Update 1 (07/31/2020): Following the publication of this story, it has been revealed that the “mastermind” behind the Twitter hack was indeed not working alone. Two additional individuals were charged in connection with the breach. The United States Department of Justice announced the additional culprits today:
Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.
The U.S. Attorney General added this:
There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney Anderson. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.
The original article continues below.
At the time, several accounts were taken over in an effort to scam Bitcoin from Twitter users. The profiles includes Apple’s, the CEO of Tesla, Elon Musk’s, Amazon CEO Jeff Bezos’s account, and even Steve Jobs’s account, among others. Since then, Twitter has been releasing tidbits of information regarding the hack, and now we know that at least one person has been arrested in connection to the Twitter hack and Bitcoin scam.
As reported by local news Channel 8 out of Tampa, Florida, a 17-year-old by the name of Graham Clark has been arrested for the incident. In total, Clark has been hit with 30 felony charges.
Hillsborough State Attorney Andrew Warren filed 30 felony charges against the teen this week for “scamming people across America” in connection with the Twitter hack that happened on July 15. The charges he’s facing include one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority.
The arrest was made today due to a multi-agency effort to find out the culprit behind the hack. The FBI, the IRS, the Secret Service, and agencies in California and Florida were all part of the investigation. Two additional people have also been charged in connection to the breach.
As mentioned above, Twitter has been distributing some details regarding the hack. Today, for instance, the social network updated its blog to comment on the hack, saying, in part:
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
It’s good to see that this resulted in such a quick turnaround from initial hack to arrest. This was a crazy incident, and the details that Twitter has provided so far don’t instill a lot of confidence. That’s not stopping the social network from investigating a potential subscription plan to the service, though.