In October 2015, a hacker group calling itself Crackas With Attitude<\/em> used social engineering to gain access to the personal AOL<\/a> account of CIA Director John Brennan<\/a>. The hack was followed by a phone interview with the New York Post,<\/em> in which one member of the group described himself as an American high-school student<\/a>.<\/p>\n Although the CIA chief\u2019s email was private, it revealed many interesting things related to his work: in particular, the social security numbers and other personal information of more than a dozen high-ranking US intelligence officers, as well as a 47-page application for top-secret security clearance filed by Brennan himself.<\/p>\n In November of that very same year, the story continued: this time hackers targeted<\/a> the personal AOL accounts of another high-ranking official, FBI Deputy Director Mark Giuliano<\/a> and his wife. On this occasion, the hackers\u2019 haul, which they later made public, included the names, email addresses and phone numbers of 3500 US law enforcement agencies\u2019 employees.<\/p>\n Just a couple months later, in January 2016, these same hackers<\/a> got hold of a string of personal accounts belonging to Director of National Intelligence<\/a> James Clapper<\/a>. Finally, in February 2016, they publicly released<\/a> the data of 9000 employees of the US Department of Homeland Security, plus 20,000 employees of the FBI, which the criminals claimed they\u2019d obtained by hacking into the US Department of Justice.<\/p>\n That same month, one of the hackers was apprehended. He was indeed a high-school kid (though not American, but British), named Kane Gamble. As a result, the young hacker, aka Cracka, who was only fifteen when he committed his crimes, was named as the leader of the group and sentenced in the UK to two years in prison<\/a> (of which he served eight months), with an internet ban for the same term (which he observed in full<\/a>). A few \u00a0months later, two other members of Crackas With Attitude<\/em> were detained in the U.S. This time they were adults: Andrew Otto Boggs, 23, got two years in a U.S. jail, and Justin Gray Liverman, 25, got five.<\/p>\n During the trial, it transpired that for more than six months \u2014 from June 2015 to February 2016 \u2014 the young Gamble successfully pretended to be the director of the CIA and on his behalf defrauded passwords from employees of both call centers and hotlines. Using them, the group managed to gain access to highly sensitive documents relating to intelligence operations in Afghanistan and Iran. Who knows, would the hackers have been caught at all had they not decided to make a public mockery of the CIA chief, the FBI deputy chief, and the director of U.S. National Intelligence?<\/p>\n \nThe following incident took place on July 15, 2020, when a bunch of Twitter accounts began to spread similar message: \u201cAll bitcoins sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes.\u201d It looked like a typical Bitcoin scam<\/a> that wouldn\u2019t warrant a mention were it not for one nuance: all these accounts really did<\/em> belong to famous people and major companies<\/a>.<\/p>\n At first, the scam messages started appearing in Twitter accounts directly related to cryptocurrencies: the giveaway was \u201cannounced\u201d by Binance founder Changpeng Zhao<\/a>, and several other cryptoexchanges, including Coinbase, and the crypto news site CoinDesk. But it didn\u2019t stop there, as, one after another, more and more accounts belonging to famous entrepreneurs, celebrities, politicians and companies began to join the jamboree: Apple, Uber, Barack Obama, Elon Musk, Kim Kardashian, Bill Gates, Joe Biden (who wasn\u2019t yet president), Jeff Bezos, Kanye West; and the list went on.<\/p>\n Tweet from the hacked account of Elon Musk Source <\/a><\/p><\/div>\n In the few hours that saw Twitter trying to get to the root of the problem, the hackers managed to collect more than US$100,000 \u2014 a tidy sum, but nothing compared to the reputational blow suffered by the company. It soon became clear that the hackers had penetrated Twitter\u2019s internal account management system. Initially it was assumed they did this with insider help.<\/p>\n However, that turned out not to be the case. The hackers were quickly found and arrested, and again the group leader was a school kid \u2014 this time an American, the then 17-year-old Graham Ivan Clark<\/a>. He was handed down three years in jail<\/a> and another three on probation. More importantly, however, the investigation established that the attack was carried out with no insider help. Instead, hackers used a mix of social engineering and phishing<\/a> to dupe Twitter employees into giving them system access.<\/p>\n First, they studied LinkedIn profiles to identify employees likely to have access to the account management system. Next, using LinkedIn\u2019s Recruiter feature, they collected their contact information, including cell phone numbers. The hackers then called these employees, pretending to be colleagues, and using the data persuaded them to visit a phishing site imitating Twitter\u2019s internal login page. This way, the attackers obtained passwords and two-factor authentication codes allowing them to log into the Twitter account management system and take possession of dozens of accounts with millions of followers.<\/p>\n Again, who knows if they\u2019d have been caught had they not targeted half of the world\u2019s Top-10 rich list, plus other famous personalities and, most significantly, the Twitter accounts of a former and future U.S. president.<\/p>\n \nThis is a story that took place in 2022. The starring yet unwanted role went to Sky Mavis, creator of the NFT game Axie Infinity<\/em>. Let\u2019s not delve into the game specifics \u2014 suffice it to say that players earn cryptocurrency in it. At one point, some residents of Southeast Asia worked there as if it were a proper job<\/a>. At its peak, the game had a daily audience of up to 2.7 million people<\/a> and weekly revenue of up to US$ 215 million<\/a>.<\/p>\n However, in March 2022, even before the crypto crash, Sky Mavis found itself in serious trouble. During an attack on the Ronin Network, which underpins all cryptocurrency activity in Axie Infinity<\/em>, hackers made off with 173,600 ETH and 25.5 million USDC from the company\u2019s accounts, worth around US$540 million at the time of the attack.<\/p>\n The details of the heist emerged<\/a> a few months later, in July. Through a fake company, the attackers had contacted Sky Mavis employees on LinkedIn and invited them to job interviews. Eventually they got to a senior engineer who, after several rounds of interviews, was made an extremely tempting job offer. The fake offer was sent in an infected PDF through which the hackers managed to gain access to the company\u2019s internal network.<\/p>\n After that, armed with access to the corporate network, the hackers were able to get hold of the private keys for confirming transactions and then withdraw cryptocurrency. They laundered the stolen funds through a complex scheme involving two cryptomixers and around 12,000 intermediate cryptowallets, followed by conversion to bitcoin and a subsequent cashout.<\/p>\nHacking the Twitter accounts of Biden, Musk, Obama, Gates and others<\/h2>\n
![\"Tweet](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2023\/08\/01164632\/social-engineering-cases-1-scaled-1-scaled-scaled.jpg\")
Sky Mavis and the half-billion-dollar heist<\/h2>\n