A French security researcher on Tuesday claims to have uncovered the identity of the Dark Storm hacker behind the hours-long DDoS cyberattack on Elon Musk’s X social media platform – and it looks as if an Egyptian college student was behind the entire operation.
Baptiste Robert, the CEO of the OSINT investigations firm Predicta Labs, said after performing a deep web dive to find more about the hacktivist group Dark Storm, has found the individual – an alleged script kiddie – responsible for the rolling outages that impacted tens of thousands of X users on Monday.
The distributed denial-of-service attacks (DDoS), which began around 6:00 a.m. Eastern Time and lasted until late afternoon, were carried out to protest X-owner Elon Musk, US President Donald Trump, and the duo’s “blatant fascism and lack of humanity,” according to an alleged Dark Storm supporter who posted the claim on X on Monday.
Even Musk himself attributed the attack to "Either a large, coordinated group and/or a country is involved."
Dark Storm is a pro-Palestinian group (with Russian ties) that has been carrying out distributed denial of service attacks on Israeli targets since at least August 2023, SecurityScorecard researchers stated in a profile on the hacker gang.
Tagging Elon Musk in a series of posts, Robert wrote about his discovery on X, hoping to meet the tech mogul and share the news personally.
“I've identified the people responsible for the DDoS attack on X yesterday. I'm currently in Washington and will be at the Eisenhower Building tomorrow (for another matter). Would you be interested in meeting?” Robert posted along with a blurred out picture of the alleged hacker.
Strictly using Open Source Intelligence (OSINT) gathering, Robert then laid out his process on the social media platform to prove his legitimacy, and thereby doxxing the individual said to be behind the attacks.
“In the meantime, let me explain…It’s OSINT time,” he posted.
The OSINT investigation
Creating an intricate graphic timeline worthy of any official FBI cyber investigation and posting it to his company’s website, Robert further highlighted his main trajectory points on X.
Security insiders, impressed with Robert’s work, let the kudos fly on X. “Mindblowing,” “Nice job. As always,” “Ngl he looks like a crypto punk,” the users said. “Getting some popcorn,” another posted.
So who is the unmasked perpetrator? According to Robert's posts, the OSINT sleuthing led him to an individual by the name of "Mohamed Hany, a young student located in Giza [Egypt]."
It started with Robert examining the social media handles of Dark Storm’s said leader on Telegram.
Using the monikers “MRHELL112” and “previously used usernames like Darkcrr, GLITCHAT1, and GLITCHcracker,” Robert was able to connect them to a Telegram channel about "DDoS Attack Services."
Following another user called “DrSinaway,” who was “mentioned alongside Darkcrr,” Robert further found references to another hacker group by the name of CyberSorcerers.
Robert said he observed both groups using similar logos, and was able to find a “DrSinaway” email address and Instagram account, eventually leading him to the Facebook account and Google bio of another Egyptian student and software engineer connected to Mohamed Hany.
“Under an old username, Mohamed was searching for a team around August-September 2023. He chose to join a DDoS-related Telegram channel to align with a Russian group, claiming it was "for the benefit of Russia and the Arab world," Robert posted, which ultimately led him to identify Hany as the guilty party behind the attacks. And, I guess you would say the rest is history.
"Noob skiddie versus X ? I thought it was a Lazarus-style operation to take down X. Haha what a plot twist lol," one user commented on the thread. "Tldr so a bunch of kids did it," another X user posted.
Robert also says he believes “Mohamed is not working alone; he has at least one accomplice.”
“But that's a story for another day,” he added.
Your email address will not be published. Required fields are markedmarked