Authoritieshave arrested and charged a 17 years old boy for the recent hack of celebrities account on Twitter
Operating a scheme targeting celebrity accounts like former President Barack Obama and Elon Musk.
A 17 years old and two others have since been arrested.
The hack humiliated Twitter and put the protection provided by a number of tech companies into question.
One by one, there was the same odd message posted by the celebrity Twitter accounts:
Send Bitcoin and they’d send back double your money.
Elon Musk, Bill Gates, Kanye West, José R. Biden Jr., Barack Obama were being hacked, and hundreds of others, and Twitter appeared unable to stop it.
Although some initially thought the hack was professionals’ job,
it turns out that a 17-year-old recent Florida high school graduate was the “mastermind” behind one of the most high-profile hacks in recent years, the authorities said on Friday.
Graham Ivan Clark was arrested in his apartment in Tampa, where he lived by himself, state authorities said early Friday.
He faces 30 hack charges of crime, including theft, and he is convicted as an adult.
Alongside two others, 19-year-old Mason John Sheppard of the United Kingdom and 22-year-old Nima Fazeli of Orlando, Fla., were accused of supporting Mr. Clark during the takeover.
Investigators said the two seemed to have supported the main figure in the attack, who went by Kirk ‘s name.
Documents released Friday do not include Kirk’s true name.
Mr. Clark was able to go unnoticed within Twitter ‘s network, said Andrew Warren, the state of Florida attorney handling the case.
“This was not an ordinary 17-year-old,” Mr. Warren said.
Mr. Clark told one of the company’s workers that he was a Technology department co-worker who needed the credentials of the employee to access the customer service portal, a Florida criminal affidavit stated.
They had hacked into 130 accounts by the time the hackers were finished and raised major new concerns about Twitter’s security.
Given the cleverness of the hackers, according to court records their scheme quickly fell apart.
They left their true identities with clues and tried to conceal the money they had made after the hack became public.
Their errors allowed law enforcement to figure them out quickly.
Less than a week after the incident, according to the records, federal agents, search warrant in hand, went to a home in Northern California.
There, they met another teenager who admitted to the scheme.
The person, who is not identified in the records because he or she is a minor, gave details to police that helped them locate Mr. Sheppard and said Mr. Sheppard had spoken about turning himself in to law enforcement.
Since Mr. Clark is under 18, he was prosecuted not by federal prosecutors, but by the Florida state attorney in Tampa.
His age also ensures he keeps certain aspects of his case under wraps.
According to legal records, federal authorities were already monitoring Mr. Clark’s online activities prior to the Twitter hack.
Secret Service confiscated Bitcoin worth more than $700,000 from him in April, although it was unclear why.
The documents released on Friday essentially echo what many hackers involved in the attack said two weeks ago to The New York Times:
The hack started early on July 15 as a quiet scheme for stealing and selling unusual user name.
But as the day went on, the Kirk-led assault took over hundreds of accounts belonging to cryptocurrency firms and celebrities.
Bitcoin had poured into the accounts of hackers.
According to a New York Times report, the scheme netted Bitcoin worth more than $180,000.
In a court filing, a special agent with an investigation unit from the Internal Revenue Service said that Mr. Sheppard was involved in the hack while using the screen name “ever so nervous.”
A person using that name told The Times a few days after the attack that he was involved because he wanted to obtain unique Twitter usernames.
“i just kinda found it cool having a username that other people would want,” “ever so anxious” said in a chat with The Times.
He ultimately brokered the sale of at least 10 addresses, such as @drug, @w and @L, according to the indictment against him.
Mr. Fazeli is also accused of serving as a middleman, helping to sell stolen Twitter accounts on the day of the attack under the user name “Rolex.”
But the indictment provides few details on Mr. Fazeli’s work as a middleman.
By the time Twitter finally managed to stop the attack, the hackers had tweeted from 45 of the accounts they had broken into,
gained access to the direct messages of 36 accounts, and downloaded full information from seven accounts, the company said.
Mr. Fazeli and Mr. Clark were arrested on Friday. Mr. Sheppard has not been arrested but is expected to be taken into custody, the F.B.I. said.
“While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks,” said John Bennett, a special agent in charge with the F.B.I.
The investigation is still underway, and it is possible there will be additional arrests, a bureau spokeswoman said.
The young men who participated in the breach come from a loose-knit community of hackers who focus on account takeovers, cybersecurity experts said.
Using a practice known as SIM-swapping, they often target telecom companies to compromise victims’ phone numbers and intercept login credentials.
The attackers targeted Twitter employees, stealing their account credentials in order to gain access to an internal system that allowed them to reset the passwords of most Twitter users.
(Some users, like President Trump, have extra security on their accounts to prevent takeovers.)
“These people come trained to be efficient and creative at their attack methods,” said Allison Nixon, the chief research officer of the security firm Unit 221B.
“They’ve realized there’s this world of soft targets.”
These hackers often focus on financial fraud, but their ability to gain access to the accounts of political figures could attract new and dangerous customers, Ms. Nixon said.
“One of the things that concerns me is that, as these actors continue to refine their techniques and learn,
they’re going to realize that there are other customers who will pay a lot more for things other than a single-character user name,” she said.
“I don’t think they’ve even scratched the surface of how much damage they could cause.”
In a statement, Twitter thanked law enforcement for its “swift actions” and said it would continue to cooperate with the investigation.
The relatively young age of the hackers did not come as a surprise to security professionals who monitor the SIM-swapper community.
Many of the people drawn to it are teenagers who pursue unique user names because controlling them conveys a sense of importance and clout.
“This activity is addictive in a way, it’s a thrill,” Ms. Nixon.
“Breaking into gigantic companies and stealing ridiculous amounts of money is a huge thrill for them.”