On 15th July, the Twitter accounts of numerous major companies and high profile individuals were compromised. The unprecedented hacks of accounts include former President Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Joe Biden, Kanye West, Michael Bloomberg, and Apple. The compromised accounts were then used to promote cryptocurrency (Bitcoin), which earned the attackers $120,000. These scam tweets which were part of the hack claimed to double the bitcoin amount when sent to a certain wallet address, only for a limited time.
On account of the above events, on Friday, July, 31, authorities have charged three men, a 19-year-old British from Bognor Regis, a 22-year-old from Orlando, Florida, and a teenager from Tampa, Florida.
The Hillsborough state attorney’s office will lead legal proceedings against the case of 17 years old. He faces 30 felony charges, according to a news release. Regardless, the FBI and the US Department of Justice are also investigating the case.
His 22-year-old accomplice, Nima Fazeli, was charged with aiding and abetting the intentional access of a guarded computer.
And 19-year-old, Mason Sheppard, who went by the name Chaewon, was arrested in the United Kingdom and charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
The Florida teen was the mastermind behind the massive hack, which did not come as a surprise given the inexperienced nature both of the operation and the hackers’ willingness to discuss the hack with reporters online.
“I’m not terribly surprised that at least one of the suspects is a minor. There wasn’t a ton of development that went into this attack,” said Jake Williams, the founder of the cybersecurity firm Rendition Infosec. William further added the hackers were “extremely sloppy” in how they moved the Bitcoin around.
IRS investigators were able to recognize two of the hackers by analyzing bitcoin transactions, including ones the hackers attempted to keep anonymous, federal prosecutors said.
Attorney Andrew Warren said, “He compromised the security of a Twitter employee, which allowed him to gain access to that accounts and controls, and that gave him access to whatever Twitter account he wanted, he was then selling access to those accounts.”
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
According to Twitter, the hackers used a phone spear-phishing attack to target Twitter employees. After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
According to Twitter, approximately 130 accounts were targeted, out of which, the attackers acquired control for a small subset of 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. The Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
— Twitter Support (@TwitterSupport) July 31, 2020
Twitter may have a small audience base, but it disproportionately has a great influence on the media, investors, and policymakers. It’s where news breaks, CEOs make official announcements, and US presidents sometimes declare new policies. And if anything goes wrong with the platform so influential, the results could have been disruptive. It is not the first time that privacy was compromised, with Twitter. But this is certainly marked as one of the most widespread and confounding breaches the platform has ever seen.
In light of the current event, the questions which arise in front of us are, Can we rely on these platforms? How much secure our data or personalize information really is?