My Interview with a Social Media Hacker
We’ve all seen them, those sketchy account takeovers where someone you know is suddenly posting about how they are giving away free money via cash app, or maybe you’ve seen posts about how someone is a crypto or investment guru, and is willing to manage your money and turn your $100 investment into $1,000 overnight. The type of scam doesn’t matter, we all know that something happened to these accounts, why are our friends who used to ask us to borrow $20 until Friday now posting about how they can turn out $100 into $1,000? The simple answer, because that is not them on the account.
Background
A little over a month ago, I received a follow request and a DM on Instagram from someone I don’t know. The profile appeared to be a pretty female about my age, we had a few mutual followers, and she messaged me asking me to vote for her in some sort of contest she was involved in. This immediately piqued my interest, as I have over the years seen this many times, and I know how this type of account takeover usually works.
It is always something along the lines of, the would-be hacker tries to approach you and make it sound like they need something innocent enough from you, a vote for some sort of contest is a pretty average way to try to start. Once you agree to help them, they may ask you for your phone number so they can send you a link or verification code or something similar. If you give them your phone number, they will attempt to sign in to your account and hit the “Forgot Password” button, so that you will be texted a password reset code, and the hacker will act like that code is sent by them, or the contest they are running in, to verify your identity. If you aren’t reading the text message, maybe you could fall for it.
The hacker will then ask you for the code that was sent to you, and if you supply it, they will enter it while trying to login to your account, and bam! Now they have access to your account, and they may change your password and log you out on all other devices, and take your phone number and email off of the account so you lose any chance of being able to recover it through similar means. At this point many social media hackers will begin to exploit the platform that you have on social media for whatever scam they are running, as well as, using your likeness to continue taking over accounts.
The Interview
This profile that came to me and was asking me for a vote in the contest they were participating in was trying to do this to me, and take over my account. From my countless hours of research on social media hackers and the processes they use, I never really found a motive other than selling accounts for nearly unprofitable prices on sketchy internet marketplaces, or running a cash app scam or similar, so I wanted to know more.
I played along with the would-be hacker for a message or two just to get them engaged, and then when they asked for my phone number so they could send me a verification code, I wrote out the exact steps that they were attempting in order to take over my account. I have done this dozens of times and usually I get one of two answers, silence, and possibly being blocked, or, denial. However, this time I got neither, I received interest from the hacker. He was interested in why/how I knew what was happening in the detail and depth that I did, he began to ask me some questions about my background and my knowledge. We began chatting for a moment, and I kept asking questions trying to gain more knowledge on the methods being used. He refused to answer any specific questions, as hackers usually will do, that is, until he jokingly said that if I wanted more answers I would need to pay. I agreed. I offered him payment for a short interview. He wasn’t stupid, he knew not to accept payment over paypal or cash app or similar. I explained that I am a researcher and my goal is not to build a case on him, but he told me the only way he would accept payment and participate in this interview would be if he was payed through cryptocurrency. Bitcoin, in particular. So, I sent him the payment and expected to be scammed. I expected him to block my account, or at least not answer any of my questions.
However, he kept chatting, and was answering the questions that I had. First we had general chats about technology, how he learned how to do what he was doing, and why he was doing what he was doing. I learned a lot about him, as much as I could without him doxing himself.
He told me about how the only flaw in my logic of how he was going to hack me is that he does not rely on password reset codes, he actually has a link that he sends via text message to perspective victims, and upon clicking the link, the website that it directs to steals information from their device. To me it sounded like cookie-jacking. He said the link gives him the login information he wants, but the only piece of information it doesn’t get is the location of the victim, so he would need to guess based on their profile, or social engineer them into divulging that information.
He then elaborated on what is done after access to the account is granted. This part caught me off guard, he doesn’t re-sell the account, or run any scams on it himself. He worked in a large network of social media scammers, passing the account information on to the next cog in the machine, after he gains access. The next person would then begin to post about bitcoin and try to lure people in to “investing” with them. Thats how the money was made. These hackers would take over accounts, especially accounts that seem trustworthy, and then use their platform to promote their bitcoin scam.
During my conversation with this hacker, I learned of over 100 accounts that he personally has taken over and brought into the bitcoin scam that they were running. He also briefly mentioned “impersonation” of other accounts for those who he doesnt have access to. I asked for more information about that but he was hesitant to speak about it, just saying that sometimes he (or they) would make accounts pretending to be people, and say “creepy things” to their friends. When I mentioned that it sounded like extortion he said no and proceeded to tell me that it was a scam. He refused to speak more on the impersonation aspect, but the only thing that comes to mind to me, is those fake accounts that impersonate people and try to get you to sign up for “exclusive content” via some sketchy website that functions similarly to OnlyFans.
After a few minutes he re-visited the “impersonation” idea and added that impersonation of celebrities makes a lot of money. So, it seems like this guy stays very busy on social media. He spoke about how he used to live in the U.S. somewhat near me, and he no longer does. He never answered where he does, but my hunches lead me to believe Europe, probably eastern Europe. He briefly spoke on social media hackers of other platforms and how he only deals with Instagram, but wants to learn the other platforms too. He divulged that he was in college and was using the money that he made to pay for his tuition. I asked him if he was interested in doing cyber security work legally in the future, and he was not. I’m not sure what he is studying, but I do know if his brain and work ethic was put to use legally, he would be able to pay his tuition much easier.
What stood out to me about his whole story was his stories about how he got into hacking. Not the typical story that I am used to hearing. He wasn’t some nerd that learned in his parents’ basement because he had nothing better to do with his life. He didn’t start by manipulating flash games to get new high scores. No. He learned from a family member who passed the skill down to him. Would he have ever done it if he wasn’t taught about it by a role model? How many of these hackers are doing this as a generational business?
Conclusion
Our interview concluded as quickly as it started and I felt satisfied with the bits of information I had gained. Although nothing groundbreaking was discovered, I will say, I was not expecting to learn that social media hackers sometimes use links capable of cookie-jacking devices. I was truly expecting him to rely solely on password reset codes.
Anyway, thanks for sticking around to the end, I hope you enjoyed this article. Please share, follow and like the article to show support! As an independent researcher and cyber security student, I love to share information as I learn it, and knowing other people are enjoying the content that I release means the world to me. Have a great day!
