Authorities charged three men in a major Twitter breach this month that hacked the accounts of prominent politicians, celebrities and tech moguls to scam people around the world for more than $ 100,000 in bitcoin.
The suspects include a 19-year-old Briton from Bognor Regis, a 22-year-old man from Orlando, Fla., And a teenager from Tampa, Fla.
The 17-year-old boy was arrested in Tampa on Friday, authorities said, where the Hillsborough state attorney’s office will pursue the case. He faces 30 felony charges, according to a press release.
Two other people were arrested on Friday on charges related to hacking. Another accomplice, 22-year-old Nima Fazeli, has been accused of aiding and abetting intentional access to a protected computer.
A third suspect, 19-year-old Mason Sheppard, known online as ‘Chaewon’ has been arrested in the UK and charged with conspiracy to commit wire fraud, conspiracy to money laundering and intentional access to a computer.
On July 15, hackers took control of the accounts of top public and corporate figures, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.
The compromised accounts, which have tens of millions of followers, sent out a series of tweets proposing a classic Bitcoin scam: Subscribers were told that if they transferred cryptocurrency to a specific Bitcoin wallet, they would receive the double the money back.
The hack went on for several hours, and during its shutdown, Twitter blocked all verified accounts from tweeting – an unprecedented step.
Although the case against the Florida teenager has also been investigated by the FBI and the US Department of Justice, Hillsborough state attorney Andrew Warren explained that his office was suing the 17-year-old in state court because Florida law allows minors to be charged as adults in financial fraud cases like this, if at all. He added that the teenager was the boss of the hacking scam.
Security experts were not surprised that the alleged mastermind of the hack was a 17-year-old, given the relatively amateurish nature of the operation and the hackers’ willingness to discuss the hack with journalists online afterwards. . “I’m not very surprised that at least one of the suspects is a minor. There hasn’t been a lot of development in this attack, ”said Jake Williams, founder of cybersecurity firm Rendition Infosec.
Williams also said the hackers were “extremely sloppy” in the way they moved bitcoin.
Internal Revenue Service investigators were able to identify two of the hackers by analyzing Bitcoin transactions, including those the hackers attempted to keep anonymous, federal prosecutors said.
Twitter said on Thursday that the hackers used a phone-based “spear-phishing” attack to target Twitter employees. After stealing employee credentials and breaking into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
Spear phishing is a more targeted version of phishing, an identity theft scam that uses email or other electronic communications to trick recipients into transmitting sensitive information.
“This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
Hackers targeted 130 accounts and were able to tweet from 45 accounts, access direct message inboxes of 36, and download Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders said his inbox reception desk was among those consulted.