Graham Ivan Clark, 17, was arrested in Tampa on Friday, where the Hillsborough state attorney’s office will prosecute him as an adult. He faces 30 felony charges, according to a press release. Two men accused of profiting from the hack – Mason Sheppard, 19, from Bognor Regis, UK, and Nima Fazeli, 22, from Orlando – have been charged separately in federal court in California.
In one of the most publicized security breaches of recent years, fake tweets were sent on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg, and a number of tech billionaires, including the Amazon CEO Jeff Bezos, Microsoft co-founder. Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, have also been hacked.
The tweets proposed to send $ 2,000 for every $ 1,000 sent to an anonymous Bitcoin address. The hack has alarmed security experts because of the serious potential for such an intrusion to create geopolitical chaos with disinformation.
Court documents in the California cases indicate that Fazeli and Sheppard negotiated the sale of stolen Twitter accounts by a hacker who identified himself as “Kirk” and said he could “reset, trade and control anyone. what Twitter account at will ”in exchange for e-currency payments, claiming to be an employee of Twitter.
The documents do not specify Kirk’s true identity, but indicate that he is a teenager being prosecuted in the Tampa area.
Twitter said the hacker gained access to a company dashboard that manages accounts using social engineering and spear-phishing smartphones to obtain the credentials of a “small number” Twitter employees “to access our internal systems”. Spear phishing uses email or other messages to trick people into sharing access credentials.
“There is a false belief within the criminal hacker community that attacks like Twitter Hacking can be carried out anonymously and without consequence,” US District Attorney David L. Anderson of the Northern District of California said in a statement. Press.
Evidence suggests, however, that officials have done a poor job of covering their tracks. Court documents released Friday show how federal agents tracked down hackers through Bitcoin transactions and obtaining tapes of their discussions online.
Although the case has been investigated by the FBI and the US Department of Justice, Hillsborough State Attorney Andrew Warren said his office is suing Clark in state court because Florida law allows minors to be charged as adults in financial fraud cases, if applicable. He called Clark the boss of the hacking scam.
“This defendant lives here in Tampa, he committed the crime here, and he will be prosecuted here,” Warren said.
Security experts weren’t surprised that the suspected brain was a 17-year-old, given the relatively amateurish nature of the operation and how participants discussed it with New York Times reporters afterwards. .
“This is a great case study showing how technology is democratizing the ability to commit serious crime,” said Jake Williams, founder of cybersecurity company Rendition Infosec.
“There hasn’t been a lot of development in this attack.” Williams said the hackers were “extremely sloppy” in the way they moved Bitcoin. They don’t appear to have used any services that make the cryptocurrency difficult to track by “tumbling” transactions from multiple users, a technique akin to money laundering, he said.
He also said he disagreed over whether Clark should be charged as an adult. “He really deserves to pay (for taking the opportunity), but potentially serving decades in prison doesn’t seem like justice in this case,” Williams said.
The hack targeted 130 accounts with tweets sent from 45 accounts, gained access to direct message inboxes of 36 and uploaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders said that his inbox was among those consulted.
Court documents suggest that Fazeli and Sheppard became involved in the scheme after Clark left open the possibility of obtaining OG Twitter pseudonyms, short account names which, due to their brevity, are highly prized and considered to be status symbols in a certain milieu. They said Sheppard bought @anxious and Faceli wanted @foreign.
Internal Revenue Service investigators in Washington, DC, identified two of the defendants while analyzing Bitcoin transactions on the blockchain – the universal ledger that records Bitcoin transactions – which they had sought to anonymize, prosecutors said federal.
Marcus Hutchins, the 26-year-old UK cybersecurity expert credited with helping stop the WannaCry computer virus in 2017, said the skills involved in the actual hack were nothing special.
“I think people underestimate the level of experience it takes to do this kind of hacking. They may seem extremely sophisticated, but the techniques can be reproduced by teenagers, ”added Hutchins, who pleaded guilty last year to creating malware designed to steal banking information and who has just completed the supervised publication of ‘a year.
UK cybersecurity analyst Graham Cluley said he assumed the targeted Twitter workers received a message to call what they believed to be an authorized help desk and were persuaded by the hacker to provide their credentials.