Live Updates: COVID-19 Cases
  • World 21,160,149
    World
    Confirmed: 21,160,149
    Active: 6,420,042
    Recovered: 13,980,941
    Death: 759,166
  • USA 5,426,481
    USA
    Confirmed: 5,426,481
    Active: 2,411,338
    Recovered: 2,844,451
    Death: 170,692
  • Brazil 3,229,621
    Brazil
    Confirmed: 3,229,621
    Active: 767,417
    Recovered: 2,356,640
    Death: 105,564
  • India 2,506,247
    India
    Confirmed: 2,506,247
    Active: 686,677
    Recovered: 1,770,682
    Death: 48,888
  • Russia 912,823
    Russia
    Confirmed: 912,823
    Active: 174,361
    Recovered: 722,964
    Death: 15,498
  • South Africa 572,865
    South Africa
    Confirmed: 572,865
    Active: 123,978
    Recovered: 437,617
    Death: 11,270
  • Peru 507,996
    Peru
    Confirmed: 507,996
    Active: 134,342
    Recovered: 348,006
    Death: 25,648
  • Mexico 505,751
    Mexico
    Confirmed: 505,751
    Active: 108,951
    Recovered: 341,507
    Death: 55,293
  • Chile 380,034
    Chile
    Confirmed: 380,034
    Active: 16,604
    Recovered: 353,131
    Death: 10,299
  • Spain 355,856
    Spain
    Confirmed: 355,856
    Active: 327,251
    Recovered: ?
    Death: 28,605
  • Iran 338,825
    Iran
    Confirmed: 338,825
    Active: 25,683
    Recovered: 293,811
    Death: 19,331
  • UK 313,798
    UK
    Confirmed: 313,798
    Active: 272,451
    Recovered: ?
    Death: 41,347
  • Saudi Arabia 295,902
    Saudi Arabia
    Confirmed: 295,902
    Active: 29,605
    Recovered: 262,959
    Death: 3,338
  • Pakistan 287,300
    Pakistan
    Confirmed: 287,300
    Active: 15,932
    Recovered: 265,215
    Death: 6,153
  • Bangladesh 271,881
    Bangladesh
    Confirmed: 271,881
    Active: 111,667
    Recovered: 156,623
    Death: 3,591
  • Italy 252,235
    Italy
    Confirmed: 252,235
    Active: 14,081
    Recovered: 202,923
    Death: 35,231
  • Turkey 245,635
    Turkey
    Confirmed: 245,635
    Active: 11,666
    Recovered: 228,057
    Death: 5,912
  • Germany 222,487
    Germany
    Confirmed: 222,487
    Active: 12,404
    Recovered: 200,800
    Death: 9,283
  • France 209,365
    France
    Confirmed: 209,365
    Active: 95,505
    Recovered: 83,472
    Death: 30,388
  • Canada 121,234
    Canada
    Confirmed: 121,234
    Active: 4,666
    Recovered: 107,553
    Death: 9,015
  • China 84,786
    China
    Confirmed: 84,786
    Active: 690
    Recovered: 79,462
    Death: 4,634
  • Netherlands 61,840
    Netherlands
    Confirmed: 61,840
    Active: 55,673
    Recovered: ?
    Death: 6,167
  • Australia 22,743
    Australia
    Confirmed: 22,743
    Active: 9,018
    Recovered: 13,350
    Death: 375
  • S. Korea 14,873
    S. Korea
    Confirmed: 14,873
    Active: 705
    Recovered: 13,863
    Death: 305
  • New Zealand 1,602
    New Zealand
    Confirmed: 1,602
    Active: 49
    Recovered: 1,531
    Death: 22

Florida teen arrested as mastermind of Twitter hack

Author at TechGenyz Twitter
Twitter Hack
The Photograph Represents Twitter Hack. Credit: @johnmorganFL/Twitter

A Florida teen was identified Friday as the mastermind of a scheme earlier this month that commandeered Twitter accounts of prominent politicians, celebrities, and technology moguls and scammed people around the globe out of more than 100,000 in Bitcoin. Two other men were also charged in the case.

Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a news release.

Two men accused of benefiting from the hack – Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando – were charged separately in California federal court.

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send 2,000 for every 1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.

Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as Kirk and said he could reset, swap and control any Twitter account at will in exchange for cyber currency payments, claiming to be a Twitter employee.

The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.

Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from a small number of Twitter employees “to gain access to our internal systems. Spear-phishing uses email or other messaging to deceive people into sharing access credentials.

There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence, U.S. Attorney David L. Anderson for the Northern District of California said in a news release.

The evidence suggests, however, that those responsible did a poor job indeed of covering their tracks. The court documents released Friday show how federal agents tracked down the hackers through Bitcoin transactions and by obtaining records of their online chats.

Although the case was investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren said his office is prosecuting Clark in state court because Florida law allows minors to be charged as adults in financial fraud cases when appropriate. He called Clark the leader of the hacking scam.

This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here, Warren said.

Security experts were not surprised that the alleged mastermind is a 17-year-old, given the relatively amateurish nature of both the operation and how participants discussed it with New York Times reporters afterward.

This is a great case study showing how technology democratizes the ability to commit serious criminal acts, said Jake Williams, founder of the cybersecurity firm Rendition Infosec.

There wasn’t a ton of development that went into this attack. Williams said the hackers were extremely sloppy in how they moved the Bitcoin around. It did not appear they used any services that make cryptocurrency difficult to trace by tumbling transactions of multiple users, a technique akin to money laundering, he said.

He also said he was conflicted about whether Clark should be charged as an adult.

He definitely deserves to pay (for jumping on the opportunity) but potentially serving decades in prison doesn’t seem like justice in this case, Williams said.

The hack targeted 130 accounts with tweets being sent from 45 accounts, obtained access to the direct message inboxes of 36, and downloaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.

Court papers suggest Fazeli and Sheppard got involved in the scheme after Clark dangled the possibility of obtaining so-called OG Twitter handles, short account names that due to their brevity are highly prized and considered status symbols in a certain milieu. They said Sheppard purchased @anxious and Faceli wanted @foreign.

Internal Revenue Service investigators in Washington, D.C., identified two of the defendants by analyzing Bitcoin transactions on the blockchain – the universal ledger that records Bitcoin transactions – that they had sought to make anonymous, federal prosecutors said.

Marcus Hutchins, the 26-year-old British cybersecurity expert credited with helping stop the WannaCry computer virus in 2017, said the skillset involved in the actual hack was nothing special.

I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens, added Hutchins, who pleaded guilty last year to creating malware designed to steal banking information and just completed a year’s supervised release.

British cybersecurity analyst Graham Cluley said his guess was that the targeted Twitter employees got a message to call what they thought was an authorized help desk and were persuaded by the hacker to provide their credentials.

Career

Subscribe