AC/DC tweets raise suspicions about Ashley Madison hacker's identity
A love of AC/DC may have inadvertently outed the identity of someone associated with recently hacked AshleyMadison.com, an influential IT journalist and consultant suggests.
In a blog post, Brian Krebs says he noticed that a Twitter account recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. (Krebs is the reporter who first uncovered the Ashley Madison hack, the Home Depot credit card hack and many others.)
Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC, but thought little else of it at the time.
It wasn't until last week's Toronto police news conference mentioned an intriguing nugget about their investigation into the hack that Krebs was reminded of the account. The police say the company became aware of the attack when employees came into work one morning and all of their computers saw a threatening message from the Impact Team, as the hacker group claiming responsibility for the attack calls itself.
That message was accompanied by AC/DC song Thunderstruck.
While examining the account's posting history, Krebs noticed the Twitter account of Thadeus Zu (@deuszu) had posted details of various low-level hacks it had accomplished over the years, for example, remotely taking over items like web cameras, wireless routers and printers.
"On Aug. 4, 2012," Krebs wrote, "he tweeted to KPN-CERT, a computer security incident response team in the Netherlands, to alert the group that he'd hacked their site."
CERT Nederlands | KPN Blacklist Next time, it will be Thunderstruck. <a href="https://twitter.com/hashtag/ACDC?src=hash">#ACDC</a> <a href="https://twitter.com/hashtag/schoolboyriff?src=hash">#schoolboyriff</a> <a href="https://twitter.com/hashtag/hackaday?src=hash">#hackaday</a> <a href="http://t.co/x4SxcJWv">pic.twitter.com/x4SxcJWv</a>—@deuszu
One day earlier, he hacked into the website for Australia's parliament.
<a href="https://twitter.com/deuszu">@deuszu</a> you were quoted in an article by <a href="https://twitter.com/newscomauHQ">@newscomauHQ</a> <a href="http://t.co/vPcRX8fUa5">http://t.co/vPcRX8fUa5</a>—@ReciteNews
The final piece, Krebs says, was that in the hours before the hack became public, Zu tweeted about a forthcoming hack.
Settle down, amigo. We are setting up a replication server so we can get that show started. <a href="http://t.co/J9gbVf7Vie">pic.twitter.com/J9gbVf7Vie</a>—@deuszu
In a series of tweets, Zu appears to deny that the account was behind the Ashley Madison hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes.
And ultimately, Krebs himself is not entirely convinced that he has uncovered someone involved in the hack. "All of this could be just one big joke by Zu and his buddies," Krebs wrote. "But one thing is clear: If Zu wasn't involved in the hack, he almost certainly knows who was."
Zu did not immediately reply to a request for comment from CBC News.