Three of the alleged perpetrators behind the July 16 Twitter hack have now been identified and charged, say prosecutors. Of the three identified by an Federal Bureau of Investigation and Department of Justice investigation, one — the alleged mastermind behind the attack — has been arrested.
In case you need a quick refresher, on July 16 someone seized control of several prominent Twitter accounts and tweeted a Bitcoin wallet address, promising to give anyone who sent money to it double the amount. Needless to say, that didn’t happen. The compromised accounts include Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kim Kardashian, Apple, and Uber. According to Twitter, which updated its security post about the incident, the hackers targeted 130 accounts and tweeted from 45 of them. They also apparently downloaded the data of seven accounts.
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
For the latest, see here ? https://t.co/kHty8TXaly
— Twitter Comms (@TwitterComms) July 31, 2020
Overall, the Twitter hack has been attributed to three people: Mason Sheppard, a 19-year-old in the UK; Nima Fazeli, a 22-year-old in Orlando; and a 17-year-old in Florida whose name we won’t use due to his age. The 17-year-old is described by prosecutors as the primary instigator of this attack. He was arrested in his Tampa, Florida home today. Fazeli and Sheppard are being charged separately by the US Attorney’s office in the Northern district of California.
The 17-year-old is being charged specifically with 30 felonies, including various different kinds of fraud. In addition to scamming everyone out of money — he allegedly collected nearly $120,000 from the hack — he also apparently sold access to some of the accounts. According to Florida state officials, he’s being charged as an adult. According to the New York Times, Fazeli and Sheppard acted as brokers of the stolen accounts.
Twitter later revealed that the hack was done via “social engineering,” and something called a phone spear phishing attack. Essentially, they targeted employees by pretending to be trusted coworkers, and gained access to their accounts. As Twitter puts it: “…the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.”
Hillsborough County state attorney Andrew Warren said the people who sent money are the real victims: “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency — it’s fraud, it’s illegal, and you won’t get away with it.”