3 charged in high-pro­file Twit­ter hack, Bit­coin scam

Baltimore Sun - - NATION & WORLD -

MIAMI — A Bri­tish man, a Florida man and a Florida teen hacked the Twit­ter ac­counts of prom­i­nent politi­cians, celebri­ties and tech­nol­ogy moguls to scam peo­ple around globe out of more than $100,000 in Bit­coin, au­thor­i­ties said Fri­day.

Gra­ham Ivan Clark, 17, was ar­rested Fri­day in Tampa, where the Hills­bor­ough State At­tor­ney’s Of­fice will pros­e­cute him as adult. He faces 30 felony charges, ac­cord­ing to a news re­lease. Mason Shep­pard, 19, of Bog­nor Regis, Eng­land, and Nima Fazeli, 22, of Or­lando, were charged in Cal­i­for­nia fed­eral court.

In one of the most high-pro­file se­cu­rity breaches in re­cent years, hack­ers sent out bo­gus tweets on July 15 from the ac­counts of for­mer Pres­i­dent Barack Obama, for­mer Vice Pres­i­dent Joe Bi­den, for­mer New York Mayor Mike Bloomberg and a num­ber of tech bil­lion­aires in­clud­ing Ama­zon CEOJ­eff Be­zos, Mi­crosoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebri­ties Kanye West and his wife, Kim Kar­dashian West, were also hacked.

The tweets of­fered to send $2,000 for every $1,000 sent to an anony­mous Bit­coin ad­dress.

“There is a false be­lief within the crim­i­nal hacker com­mu­nity that at­tacks like the Twit­ter hack can be per­pe­trated anony­mously and with­out con­se­quence,” U.S. At­tor­ney David An­der­son for the North­ern District of Cal­i­for­nia said in a news re­lease. “To­day’s charg­ing an­nounce­ment demon­strates that the ela­tion of ne­far­i­ous hack­ing into a se­cure en­vi­ron­ment for fun or profit will be short-lived.”

Although the case against the teen was also in­ves­ti­gated by the FBI and the U.S. De­part­ment of Jus­tice, Hills­bor­ough State At­tor­ney An­drew War­ren ex­plained that his of­fice is prose­cut­ing Clark in Florida state court be­cause state law al­lows mi­nors to be charged as adults in fi­nan­cial fraud cases when ap­pro­pri­ate.

“This de­fen­dant lives here in Tampa, he com­mit­ted the crime here, and he’ll be pros­e­cuted here,” War­ren said.

Twit­ter pre­vi­ously said hack­ers used the phone to fool the so­cial me­dia com­pany’s em­ploy­ees into giv­ing them ac­cess. It said hack­ers tar­geted “a small num­ber of em­ploy­ees through a phone spear-phish­ing at­tack.”

“This at­tack re­lied on a sig­nif­i­cant and con­certed at­tempt to mis­lead cer­tain em­ploy­ees and ex­ploit hu­man vul­ner­a­bil­i­ties to gain ac­cess to our in­ter­nal sys­tems,” the com­pany tweeted.

Af­ter steal­ing em­ployee cre­den­tials and get­ting into Twit­ter’s sys­tems, the hack­ers were able to tar­get other em­ploy­ees who­had ac­cess to ac­count sup­port tools, the com­pany said.

The hack­ers tar­geted 130 ac­counts. They man­aged to tweet from 45 ac­counts, ac­cess the di­rect mes­sage in­boxes of 36, and down­load the Twit­ter data from seven. Dutch anti-Is­lam law­maker Geert Wilders has said his in­box was among those ac­cessed.

Spear-phish­ing is a more tar­geted ver­sion of phish­ing, an im­per­son­ation scam that uses email or other elec­tronic com­mu­ni­ca­tions to de­ceive re­cip­i­ents into hand­ing over sen­si­tive in­for­ma­tion.

The com­pany has pre­vi­ously said the in­ci­dent was a “co­or­di­nated so­cial en­gi­neer­ing at­tack” that tar­geted some of its em­ploy­ees with ac­cess to in­ter­nal sys­tems and tools. It didn’t pro­vide any more in­for­ma­tion about how the at­tack was car­ried out, but de­tails re­leased so far sug­gest the hack­ers started by us­ing the old-fash­ioned method of talk­ing their way past se­cu­rity.

Bri­tish cy­ber­se­cu­rity an­a­lyst Gra­ham Clu­ley said his guess was that a tar­geted Twit­ter em­ployee or con­trac­tor re­ceived a mes­sage by phone ask­ing them to call a num­ber.

“When the worker called the num­ber they might have been taken to a con­vinc­ing (but fake) help desk op­er­a­tor, who was then able to use so­cial en­gi­neer­ing tech­niques to trick the in­tended vic­tim into hand­ing over their cre­den­tials,” Clulely wrote Fri­day on his blog.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.