3 people charged with Twitter hack, theft of $100,000 in Bitcoin
MIAMI — A British man, a Florida man and a Florida teen were identified by authorities Friday as the hackers who earlier this month took over Twitter accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $100,000 in Bitcoin.
Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough state attorney’s office will prosecute him as adult. He faces 30 felony charges, according to a news release. Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, were charged in California federal court.
In one of the most high-profile security breaches in recent years, hackers sent out bogus tweets on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David L. Anderson for the Northern District of California said in a news release. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.”
Although the case against the teen was also investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren explained that his office is prosecuting Clark in Florida state court because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate. He added that Clark was the leader of the hacking scam.
“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said.
Security experts were not surprised that the alleged mastermind of the hack is a 17-year-old, given the relative amateur nature both of the operation and the hackers’ willingness afterward to discuss the hack with reporters online.
“I think this is a great case study showing how technology democratizes the ability to commit serious criminal acts,” said Jake Williams, founder of the cybersecurity firm Rendition Infosec. “I’m not terribly surprised that at least one of the suspects is a minor. There wasn’t a ton of development that went into this attack.”
Williams said the hackers were “extremely sloppy” in how they moved the Bitcoin around.
Williams said it did not appear that the three used any services that make cryptocurrency difficult to trace by “tumbling” transactions of multiple users, a technique akin to money laundering.
He also said he was conflicted about whether Clark should be charged as an adult.
“He definitely deserves to pay [for jumping on the opportunity] but potentially serving decades in prison doesn’t seem like justice in this case,” Williams said.
Twitter previously said hackers used the phone to fool the social media company’s employees into giving them access. It said hackers targeted “a small number of employees through a phone spear-phishing attack.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
Internal Revenue Service investigators in Washington, D.C., were able to identify two of the hackers by analyzing Bitcoin transactions on the blockchain — the ledger where transactions are recorded — including ones the hackers attempted to keep anonymous, federal prosecutors said.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
Twitter said it would provide a more detailed report later “given the ongoing law enforcement investigation.”
The company has previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal systems and tools. It didn’t provide any more information about how the attack was carried out, but the details released so far suggest the hackers started by using the old-fashioned method of talking their way past security.
British cybersecurity analyst Graham Cluley said his guess was that a targeted Twitter employee or contractor received a message by phone asking them to call a number.
“When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,” Clulely wrote Friday on his blog.
It’s also possible the hackers pretended to call from the company’s legitimate help line by spoofing the number, he said.
Fazeli’s father said Friday he hasn’t been able to talk to his son since Thursday.
“I’m 100% sure my son is innocent,” Mohamad Fazeli said. “He’s a very good person, very honest, very smart and loyal.”
“We are as shocked as everybody else,” he said by phone. “I’m sure this is a mix-up.”
Attempts to reach relatives of the other two weren’t immediately successful. Hillsborough County court records didn’t list an attorney for Clark, and federal court records didn’t list attorneys for Sheppard or Fazeli.
This story has been updated with the arrests of additional suspects.
Information for this article was contributed by Kelvin Chan, Matt O’Brien and Frank Bajak of The Associated Press.
Author: DAVID FISCHER, The Associated Press
Three People Charged in Twitter Bitcoin Hack [Updated]
A Florida teenager, who is accused of being the “mastermind” behind the July hacking of social media site Twitter, has been arrested, according to Tampa’s WFLA Channel 8 News site.
17-year-old Graham Clark is facing 30 felony charges for “scamming people across America” with the Twitter hack. He’s been accused of organized fraud, 17 counts of communication fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to a computer or electronic device without authority.
The July 15 Twitter hack saw the accounts of multiple prominent companies and individuals taken over, with hackers sharing bitcoin scam images in an attempt to collect money. Apple’s Twitter account was included in the attack.
According to Twitter’s internal investigations, Twitter employees were targeted in a “phone spear phishing attack,” which suggests hackers called some of its staff and tricked them into thinking they were speaking with fellow Twitter employees.
The targeted employees provided access to Twitter’s internal systems, which is how the hackers were able to breach the accounts. Twitter’s internal tools were used to target 130 accounts, and for 45 of those accounts, the hackers used a password reset and had full access to send tweets.
Of the 130 accounts breached, which included the accounts Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, and presidential candidate Joe Biden, hackers had access to information like email addresses and phone numbers, plus for some accounts, Direct Messages were accessed.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida,” Warren said in a statement. “This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
In a statement, Twitter said that it appreciated the swift actions of law enforcement agents in Florida.
Twitter earlier today said that it is taking a “hard look” at how to improve its internal tools and systems and has limited access until better security protocols are in place.
Update: Along with Graham Clark, the United States Department of Justice announced that a 22-year-old man from Florida and a 19-year-old from the United Kingdom have also been accused of breaching Twitter’s site.
Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.
The DoJ declined to name Graham Clark because he is under 18, but his identity was already revealed by Florida news sites.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney Anderson. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”
Sheppard is facing up to 45 years in prison, while Fazeli is facing up to five years in prison.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Author: Friday July 31, 2020 12:35 pm PDT by Juli Clover
CRYPTO NEWS: Latest BITCOIN News, CEX.IO News, ETHEREUM News, FOREX News
Since the beginning of the week, the cost of the cryptocurrency has reached $ 11 thousand. The price began to rise after the Federal Banking Control Agency allowed US banks to hold clients’ cryptocurrencies last week.
Against the background of the positive movement of the bitcoin rate, the founder of Heisenberg Capital, analyst and TV presenter Max Kaiser gave a forecast for the movement of the asset. The specialist believes that a positive trend can bring the cryptocurrency to the level of $ 28 thousand. He shared his opinion with the microblog readers in a series of tweets.
According to the results of the third quarter, Visa’s net profit decreased by 23.4% to $ 2.373 billion. In terms of one class A common share, the diluted net profit was $ 1.07 – a year earlier this figure was at $ 1.37. This is above the expectations of analysts, who, according to Forbes magazine, predicted that Visa would profit in the region of $ 1.02-1.05 per share.
Despite the strong growth of the decentralized finance market, it still costs less than cryptocurrencies such as XRP and Bitcoin Cash. This is the conclusion reached by analysts at Messari. Ryan Watkins shared the research theses on his microblog.
Author: by admin