A Blog by Jonathan Low


Aug 1, 2020

Who Masterminded That Big Celebrity Twitter Hack? A 17 Year Old From Florida

Well of course he's 17 and from Florida; he's actually a little on the old side for this sort of prank, but that's definitely where chaos goes to hone its craft.

The other perps appear to have been a 22 year old (also from Florida) and a 19 year old Brit. The Russian, Chinese and Iranian security agencies are probably punishing selected members of their professional hacker corps for not thinking of this first. JL

Sara Morrison reports in Re/code:

Twitter says its employees were targeted by a “phone spear phishing attack. The attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools." Details from the charging documents show that finding the alleged hackers wasn’t a heavy lift for investigators. The details of the hack suggest that Twitter employees should have practiced better cyber hygiene.
A teenager in Florida allegedly played a major role in the massive Twitter hack earlier this month that commandeered some of the platform’s highest profile accounts, including Elon Musk’s and former President Barack Obama’s, to scam people out of about $120,000 in bitcoin.
Graham Ivan Clark, 17, was charged with 30 felonies related to the hack, according to a local news station in Tampa, Florida, where he lives. Though federal authorities led the investigation, Clark was charged by the state’s attorney because, state attorney Andrew H. Warren said, Florida law makes it easier for Clark to be tried as an adult.
Two adults — Mason John Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida — were also charged by the Department of Justice with felonies related to the hack. Sheppard was charged with three felonies, and Fazeli was charged with one. There may be more arrests to come; the charging documents say an as-yet-unidentified hacker named “Kirk” “played a central role.” This is consistent with TechCrunch’s earlier reporting that said a hacker named “Kirk” was behind the attack.
“We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” Twitter said in a statement.
Though initial reports said the hack might be an inside job, given how much access the perpetrator had to the company’s internal controls, Twitter now says its employees were targeted by a “phone spear phishing attack”:
Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
Assuming this is true, it should serve as a cautionary tale. Spear phishing via mobile devices has become more common, especially since people don’t check links on their mobile devices the way they might in a message received on their computers.
“People often overlook their phone because they think of it more as a personal device, not a work device,” Mark Ostrowski, security evangelist at cybersecurity company Check Point, told me back in May when I wrote about how to improve cybersecurity hygiene while working from home.
The details of the hack suggest that Twitter employees should have practiced better cyber hygiene, and there was nothing the account holders themselves could have done to prevent what happened.
“We will continue to organize ongoing company-wide phishing exercises throughout the year,” Twitter said in a statement shortly after the hack.
Details from the charging documents appear to show that finding the alleged hackers wasn’t a heavy lift for investigators. Fazeli and Sheppard’s Discord handles, where they allegedly discussed purchasing access to hacked accounts with “Kirk,” were the same as their handles on a forum for people interested in acquiring “OG” Twitter accounts, which are typically very short (one letter or number each) and among the first profiles created for the service. Using that forum’s records, investigators were able to link those accounts to email addresses, Coinbase accounts, and IP addresses that made identifying them fairly simple. Fazeli, for example, used his real name in his email address, which he verified with his driver’s license.

Lawmakers blame Twitter for lax security

Politicians on both sides of the aisle had scathing words and warnings for Twitter in the wake of the mid-July attack, which caused 45 accounts to request bitcoin from their followers, promising they would receive double their donation in return. The hacker also, as stated above, was able to access 36 accounts’ direct messages and seven accounts’ Twitter data. But, politicians stressed, the breach — and its consequences — could have been much worse, and they demanded that Twitter do better to stop something like this from ever happening again.
Sen. Ron Wyden, a Democrat from Oregon, expressed concern over the security of direct messages in the attack and said Twitter hadn’t done enough to protect them, despite previous assurances that it would. In a statement, the senator told Recode that he felt let down by Twitter and its executives, especially as they promised him they would improve their security:
In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter’s CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access. While it still isn’t clear if the hackers behind yesterday’s incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms. If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.
Meanwhile, others drew direct lines between the threats exposed by the breach and the upcoming presidential election. Sen. Richard Blumenthal blamed Twitter for its “repeated security lapses” and “failure to safeguard accounts” that could have caused the incident.
“Count this incident as a near miss or shot across the bow,” Blumenthal, a Connecticut Democrat, said in a tweet. “It could have been much worse with different targets.”
Sen. Josh Hawley, a Republican from Missouri who has been a frequent Big Tech critic in his short DC tenure, tweeted a letter that he said he sent to Twitter CEO Jack Dorsey even as the attack was happening.
“Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,” Hawley wrote. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
Hawley then asked how accounts protected by two-factor authentication could possibly be hacked, if user data was stolen, and what measures Twitter takes to prevent system-level hacks.
As Massachusetts Democratic Sen. Edward Markey said, both the service and its users mostly dodged a considerable bullet.
“While this scheme appears financially motivated and, as a result, presents a threat to Twitter users, imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market, or upset our international relations,” he said in a statement to Recode. “That is why Twitter must fully disclose what happened and what it is doing to ensure this never happens again.”
As for why arguably the most high-profile and influential Twitter account of all, President Trump, wasn’t affected by the hack, it’s possible that his account has special safeguards that the other accounts didn’t. Trump’s Twitter account was famously deleted by an employee in 2017, so it would make sense that Twitter put things in place to prevent that from happening again. Now we’ll see what the social media platform does to protect the rest of its users.


Elizabeth said...

I was so anxiuos to know what my husband was always doing late outside the house so i started contacting hackers and was scamed severly until i almost gave up then i contacted this one hacker and he delivered a good job showing evidences i needed from the apps on his phone like whatsapp,facebook,instagram and others and i went ahead to file my divorce papers with the evidences i got,He also went ahead to get me back some of my lost money i sent to those other fake hackers,every dollar i spent on these jobs was worth it.Contact him so he also help you.
mail: premiumhackservices@gmail.com
text or call +1 4016006790

Post a Comment