Hillsborough State Attorney Andrew Warren announced today that he has filed 30 felony charges against a 17-year-old resident of Tampa, Florida, who was described by Warren’s office as “the mastermind of the recent hack of Twitter.”
The hack in question occurred earlier this month and involved high-profile Twitter users like Apple, Elon Musk, Joe Biden and Barack Obama, whose accounts all posted messages promoting a Bitcoin wallet and claiming, “All Bitcoin sent to the address below will be sent back doubled!”
The teen (we’re not identifying them because they’re a minor) allegedly made more than $100,000 through this cryptocurrency scam.
The state attorney’s office said that the teen was arrested earlier today after an investigation by the Federal Bureau of Investigation and the U.S. Department of Justice, and that they will be tried as an adult. They face charges including one count of organized fraud (over $50,000) and 17 counts of communications fraud (over $300).
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
As we reported at the time, the hack used Twitter’s own internal administrative tool to gain access to high-profile accounts. In a tweet, the company said, “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.”
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
To prevent a similar attack from succeeding in the future, Twitter said it will be “accelerating several of our pre-existing security workstreams and improvements to our tools” and also improving the methods it uses to detect and stop inappropriate access to its internal systems.
Update: In an announcement of its own, the Justice Department three people were actually charged for their alleged roles in the hack — not just the teen in Tampa, but also 19-year-old Mason Sheppard, a.k.a. “Chaewon,” of the United Kingdom (accused of conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer) and 22-year-old Nima Fazeli, a.k.a. “Rolex,” of Orlando, Florida (accused of aiding and abetting the intentional access of a protected computer), who are both facing charges in the Northern District of California.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney David L. Anderson in a statement. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”