A 17 year-old has been arrested in Tampa, Florida and is accused of being the lead actor behind the Twitter cryptocurrency hack.
Hillsborough, Florida has filed 30 felony charges against Graham Clark, in connection with the July 15 Twitter attack. That attack resulted in dozens of high-profile Twitter accounts, including Apple's, to post a scam asking for a Bitcoin deposit, that the post alleged would then be doubled.
According to State Attorney Andrew Warren, the hack and messages resulted in over $100,000 in Bitcoin transferred to an account held by the teen.
"I want to congratulate our federal law enforcement partners - the US Attorney's Office for the Northern District of California, the FBI, the IRS, and the Secret Service - as well as the Florida Department of Law enforcement," State Attorney Warren said in a statement to WFLA. "They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,"
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
— Twitter Comms (@TwitterComms) July 31, 2020
For the latest, see here https://t.co/kHty8TXaly
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet on Thursday. "By obtaining employee credentials, they were able to target specific employees who had access to our account support tools."
Clark allegedly used Twitter's admin privileges to bypass two-factor authentication protections on accounts. The attacker then changed the email and passwords of exploited accounts accounts.
Beyond the statement, on Thursday, Twitter provided additional information about the attack, again saying a total of 130 Twitter accounts were targeted in the operation. Tweets were sent out from 45 accounts, including Apple, Elon Musk and Jeff Bezos.
In addition to the Tweets asking for the Bitcoin, the direct message inboxes of 36 accounts, still not yet named, were accessed. Undisclosed "Twitter Data" from seven accounts was also downloaded, Twitter says.
28 Comments
In other news, the NSA would like to welcome its newest intern, umm, Clark Graham, to the team.
This kid needs to be fined at least double what he stole and put in jail for a very significant amount of time as a warning to others (maybe out when he’s 30, if he’s good), with lifetime restrictions on financial and internet access. I doubt any of that will happen, so we’ll be revisiting either him or people like him again and again.
Strong financial disincentives and lengthy jail terms worked very effectively to cut down on drunk driving. I think they would be equally effective on financial hacking and scams of this nature.
So how‘d they track him down?
Okay, so Twitter has admitted that this kid and his cronies used social engineering to acquire top level credentials. It would appear, then, that this cadre is not composed of genius hackers able to take down whatever they want and should be hired instead of incarcerated. They are common thieves who, through trickery and persistence, got IDs and Passwords to pull off their thievery.
Throw the book at them, especially the 17 year old who is being tried as an adult. Serious prison time to make an example out him. According to other articles the FBI had been watching this guy before the Twitter intrusion and had already confiscated $700,000.00 in bit coins.
I'm sure that Oswald was equally guilty.