The attack targeted the accounts of famous people such as Bill Gates, Elon Musk and Barack Obama.
Strong points
- 17-year-old boy, identified for having “orchestrated” the hacking: the police
- Teenager arrested in Tampa, Hillsborough
- Cyber attack allowed hackers to take control of top Twitter profiles
Miami:
Criminal charges were filed Friday against the alleged teenage mastermind of an epic Twitter hack and two others who allegedly helped hijack celebrity accounts to defraud people over $ 100,000 in a cryptocurrency scheme.
Florida prosecutors said they have filed 30 charges against a 17-year-old state resident identified as the “mastermind” of the cyberattack. He was arrested in Tampa, Hillsborough State Attorney Andrew Warren said.
Separately, the U.S. Attorney’s Office in San Francisco has announced charges against three people, including a British woman, for roles in the mid-July cyberattack that rocked Twitter.
US officials have said Mason “Chaewon” Sheppard, 19, of Great Britain and Nima Fazeli, 22, of Florida, face criminal charges in the case.
Details of the third individual were not disclosed by U.S. officials because he is a minor, but it appears they referred to the Florida teenager being sued as an adult in that state.
The Twitter attack involved a combination of “technical and social engineering breaches” that allowed hackers to hijack the accounts of politicians, celebrities and musicians, according to federal prosecutors.
Follow the money
The three defendants are charged with hacking Twitter accounts, creating a fraudulent Bitcoin account and sending impostor tweets from a hacked account offering to double Bitcoin cryptocurrency deposits.
“This case is a prime example of how money tracking, international collaboration, and public-private partnerships can work to end a criminal enterprise perceived to be anonymous,” said Kelly Jackson, Special Agent for Internal Revenue Service criminal investigation.
The attack, which Twitter said was the result of a “phone phishing” attack, allowed hackers to take over the accounts of famous people such as Bill Gates, Elon Musk and former US President Barack Obama and dupe people to send bitcoin.
“These crimes were perpetrated using the names of famous people and celebrities, but they are not the primary victims here,” Warren said in a statement.
“This ‘Bit-Con’ was designed to steal money from ordinary Americans across the country.”
Phone scam
Hackers who accessed dozens of high-profile Twitter accounts in mid-July gained access to the system thanks to an attack that caused a handful of employees to give up their credentials, according to an update of the company.
Twitter said this week that the July 15 incident by Bitcoin fraudsters stemmed from a spear phishing attack that deceived employees as to the origin of the messages.
The hackers “targeted a small number of employees via a phone phishing attack,” according to a statement from Twitter Support.
“This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”
Twitter said that following the incident, it “severely restricted access to our internal tools and systems” and is taking additional measures to strengthen security.
The massive hacking of high profile users, from Elon Musk to Joe Biden, affected at least 130 accounts, with tweets posted by the spoofers that tricked people into sending Bitcoin to accounts Warren said were associated with Clark.
Official accounts from Apple, Uber, Kanye West, Bill Gates, Barack Obama and others have also been affected.
Fake tweets were sent from 45 accounts, according to Twitter, and hackers accessed private messages in 36 and downloaded Twitter data in seven.
The incident raised concerns about the security of the platform increasingly used for political and public affairs conversations.
John Dickson of security firm Denim Group said the latest disclosure did not necessarily suggest a sophisticated nation-state attack and noted that it may have been possible to find targets through searches on LinkedIn or Google.
“It’s like the original hackers of the 1980s and 1990s; they were very good at scamming people and getting them to give out their credentials,” Dickson said.
(Except for the title, this story was not edited by GalacticGaming staff and is posted from a syndicated feed.)
