploit, including @Hell, @Hitler, @Nazi, @ak47, and @1337.
Worryingly, the Internet Archive shows that several of the handles held by Spain Squad were previously suspended - including @Hitler, @Hell, and @LizardSquad, an account previously owned by the notorious hacking group of the same name.
Others, like @AK47, @megaupload, and @1337 have been long inactive - but when they were inactive, had no apparent links to hacking groups. (Old tweets have since been deleted.)
Twitter declined to comment, but has since (re)suspended all the accounts apparently obtained using the vulnerability. It's not clear whether the social network was aware of the vulnerability before Business Insider reached out for comment.
Once an account has been suspended by Twitter for rules violations (such as harassment or spam), there is not normally any way to create a new account with the same username - it is permanently unavailable. As such, the fact that hackers found a way to resurrect suspended accounts could have had worrying implications.
Similarly, accounts are not normally deleted for inactivity, so if someone chooses to abandon their account, their username should be permanently unavailable to others (unless Twitter chooses to delete an account to free it up).
It's not clear how Spain Squad has been doing this: Unlike previous exploits that have been used to steal Twitter accounts, it looks like no one outside of Spain Squad knows the secret to the alleged exploit - and the group capitalised on this to try and sell the valuable accounts.
It could be a vulnerability in Twitter's software, a compromised staff account, or some other explanation. It's also unclear whether the exploit is still active, or was patched concurrently with the banning of the hijacked accounts.
BI
Most of the accounts in question (before being suspended again) displayed registration dates of September 2016 - despite archives showing these accounts should actually be years old.
BI
What's the appeal of these accounts? Short, interesting, or "cool" handles for Twitter (and other social networks platforms) can be a kind of status symbol for some in hacker-y circles. People are even willing to pay money for them, so there's a minor underground market in jacking "OG" handles and selling them on. (Brian Krebs, an independent security journalist, wrote a good piece on the phenomenon back in November 2015.)
A Spain Squad member called Akma, speaking via the @LizardSquad Twitter account prior to its re-suspension, told Business Insider that "we don't want to talk about our exploit ... we don't want get patched soon."
But they did provide more detail about the apparent exploit, claiming that they "can get any [account] if he has an activity on his account for more than 6 months ... we can suspend Twitter ... and we can unsuspended Twitter ... [and] swap @ to other @user."
Business Insider has not seen any evidence that the "exploit" can be used to suspend accounts, or it can switch handles between accounts like Akma claims - though Akma does threaten to do this to another hacking group on Twitter.
BI
Spain Squad is, Akma asserted, a "white hat" (non-malicious) hacking team: "We are not going to do anything strange now but with this account, is just for fun."
He added: "You can see what tweets I post, just for fun. After this, we going to deactive accounts or suspend again."
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
- Axis Bank posts net profit of ₹7,129 cr in March quarter
- 7 Best tourist places to visit in Rishikesh in 2024
- From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
- 7 Things to do on your next trip to Rishikesh