Coordinated withdrawal targets ‘OGUser’ account thieves


Since 2017, the The OGUsers online marketplace has fueled a buying and selling community of access to short or flashy social media and game handles, like @xx or @drug. Last year, hackers affiliated with OGUsers reportedly launched a massive attack on Twitter, temporarily taking control of dozens of accounts with short or prominent descriptors, like @Apple, @JeffBezos, and @Uber. Today, as part of the ongoing efforts to fight takeovers of OGUsers accounts, Instagram, Twitter, TikTok and other platforms are recovering swathes of those stolen accounts and sending cease and desist letters to them. known hackers.

Instagram is taking action against hundreds of accounts in Thursday’s action. Although he has been making this kind of application for years, he is speaking publicly about it for the first time to raise awareness of the extent of the threat. OGUsers’ hackers not only target individual account owners for credentials, but have launched sophisticated phishing attacks and even extortion attempts against customer service and IT technicians from large companies, as in the Twitter hack—To get group access to more accounts. OGUsers are popular to use this type of access to remove SIM swap attacks, in which hackers take control of the victims’ phone numbers and associated online accounts.

WIRED spoke to two senior officials at Instagram’s parent company Facebook, but agreed not to use their names; OGUsers forum members have Employees of tech companies “crushed”, including some on Facebook and Instagram, in an attempt to intimidate them. Swatting attacks are fake 911 calls on emergencies invented to address a target in order to storm the residence by the police.

“We want to make it clear both to the members of the OG that we oppose here and to anyone else who is considering similar techniques that we are not going to allow them to market this type of deception, harassment and abuse. abuse, “a Facebook official” And we want to make people who might try to buy these accounts aware that the way people access the accounts involves hacking, blackmail and swatting which can cause real harm to the innocent. “

Twitter claims to have permanently suspended a number of accounts linked to OGUser activity in recent days, including some with high subscriber counts and short or unique handles. The company conducted its investigation in tandem with Facebook.

“As part of our ongoing work to find and stop inauthentic behaviors, we recently recovered a number of TikTok usernames that were being used for account squat,” a TikTok spokesperson told WIRED in a press release. The company also said it was cooperating with other industry organizations to tackle the issue.

“The challenge I pose for those high-value businesses, social media sites, or cryptocurrency platforms is if you take a look at your password reset feed and you can reset the password by owning the phone number, you have a problem yourself. Says Rachel Tobac, CEO of SocialProof Security, which focuses on social engineering. “You can take punitive action against cybercriminals, but you also need to minimize the value of the SIM swap attack methodology.

Multi-factor authentication using code-generating applications or physical authentication tokens can prevent hackers from stealing two-factor codes sent via SMS. Instagram introduced third-party app authentication in 2018 and encourages all of its users to add that extra layer of protection. Facebook is also expanding its “Facebook Protect” security program for large accounts, which offers multi-factor authentication support and additional monitoring.

While OGUsers hackers often rely on SIM card swapping, researchers point out that this is not the only type of attack businesses need to protect their users. Many actors are talented social engineers and phishers. Some go beyond credential theft and use these techniques to install malware in customer services or even on individual devices. This means that the answer must be even more complete.

Leave a Reply

Your email address will not be published. Required fields are marked *