Florida teenager arrested as mastermind of Twitter hack
The official Twitter accounts of Bill Gates, Joe Biden and other high-profile accounts were hijacked on July 1 …read more
MIAMI: A Florida teenager was identified Friday as the mastermind of a plan early last month that seized the Twitter accounts of prominent politicians, celebrities, and tech moguls and defrauded people around the world with more $ 100,000 in Bitcoin. Two other men were also charged in the case.
Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a press release. Two men accused of benefiting from the attack, Mason Sheppard, 19, of Bognor Regis, UK, and Nima Fazeli, 22, of Orlando, were separately charged in California federal court.
In one of the highest-profile security breaches in recent years, fake tweets were posted on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg, and several tech billionaires, including Amazon CEO Jeff Bezos, co-founder of Microsoft. Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $ 2,000 for every $ 1,000 sent to an anonymous Bitcoin address. The hacking alarmed security experts because of the great potential of such an intrusion to create geopolitical chaos with disinformation.
Court documents in the California cases say Fazeli and Sheppard negotiated the sale of stolen Twitter accounts by a hacker who identified himself as “Kirk” and said he could “reset, change and control any Twitter account at will. “in exchange for digital currency payments, claiming to be an employee of Twitter
The documents do not specify Kirk’s true identity, but say he is a teenager prosecuted in the Tampa area.
Twitter has said that the hacker gained access to a company dashboard that manages accounts by using social engineering smartphones and phishing to obtain credentials of “a small number” of Twitter employees “to gain access to our internal systems. ” Phishing uses email or other messages to trick people into sharing login credentials.
“There is a false belief within the criminal hacking community that attacks like the Twitter hack it can be carried out anonymously and without consequences, ”US Attorney David L. Anderson of the Northern District of California said in a press release.
However, the evidence suggests that those responsible did a poor job of covering their tracks. Court documents released Friday show how federal agents tracked hackers through Bitcoin transactions and obtaining records of their online chats.
Although the case was investigated by the FBI and the United States Department of Justice, Hillsborough State Attorney Andrew Warren said his office is prosecuting Clark in state court because Florida law allows minors to be charged. As adults in financial fraud cases when appropriate. He called Clark the leader of the hacking scam.
“This defendant lives here in Tampa, he committed the crime here and he will be prosecuted here,” Warren said.
Security experts were not surprised that the alleged mastermind was a 17-year-old, given the relatively fond nature of the operation and how participants discussed it with New York Times reporters afterward.
“This is a great case study that shows how technology democratizes the ability to commit serious criminal acts,” said Jake Williams, founder of cybersecurity firm Rendition Infosec.
“There was not a ton of development in this attack.” Williams said the hackers were “extremely careless” in the way they moved Bitcoin. Apparently, they did not use any services that make it difficult to trace the cryptocurrency by “dropping” multi-user transactions, a technique similar to money laundering, he said.
He also said he was in conflict over whether Clark should be charged as an adult. “He definitely deserves to pay (for taking the opportunity), but potentially serving decades in prison doesn’t seem like justice in this case,” Williams said.
The hack targeted 130 accounts with tweets sent from 45 accounts, gained access to 36 direct message inboxes, and downloaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders said his inbox was among the people he accessed.
Court documents suggest that Fazeli and Sheppard became involved in the plan after Clark hung up on the possibility of obtaining so-called Twitter identifiers from OG, short account names that, due to their brevity, are highly appreciated and considered symbols of been in a certain medium. They said that Sheppard bought @anxious and Faceli wanted @foreign.
Investigators from the Internal Revenue Service in Washington, DC, identified two of the defendants analyzing Bitcoin transactions on the blockchain, the universal ledger that records Bitcoin transactions, which they had tried to make anonymous, they said. federal prosecutors.
Marcus Hutchins, the 26-year-old British cybersecurity expert, credited with helping stop the WannaCry computer virus in 2017, said the skill set involved in actual hacking was nothing special.
“I think people underestimate the level of experience necessary to carry out these types of attacks. It may sound extremely sophisticated, but the techniques can be replicated by teens, “added Hutchins, who pleaded guilty last year to creating malware designed to steal bank information and has just completed the one-year supervised release.
British cybersecurity analyst Graham Cluley said his assumption was that specific Twitter employees received a message to call what they believed to be an authorized helpdesk and the hacker persuaded them to provide their credentials.