Teenager arrested for masterminding Twitter hack
A 17 year-old has been arrested in Tampa, Florida and is accused of being the lead actor behind the Twitter cryptocurrency hack.
Hillsborough, Florida has filed 30 felony charges against Graham Clark, in connection with the July 15 Twitter attack. That attack resulted in dozens of high-profile Twitter accounts, including Apple's, to post a scam asking for a Bitcoin deposit, that the post alleged would then be doubled.
According to State Attorney Andrew Warren, the hack and messages resulted in over $100,000 in Bitcoin transferred to an account held by the teen.
"I want to congratulate our federal law enforcement partners - the US Attorney's Office for the Northern District of California, the FBI, the IRS, and the Secret Service - as well as the Florida Department of Law enforcement," State Attorney Warren said in a statement to WFLA. "They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,"
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet on Thursday. "By obtaining employee credentials, they were able to target specific employees who had access to our account support tools."
Clark allegedly used Twitter's admin privileges to bypass two-factor authentication protections on accounts. The attacker then changed the email and passwords of exploited accounts accounts.
Beyond the statement, on Thursday, Twitter provided additional information about the attack, again saying a total of 130 Twitter accounts were targeted in the operation. Tweets were sent out from 45 accounts, including Apple, Elon Musk and Jeff Bezos.
In addition to the Tweets asking for the Bitcoin, the direct message inboxes of 36 accounts, still not yet named, were accessed. Undisclosed "Twitter Data" from seven accounts was also downloaded, Twitter says.
Hillsborough, Florida has filed 30 felony charges against Graham Clark, in connection with the July 15 Twitter attack. That attack resulted in dozens of high-profile Twitter accounts, including Apple's, to post a scam asking for a Bitcoin deposit, that the post alleged would then be doubled.
According to State Attorney Andrew Warren, the hack and messages resulted in over $100,000 in Bitcoin transferred to an account held by the teen.
"I want to congratulate our federal law enforcement partners - the US Attorney's Office for the Northern District of California, the FBI, the IRS, and the Secret Service - as well as the Florida Department of Law enforcement," State Attorney Warren said in a statement to WFLA. "They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,"
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
For the latest, see here https://t.co/kHty8TXaly-- Twitter Comms (@TwitterComms)
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet on Thursday. "By obtaining employee credentials, they were able to target specific employees who had access to our account support tools."
Clark allegedly used Twitter's admin privileges to bypass two-factor authentication protections on accounts. The attacker then changed the email and passwords of exploited accounts accounts.
Beyond the statement, on Thursday, Twitter provided additional information about the attack, again saying a total of 130 Twitter accounts were targeted in the operation. Tweets were sent out from 45 accounts, including Apple, Elon Musk and Jeff Bezos.
In addition to the Tweets asking for the Bitcoin, the direct message inboxes of 36 accounts, still not yet named, were accessed. Undisclosed "Twitter Data" from seven accounts was also downloaded, Twitter says.
Comments
Strong financial disincentives and lengthy jail terms worked very effectively to cut down on drunk driving. I think they would be equally effective on financial hacking and scams of this nature.
Throw the book at them, especially the 17 year old who is being tried as an adult. Serious prison time to make an example out him. According to other articles the FBI had been watching this guy before the Twitter intrusion and had already confiscated $700,000.00 in bit coins.
.... I doubt a first grader would fall for that.
And then, to quickly find their way through internal systems they had never seen before?
Probably by IP address to target his location and Twitter probably has a log as well.
Congratulations on demonstrating one of the major fails in the US justice system and the messed-up ideologies that make it what it is.