The making of a Twitter hacker: how one man got into hacking Twitter, and why.
I didn’t start hacking in general to get anything from it. In fact, I didn’t even really want to get started in the first place. I was just curious and we all know curiosity’s a bitch.
I basically started off hacking because I had seen all this new uproar about the whole Anonymous scene. Although it was very unheard of, I thought to myself that I’d give it a go since computers and IT had always been a strong skill of mine ever since I was a teenager. So I decided to read up on it and learn ways on how to use the art of hacking to obtain stuff. After I gained experience, I started looking into “Internet engineering,” which is getting information from a company or seller and manipulating it to your own advantage, releasing private information and so on.
I began using the Internet a lot more than I used to back in 2005, around the time Twitter and YouTube came out. I started using both, but Twitter more than YouTube. I was just your everyday tweeter, nothing different about me than someone else that tweeted. I tweeted a lot and it was somewhat becoming an addiction. I hit around 25k tweets within a year on @Known and I continued to tweet.
I stopped using Twitter because I wanted to better my knowledge in hacking, whether for security research or hacking into sites/accounts intentionally. I knew how to, I just wasn’t that skilled at it to begin with. I wanted to focus on hacking because it was a passion of mine. I took the time away from my Twitter addiction to focus on it and with that I became more skilled.
I taught myself everything I know. I went from basic stuff to advanced stuff in around 1-2 years, which really should have taken me around 4-5 years but I was determined to learn. That’s why I had very little sleep during this time. I set out to learn and that was what I did, I never asked for help since I wanted to be fully independent in my decisions and in my teaching.
I started off with basic stuff like email accounts, doing a method I created myself which was to dox the email (gather personal information on it) and then email the email register and ask for a reset. I then led up to finding XSS vulnerabilities on websites for the webmasters to patch. I did it for fun and I did it to protect and secure sites like Mozilla and Microsoft.
In early 2009, Twitter screwed one of my accounts over and suspended it. I was never given an explanation as to why until I contacted them myself via phone. They told me I had been on their radar for a while. This got me mad because I did nothing wrong to deserve the suspension. I mean, I did but I never tweeted about it or linked anything to it.
I guess I made a slip up of some description, whether that was changing accounts too often or maybe my VPN (Virtual Private Network, a way to stay anonymous online) broke which put me on my personal proxy (the same as a VPN but only in the Web browser, not for various programs) which was already banned at the time. That’s probably how they got onto me.
That was when I became tired of Twitter and became somewhat annoyed by their lack of security and the way they did things.
I started off by obtaining access to Twitter accounts and selling them on. The way I obtained them was by finding accounts with a website linked within their personal profile (just because it helps me gain access to their account easier, because with a website I can find a physical address and an email). I’d find out who owned the website, then I’d gather personal information till I had a complete dox. To make it more clear, a dox is personal information about people on the Internet, often including their real name, known aliases, address, phone number, SSN, credit card number, etc.
I’d then email Twitter saying I lost access to my account. I’d give them the email address on record along with other proof such as screenshots (edited of course) and then I’d put in a backup email. I’d wait a day or so to hear back from them, and then they’d email me, giving me access to reset the account. That was how I gained access to most of my accounts.
I did use a “Twitter Cracker” at times, which just made my job easier when obtaining bundles of them. A Twitter Cracker is a program or application in some cases that allows you to import a username list and a password list. It then goes through them, testing each name against a password until it finds a match or until it runs out of passwords to use. I had a password list that was extremely strong, which my partner “D3/Descent” (@D3/@9999) and I made.
Me and D3 became partners back in the beginning of 2012. We just had plans and we had ideas that we both thought could come true. We both used to get accounts and then sell them on, we both went by the handles @Temp and @D3. Our plans at first were to obtain access to accounts and then email the owners and inform them about it. So, we actually set out to do good and to better the huge Twitter security flaws.
We then changed our direction when Twitter once again fucked us over because we tweeted a video link to one of the accounts we obtained. That’s how Twitter tracked us down and suspended both of our accounts. We then took accounts and kept them, we collected them like a child collects Pokemon cards. Once we had a mass amount we’d sell them and make profit to the hills.
Me and D3 made a YouTube channel called “g00fed” and we had the slogan “don’t get g00fed” and “you’re dun g00fed” which was what we used to say quite a lot to our victims or to people who had crossed us. Our goal for the YouTube channel was to show people how to do stuff. We actually ended up uploading videos of accounts we’d obtained, but aside from those videos we did have quite a few on how to secure your account.
Me and D3 gained access to accounts such as The Who (@TheWho) which was one of the biggest we obtained. The video can be seen below.
Around four weeks after starting our YouTube channel, Twitter decided to look into it and that’s why they closed both of our Twitter accounts. They had hunted for us for a long while. They tried to find our new accounts which they eventually did and they suspended them. They keep suspending every account we use still, but we’re not morons and nor are we stupid. We use pretty basic stuff, such as a VPN or VPS (Virtual Private Server), to keep us anonymous whilst using Twitter and whilst surfing the internet.
Me and Phobia (@PhobiaTheGod) started our own blog, wefuckshit.net, on how to secure your Twitter accounts and how to look after them. We also did a blog entry about the differences between hacking and cracking.
I first started off with websites, then I moved onto logins and accounts. That’s how I got into Twitter hacking firstly, but as I said when Twitter screwed me over, I didn’t really give a flying fuck anymore and I was out to screw everyone and anyone over.
I’m not like that now though. I stopped hacking and obtaining Twitter accounts around a month ago. The only reason for me doing so now would be to secure the account for the owner. Adding location tracking to tweets isn’t safe, for one thing. I haven’t touched an account apart from my own in well over a month.
I only help the account owner secure his account, or I teach classes to help others learn. I don’t intentionally go out of my way to fuck over accounts anymore. My vendetta towards Twitter has gone now to be fair. I show no shame for what I have done and I show no anger towards Twitter.
I use Twitter now as if I was the everyday Joe Bloggs. I tweet stuff I’m doing and I even tweet stuff I’ve done (sad? Yes.). That’s how I first planned to use Twitter.
The main difference now is that Twitter watches my every move carefully. They don’t know my current account and I hope they don’t find out, but Twitter will forever have tabs on me.
Photo via Imgur
Pure, uncut internet. Straight to your inbox.