A 17-year-old was the mastermind of a gang of three people who successfully used phishing/voice phishing (fishing) to hack Twitter. Graham Clark lives in Tampa, Florida and he worked with the following hackers:

Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, who was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, who was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney David L. Anderson for the Northern District of California.  “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.  Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.  In particular, I want to say to would-be offenders, break the law, and we will find you.”

“The hackers allegedly compromised over 100 social media accounts and scammed both the account users and others who sent money based on their fraudulent solicitations,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “The rapid investigation of this conduct is a testament to the expertise of our investigators, our commitment to responding quickly to cyber attacks, and the close relationships we have built with law enforcement partners throughout the world.”

“Upon opening an investigation into this attack, our investigators worked quickly to determine who was responsible and to locate those individuals,” said San Francisco FBI Special Agent in Charge John F. Bennett. “While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks. Regardless of how long it takes us to identify hackers, we will follow the evidence to where it leads us and ultimately hold those responsible for cyber intrusions accountable for their actions. Cyber criminals will not find sanctuary behind their keyboards.”

“Weeks ago, one of the world’s most prolific social media platforms came under attack.  Various political leaders, celebrities, and influencers were virtually held hostage as their accounts were hacked,” said Kelly R. Jackson, IRS-Criminal Investigation (IRS-CI) Special Agent in Charge of the Washington D.C. Field Office.  “The public was confused, and everyone wanted answers.  We can now start answering those questions thanks to the work of IRS-CI cyber-crime experts and our law enforcement partners. Washington DC Field Office Cyber Crimes Unit analyzed the blockchain and de-anonymized bitcoin transactions allowing for the identification of two different hackers. This case serves as a great example of how following the money, international collaboration, and public-private partnerships can work to successfully take down a perceived anonymous criminal enterprise. Regardless of the illicit scheme, and whether the proceeds are virtual or tangible, IRS-CI will continue to follow the money and unravel complex financial transactions.”

“Today’s announcement proves that cybercriminals can no longer hide behind perceived global anonymity,” said Thomas Edwards, Special Agent in Charge, U.S. Secret Service, San Francisco Field Office. “The Secret Service remains committed to pursuing those responsible for cyber-enabled fraud and will continue to hold cyber criminals accountable for their actions.  This investigation is a testament to the strong partnerships between the Secret Service, the U.S. Attorney’s Office, the FBI, the IRS, as well as our state, local and international law enforcement partners.” 

As alleged in the complaints, the Twitter attack consisted of a combination of technical breaches and social engineering.  The result of the Twitter hack was the compromise of approximately 130 Twitter accounts pertaining to politicians, celebrities, and musicians. 

The hackers are alleged to have created a scam bitcoin account, to have hacked into Twitter VIP accounts, to have sent solicitations from the Twitter VIP accounts with a false promise to double any bitcoin deposits made to the scam account, and then to have stolen the bitcoin that victims deposited into the scam account.  As alleged in the complaints, the scam bitcoin account received more than 400 transfers worth more than $100,000.  

As a result of the hack, Twitter is "taking a hard look" at how it could improve its permissions and processes and explained, scammers "exploited human vulnerabilities".

Cybersecurity is a complex field but the human element is a weak link and technology alone has not to date, been a replacement for well-trained workers.

At Apex Technology Services we perform cybersecurity training which is live and in-person or more recently, “Zoom” and in-person. During these sessions, we see 90-100% engagement levels and workers typically ask a lot of great questions and seem to learn from the sessions. We bundle this training with phishing – we use our own PHISH360 platform to send them phishing attacks before and after the training, We always see a huge improvement when this is done.

Companies must do this quarterly until none of the employees are tricked by phishing messages. Then, they can scale back based on budget and if they see the team has effectively learned what not to click on. New employees present yet another challenge and should be trained as well.

A high-school student masterminded a ring of hackers that took down one of the best companies in Silicon Valley. It was all because users were tricked. The biggest takeaway is training and phishing simulation must be performed regularly to keep your company protected.

Ask the experts at Apex Technology Services about how we can help your organization stay secure.