US teen charged as ‘mastermind’ in epic Twitter hack


Criminal charges were filed on Friday against the suspected teenage mastermind of an epic Twitter hack and two others who allegedly helped hijack celebrity accounts to swindle people out of more than $100,000 in a cryptocurrency scheme.

Prosecutors in Florida said they filed 30 felony counts against
17-year-old resident of the state identified as the “mastermind” of the
cyberattack. He was arrested in Tampa, Hillsborough State Attorney
Andrew Warren said.

Separately, the US Attorney’s Office in San Francisco announced
charges against three people, one of them from Britain, for roles in the
mid-July cyberattack that rocked Twitter.

US officials said 19-year-old Mason “Chaewon” Sheppard of Britain
along with Nima Fazeli, 22, of Florida face criminal charges in the
case.

Details about the third individual were not released by US officials
because he is a minor, but it appeared  they were referring to the
Florida teenager being prosecuted as adult in that state.

The attack on Twitter involved a combination of “technical breaches
and social engineering” that let hackers hijack accounts of politicians,
celebrities, and musicians, according to federal prosecutors.

Follow the money

The three defendants are
accused of hacking Twitter accounts, creating a scam Bitcoin account,
and sending out imposter tweets from hijacked account offering to double
 Bitcoin cryptocurrency deposits.

“This case serves as a great example of how following the money,
international collaboration, and public-private partnerships can work to
successfully take down a perceived anonymous criminal enterprise,” said
criminal investigation special agent Kelly Jackson of the Internal
Revenue Service.

The attack which Twitter said resulted from a “phone spear phishing”
attack enabled hackers to take control of accounts of famous people such
as Bill Gates, Elon Musk and former US president Barack Obama and dupe
people into sending Bitcoin.

“These crimes were perpetrated using the names of famous people and
celebrities, but they’re not the primary victims here,” Warren said in a
release.

“This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country.”

Scamming by phone

Hackers who accessed
dozens of high-profile Twitter accounts in mid-July gained access to the
system with an attack that tricked a handful of employees into giving
up their credentials, according to a company update.

Twitter said this week that the July 15 incident by Bitcoin scammers
stemmed from a “spear phishing” attack which deceived employees about
the origin of the messages.

The hackers “targeted a small number of employees through a phone
spear phishing attack,” according to a Twitter Support statement.

“This attack relied on a significant and concerted attempt to mislead
certain employees and exploit human vulnerabilities to gain access to
our internal systems.”

Twitter said that following the incident it has “significantly
limited access to our internal tools and systems” and is taking
additional steps to tighten security.

The massive hack of high-profile users from Elon Musk to Joe Biden
affected at least 130 accounts, with tweets posted by the usurpers
duping people into sending Bitcoin to accounts that Warren said were
associated with Clark.

The official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and others were also affected.

Faked tweets were sent from 45 accounts, according to Twitter, and
the hackers accessed private messages of 36 and downloaded Twitter data
from seven.

The incident has raised concerns about the security of the platform
increasingly used for conversations on politics and public affairs.

John Dickson of the security firm Denim Group said the latest
disclosure did not necessarily suggest a sophisticated attack from a
nation-state and noted it may have been possible to find targets through
research on LinkedIn or Google.

“This is like the original hackers from the 1980s and 1990s; they
were very good at conning people and getting them to give their
credentials,” Dickson said.



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *