Investigations, analysis and multiple Intel collection involving the biggest Bitcoin heist in history doesn’t seem to be abating any day as information reveals three individuals as well as a 17 year-old boy were all perpetrators of the Twitter hack.
After Twitter on Thursday confirmed through its Security account notes that it was a phone spear-phishing attack that led to the hacking of tens of high-profile accounts luring users to invest in bitcoin currency, it seems the rebels are beginning to show up or rather found out.
A 17-year-old boy from Florida has been charged and put under arrest for carrying out what could be the biggest security hack in Twitter’s history on July 15, affecting verified profiles and using them for phishing in a bitcoin scam. The Florida boy named Graham Clark is charged with over 30 felonies, by the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), US Secret Service, and Florida state law enforcement body.
What were you doing at 17?
Little boy Clark is believed to be the mastermind behind the Twitter breach and attack carried out on July 15, 2020, in which he took over the verified accounts of Elon Musk, Bill Gates, Joe Biden, Kanye West, and Apple among 130 accounts. While initially, it was only Clark who was found guilty, a further investigation later revealed at least three more people were involved.
The US Department of Justice arrested 22-year-old Nima Fazeli from Orlando and 19-year-old Mason Shepphard from the United Kingdom, and an unidentified minor from California who admitted to having aided Shepphard in selling access to Twitter accounts. The two identified individuals go by “Rolex” and “Chaewon” as their hacker aliases. However, the federal agencies believe, basis the evidence they have procured, that Clark from Florida had to more in the colossal security breach that forced Twitter to suspend verified profiles of famous people briefly.
How could Clark and co. have done this?
According to agents, Clark is said to had gained access to the internal tool of Twitter by tricking one of the company’s IT department employees into giving him confidential credentials probably through social distancing engineering.
Now before you get on my heels, I’m no Master Graham Clark but I know some about at social engineering and phishing.
Social engineering is basically the skill of the mind through which hackers manipulate people into giving out critical information. They may or may not have access to the company’s codes. Phishing is a part of social engineering.
So, three Under-23 individuals accurately did an SE on Twitter staffs old enough to be their parents?? Right
According to an affidavit released by the authorities, Clarke got an approximate amount of $117,000 (roughly NGN 46.6million) from the bitcoin scam by defrauding the followers of the people whose verified profiles were hacked.
But they were found out, finally…
There’s the popular saying, “You hang around a barbershop, sooner or later you gonna get a haircut”, so, Clark and his compatriots knew a bunch about breaking through security firewalls but not securing their trails themselves.
Chaewon, or Shepphard from the UK, left his trails, which helped the US authorities to trace him. According to the federal agencies working the case, Chaewon used his driver’s license for verification on the Binance and Coinbase cryptocurrency exchanges, which were used to trade bitcoins from the scam.
Fazeli aka Rolex was no different either for he also registered on Coinbase and verified his account using a driver’s licence. He received payments in bitcoin for selling stolen Twitter credentials.
Both Chaewon and Rolex are charged with $250,000 (roughly Rs 1.87 crore) fine in the US but other consequences are different. Chaewon has been charged with computer intrusion, wire fraud conspiracy, money laundering conspiracy, and a 20-year jail term for the most serious crime. Rolex is charged only with computer intrusion, the fine for which is his punitive consequence.
What has Twitter done or doing so far?
Well, pretty much a bunch at least. Twitter has acknowledged the arrests made by the US authorities and revealed more data on how the breach affected the users and what data was stolen if it was.
According to the US-based social media giant, the breach carried out on July 15, 2020 targeted 130 accounts using the internal tools, 45 of which were bypassed by the hackers and their passwords were reset. These 45 accounts were then used to send scamming tweets to the followers of the profiles. 36 accounts had their DMs accessed by the hackers while 8 of them had their Twitter archived and downloaded.
Twitter says these 8 accounts were not the verified ones but has not disclosed if such an action will be consequential to the privacy of the individuals who owned these accounts.
Moreover, the Jack Dorsey-led company has also stated measures the company will take in the future, including restoring the accounts who are still locked out, continuing with the investigation internally and with the cooperation of law enforcement, securing the systems further to prevent such hacks in future.
Also, it expects to introduce a company-wide training of employees on ongoing phishing and other “social engineering tactics” used by hackers to prevent themselves from being falling prey to them.
Originally Posted On NaijaTechGuy
No comments:
Post a Comment