Three accused of compromise on Twitter on July 15 – Krebs on security


Three people have been charged with their alleged roles in the July 15 hack Twitter, an incident which resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures, sending out tweets announcing a Bitcoin scam.

Amazon CEO Jeff Bezos’ Twitter account on the afternoon of July 15.

Nima «Rolex» Fazeli, a 22-year-old from Orlando, Florida, has been indicted in a criminal complaint in Northern California for aiding and abetting intentional access to a protected computer.

Mason «Chaewon» Sheppard, a 19-year-old from Bognor Regis, UK, has also been charged in California with conspiracy to commit electronic fraud, money laundering and unauthorized access to a computer.

A US Department of Justice The statement on the matter does not name the third defendant in the case, saying juvenile proceedings in Federal Court are sealed to protect the identity of the youngster. But an NBC News affiliate in Tampa reported today that authorities arrested a 17-year-old Graham Clark as the alleged mastermind of the hack.

Graham Clark, 17, of Tampa, Florida, was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office. said Clark was hit with 30 counts including organized fraud, communications fraud, one count of fraudulent use of personal information with over $ 100,000 or 30 or more victims, 10 counts of use fraudulent personal information and one count of accessing a computer or electronic device without authorization. Clark’s arrest report is available here (PDF). A statement from Florida prosecutors says Clark will be charged as an adult.

On Thursday, Twitter posted more details on how the hack unfolded, saying the intruders “targeted a small number of employees through a phone phishing attack,” which “is based on a meaningful and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. ”

By targeting specific Twitter employees, the authors were able to access internal Twitter tools. From there, Twitter said, the attackers targeted 130 Twitter accounts, tweeting from 45 of them, accessing direct messages from 36 accounts and downloading Twitter data from seven.

Among the compromised accounts was a Democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos, President Barack Obama, Tesla’s PDG, Elon Musk, former mayor of New York Michael Bloomberg and investment mogul Warren Buffett.

The hacked Twitter accounts were designed to send tweets suggesting that they were distributing bitcoin, and that anyone who sent bitcoin to a specified account would be returned double the amount given. In total, the Bitcoin accounts associated with the scam have received over 400 transfers totaling over $ 100,000.

Sheppard’s alleged pseudonym, Chaewon, has been mentioned twice in articles here since the July 15 incident. On July 16, KrebsOnSecurity wrote that just before the Twitter hack, a member of the OGUsers social media account hacking forum named Chaewon announced that he could change the email address linked to all Twitter account for $ 250 and give direct access to accounts for between $ 2,000 and $ 3,000 each.

The OGUsers forum user “Chaewon” accepts requests to change the email address linked to any Twitter account.

July 17 Le New York Times published a story that included interviews with several people involved in the attack, who told The Times they were not responsible for the Bitcoin Twitter scam and only negotiated the purchase of accounts from the hacker computer Twitter – which they called only “Kirk.” ”

One of those interviewed by The Times used the pseudonym ‘Ever So Anxious’ and said he was 19 years old from Britain. In my July 22 follow-up post, it emerged that Ever So Anxious was actually Chaewon.

The person who shared this information was the main subject of my July 16 post, which followed clues from tweets sent from one of the accounts claimed during the compromise on Twitter to a 21-year-old British boy who uses the nickname PlugWalkJoe.

This individual shared a series of screenshots showing that he had been in communication with Chaewon / Ever So Anxious just prior to the Twitter hack, and asked him to secure several desirable Twitter usernames with the Twitter hacker . He added that Chaewon / Ever So Anxious was also known as “Mason”.

Negotiations over the hottest Twitter usernames took place just before hijacked celebrity accounts tweeted Bitcoin scams. PlugWalkJoe is pictured here chatting with Ever So Anxious / Chaewon / Mason using his Discord username “Beyond Insane”.

On July 22, KrebsOnSecurity interviewed Sheppard / Mason / Chaewon, who confirmed that PlugWalkJoe did indeed ask him to ask Kirk to change the profile picture and display name of a specific Twitter account on July 15. He admitted that although he acts as a “go-between” between Kirk and others seeking to claim desirable Twitter usernames, he has nothing to do with hijacking VIP Twitter accounts for the scam. Bitcoin the same day.

“Meeting Kirk was the worst mistake I ever made because it got me in trouble that I had nothing to do with,” he said. “If I knew Kirk was going to do what he did, or if even from the start, if I knew he was a hacker masquerading as a representative, I wouldn’t have wanted to be a go-between.

Another individual who told The Times he had worked with Ever So Anxious / Chaewon / Mason to communicate with Kirk said he went by the nickname “lol”. On July 22, KrebsOnSecurity identified lol as a young man who went to high school in Danville, California.

Federal investigators didn’t mention lol by nickname or real name, but the indictment document against Sheppard shows that on July 21, federal agents executed a search warrant at a northern California residence for questioning a miner who helped Kirk and Chaewon sell access to Twitter Accounts. According to the document, the miner and Chaewon had discussed surrendering to authorities after the Twitter hack became public.

Tags: Chaewon, Ever So Anxious, Graham Clark, Mason Sheppard, Nima Fazeli, ogusers, PlugWalkJoe, Rolex, Twitter hack, US Justice Department, WFLA

This entry was posted on Friday July 31st, 2020 at 5:43 pm and is filed under Ne’er-Do-Well News, Other. You can follow comments on this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.


Please enter your comment!
Please enter your name here