Hillsborough State Attorney Andrew Warren revealed today that he has filed 30 felony charges against a 17-year-old resident of Tampa, Florida, who was described by Warrens office as “the mastermind of the recent hack of Twitter.”
The hack in concern happened earlier this month and involved prominent Twitter users like Apple, Elon Musk, Joe Biden and Barack Obama, whose accounts all posted messages promoting a Bitcoin wallet and declaring, “All Bitcoin sent out to the address below will be returned doubled!”
Due to the fact that theyre a minor) supposedly made more than $100,000 through this cryptocurrency rip-off, the teen (were not recognizing them.
The state attorneys workplace stated that the teen was apprehended previously today after an examination by the Federal Bureau of Investigation and the U.S. Department of Justice, and that they will be attempted as a grownup. They deal with charges consisting of one count of arranged fraud (over $50,000) and 17 counts of interactions scams (over $300).
” These criminal offenses were committed utilizing the names of popular individuals and celebrities, but theyre not the main victims here,” Warren stated in a statement. “This Bit-Con was created to steal money from routine Americans from all over the nation, including here in Florida. This enormous scams was managed right here in our backyard, and we will not stand for that.”
As we reported at the time, the hack utilized Twitters own internal administrative tool to access to prominent accounts. In a tweet, the business stated, “We appreciate the speedy actions of police in this examination and will continue to cooperate as the case advances. For our part, we are focused on being transparent and offering updates routinely.”
Earlier today, Twitter upgraded its post detailing what it learns about the attack:
The social engineering that happened on July 15, 2020, targeted a little number of workers through a phone spear phishing attack. An effective attack required the assailants to acquire access to both our internal network along with specific employee qualifications that gave them access to our internal support tools. Not all of the staff members that were initially targeted had consents to utilize account management tools, but the opponents utilized their credentials to access our internal systems and gain info about our processes. This understanding then allowed them to target extra employees who did have access to our account support tools. Using the credentials of workers with access to these tools, the enemies targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
To prevent a comparable attack from being successful in the future, Twitter said it will be “accelerating several of our pre-existing security workstreams and improvements to our tools” and also enhancing the techniques it uses to spot and stop improper access to its internal systems.
Update: In an announcement of its own, the Justice Department three individuals were in fact charged for their declared functions in the hack– not just the teenager in Tampa, but likewise 19-year-old Mason Sheppard, a.k.a. “Chaewon,” of the United Kingdom (accused of conspiracy to dedicate wire scams, conspiracy to devote money laundering and the intentional access of a safeguarded computer system) and 22-year-old Nima Fazeli, a.k.a. “Rolex,” of Orlando Florida (implicated of helping and abetting the intentional gain access to of a safeguarded computer), who are both dealing with charges in the Northern District of California.
” There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without repercussion,” stated U.S. Attorney David L. Anderson in a statement. “Todays charging statement shows that the elation of wicked hacking into a safe and secure environment for enjoyable or earnings will be short-term. Criminal conduct online may feel stealthy to the individuals who commit it, but there is nothing sneaky about it. In particular, I wish to state to potential transgressors, break the law, and we will discover you.”
As we reported at the time, the hack utilized Twitters own internal administrative tool to gain access to prominent accounts. An effective attack required the assailants to obtain access to both our internal network as well as specific employee qualifications that granted them access to our internal support tools. Utilizing the qualifications of workers with access to these tools, the enemies targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
” There is an incorrect belief within the criminal hacker community that assaults like the Twitter hack can be perpetrated anonymously and without consequence,” stated U.S. Attorney David L. Anderson in a declaration.