A 17-year-old boy from Florida has been charged and put under arrest for carrying out what could be the biggest security hack in Twitter’s history on July 15, affecting verified profiles and using them for phishing in a bitcoin scam. The Florida boy named Graham Clark is charged with over 30 felonies, by the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), US Secret Service, and Florida state law enforcement body. He is also believed to be the mastermind behind the Twitter breach, in which he took over the verified accounts of Elon Musk, Bill Gates, Joe Biden, Kanye West, and Apple among 130 accounts. While initially, it was only Clark who was found guilty, a further investigation later revealed at least three more people were involved.
The US Department of Justice arrested 22-year-old Nima Fazeli from Orlando and 19-year-old Mason Shepphard from the United Kingdom, and an unidentified minor from California who admitted to having aided Shepphard in selling access to Twitter accounts. The two identified individuals go by “Rolex” and “Chaewon” as their hacker aliases. However, the federal agencies believe, basis the evidence they have procured, that Clark from Florida had to more in the colossal security breach that forced Twitter to suspend verified profiles of famous people briefly. According to agents, Clark had gained access to the internal tool of Twitter by tricking one of the company’s IT department employees into giving him confidential credentials.
Here is a part of what the affidavit released by the authorities collectively said:
Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if Bitcoins are sent to accounts they will be doubled and returned to the victim.
The affidavit has also mentioned that Clarke got an approximate amount of $117,000 (roughly Rs 87.6 lakh) from the bitcoin scam by defrauding the followers of the people whose verified profiles were hacked.
Chaewon, or Shepphard from the UK, left his trails, which helped the US authorities to trace him. According to the federal agencies working the case, Chaewon used his driver’s license for verification on the Binance and Coinbase cryptocurrency exchanges, which were used to trade bitcoins from the scam. Rolex was no different either for he also registered on Coinbase and verified his account using a driver’s licence. He received payments in bitcoin for selling stolen Twitter credentials. Both Chaewon and Rolex are charged with $250,000 (roughly Rs 1.87 crore) fine in the US but other consequences are different. Chaewon has been charged with computer intrusion, wire fraud conspiracy, money laundering conspiracy, and a 20-year jail term for the most serious crime. Rolex is charged only with computer intrusion, the fine for which is his punitive consequence.
Twitter has acknowledged the arrests made by the US authorities and revealed more data on how the breach affected the users and what data was stolen if it was. According to the US-based social media giant, 130 accounts were targeted by the breach using the internal tools, 45 of which were bypassed by the hackers and their passwords were reset. These 45 accounts were then used to send scamming tweets to the followers of the profiles. 36 accounts had their DMs accessed by the hackers while 8 of them had their Twitter archived and downloaded. Twitter says these 8 accounts were not the verified ones but has not disclosed if such an action will be consequential to the privacy of the individuals who owned these accounts.
The Jack Dorsey-led company also stated measures the company will take in the future, including restoring the accounts who are still locked out, continuing with the investigation internally and with the cooperation of law enforcement, securing the systems further to prevent such hacks in future, and introducing a company-wide training of employees on ongoing phishing and other “social engineering tactics” used by hackers to prevent themselves from being falling prey to them.