Hackers “find Twitter exploit” and resurrect banned accounts

This should be a Halloween tale: Twitter accounts long dead and buried have been resurrected by a Frankenstein-like bunch of hackers.

We don’t know where they got the jolt of lightning to make these things burst from the grave, but as Business Insider reports, a hacking group calling itself Spain Squad allegedly seized Twitter accounts including @Hell, @Hitler, @Nazi, @ak47, and @1337: many of which had been previously suspended, while others had been inactive for quite some time.

The @Ziter account, claiming affiliation with Spain Squad, on Friday was offering a slew of accounts for sale, including those above as well as @botnet, @darknet, @LizardSquad, and @bypass.

As of Monday morning, Twitter hadn’t commented, though it had reburied the zombie accounts, suspending them yet again.

This isn’t supposed to happen.

Twitter suspends accounts for various reasons: for being spammy, being fake, introducing security risks to other users, or for breaking Twitter’s other rules of engagement, including those against harassment and trolling.

Filing an appeal can sometimes get an account reactivated, depending, of course, on the reason why it was suspended in the first place.

But without Twitter’s say-so, suspended accounts aren’t supposed to be recoverable. Neither does Twitter deactivate accounts just because their rightful owners haven’t used them for a while.

But Spain Squad is claiming to have discovered an exploit – for which it gave little detail – that gets around that barrier.

A Spain Squad member called Akma talked to Business Insider via the @LizardSquad Twitter account prior to Twitter re-suspending it. He or she told the publication that the team…

…don’t want to talk about our exploit… we don’t want get patched soon.

But Akma did say that Spain Squad could

…get any [account] if he has an activity on his account for more than 6 months … we can suspend Twitter … and we can unsuspended Twitter … [and] swap @ to other @user.

There’s no evidence that they have, in fact, figured out how to suspend accounts, nor that they can switch handles between accounts, as Akma claims and which they threatened to do to another hacking group called @PoodleCorp.

Akma said that Spain Squad isn’t out to hurt anybody: it’s just a “white hat” hacking team, they claimed:

We are not going to do anything strange now but with this account, is just for fun.

You can see what tweets I post, just for fun. After this, we going to deactive [sic] accounts or suspend again.

Threatening to close accounts, exploiting an alleged security hole without disclosing it to Twitter, and trying to profit off what looks to be the fruits of that alleged exploit don’t exactly call to mind “white hat” or “non-malicious hacking.” To state the obvious, take those “just for fun” claims with a pinch of salt.

There are many ways to have your Twitter account hijacked: clicking on phishy links; using feeble passwords instead of unique, hefty brutes; or practicing poor password etiquette by, for example, using your pet’s name or simply handing over your password to strangers.

Celebrities’ Twitter accounts are particularly appealing to hijackers: the most recent addition to the list of hijacked celebrity accounts was that of Wikipedia co-founder Jimmy Wales.

Other Twitter (or other social media) accounts that are particularly appealing are those with short, interesting or cool handles. As security reporter Brian Krebs has reported, what’s known as “OG” (for “original” or “original gangster”) accounts can fetch some decent money in certain circles online.

Their appeal: short handles make it look like the poster was hip enough to get in on the ground floor, when Twitter (or other social media networks) were still young, such handles hadn’t been snapped up yet, and you didn’t have to append a bunch of numbers to a simple handle.

Using social engineering, hijackers have managed to swipe such accounts even when they’re protected by two-factor authentication (2FA).

Black Lives Matter activist DeRay Mckesson is one example, while the rightful owner of the handle @Fearful was another.

At this point, we don’t yet know if Spain Squad really did find a new exploit and, if so, whether Twitter patched it or simply re-suspended the accounts in question.

We’ll update the story if more details are forthcoming.