Spear Phishing Used in Twitter Hack: Three Individuals Charged

In July 2020, Twitter was hacked and hackers temporarily took control of several high-profile Twitter accounts with millions of followers. The accounts were used to send Tweets as part of a Bitcoin scam, announcing that if Bitcoin was transferred, the payment would be sent back at double the amount sent. Approximately $120,000 in Bitcoin was sent to the Bitcoin wallets used by the scammers.

The Twitter accounts of Elon Musk, Bill Gates, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Apple, Bitcoin, Uber, and many more were hijacked. In total 130 Twitter accounts were hijacked, 45 Tweets were sent, the DM inboxes of 36 accounts were accessed, and data was downloaded from 7 accounts.

Twitter recently announced that spear phishing emails were sent to several members of staff, and while not all of those individuals had permissions to use its account management tools, their credentials were used by the attackers to access internal systems and information about its internal processes.

The individuals involved had conducted a coordinated social engineering attack on individuals with access to internal tools that allowed the accounts of its users to be accessed. Twitter had severely restricted access to those tools, which are used for a range of support issues. Twitter explained that steps are being taken to improve security, including reassessing the access tools it uses to make them more sophisticated and secure.

While Twitter was investigating, the law enforcement investigation was also progressing. The FBI, IRS, US Secret Service, US Attorney’s Office for the Northern District of California, and the Florida Department of Law Enforcement all assisted with the investigation to find those responsible for the attack and bring them to justice.

The Department of Justice and Andrew H. Warren, State Attorney for the Thirteenth Judicial Circuit, recently announced that three individuals have now been charged in connection with the attack.

The individual believed to be the orchestrator of the attack is Graham Clark, 17, from Tampa, FL. Clark is being prosecuted by the Florida Department of Law Enforcement over his role in the attack as, under Florida law, he can be charged as an adult since this is a financial fraud case. Under federal law, he could only be charged as a minor. Clark was arrested and charged on Friday, July 31, 2020.

Clark is alleged to have illegally gained access to several Twitter accounts, through which he accessed internal support tools. He is alleged to have sold access to those accounts to third parties and later used the accounts for a Bitcoin scam.

Nima Fazeli, a.k.a. “Rolex,” 22, of Orlando and Mason Sheppard, aka. “Chaewon”, 19, of Bognor Regis, United Kingdom were also indicted for their role in the attack.

30 felony counts have been filed against Graham Clark, including one count of organized fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, one count of access to computer or electronic device without authority, 10 counts of fraudulent use of personal information, and 17 counts of communications fraud.

Mason Sheppard has been charged with intentionally accessing a protected computer and conspiracy to commit wire fraud and money laundering. Sheppard faces up to 20 years in jail for the most serious crime, up to a maximum of 45 years in jail in total and a maximum fine of $250,000. Nima Fazeli has been charged with aiding and abetting the intentional accessing of a protected computer and faces up to 5 years in jail and a maximum $250,000 fine.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said US Attorney David L. Anderson. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news