Twitter ‘hackers’ were taken down by rival gang who ‘shared database of their usernames and chats’

A group of hackers who reportedly acessed the Twitter accounts of celebrities, were taken down by rival gang who shared a database of their usernames and messages, which led to their arrests by the FBI. 

Graham Ivan Clark, 17, was arrested Friday in Tampa. Nima Fazeli, 22, of Orlando, Florida; and Mason Sheppard, 19, of Bognor Regis, U.K. have also been charged in relation to the hack, which took place on July 15. 

The scheme commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin. It also saw the men allegedly make thousands by selling people’s usernames. 

The young men were finally caught thanks to a rival group of hackers who had shared a database full of their usernames and private messages, leading the FBI to the three men, Wired reports.     

That information was shared at the beginning at April and acquired by the FBI on April 9. 

The data gathered from that showed Bitcoin addresses and IP addresses which law enforcement are said to have used to trace the three men arrested. 

Mason Sheppard, 19, of Bognor Regis, West Sussex, was charged with hacking Twitter and stealing thousands of dollars worth of Bitcoin

Graham Ivan Clark, 17, left, was arrested Friday in Tampa. Nima Fazeli, 22, of Orlando, Florida; and Mason Sheppard, 19, of Bognor Regis, U.K., right, have also been charged in relation to the hack, which took place on July 15

The hack is said to have begun with a Discord message from user Kirk#5270, who wrote: ‘I work for Twitter. I can claim any name, let me know if you’re trying to work.’

Another user, who went by the names of Ever so anxious#0001 and Chaewon, then lined up buyers for Twitter handles including an offer of $5,000 for the handle @xx. A third, Rolex#0373, then joined in, offering sought-after account names for $2,500 upwards. 

Fazeli is thought to be Rolex, Sheppard is Chaewon. Clark is not identified as Kirk#5270 in court documents but is accused of being the mastermind. 

Hillsborough state attorney Andrew Warren said: ‘He gained access to Twitter accounts and to the internal controls of Twitter through compromising a Twitter employee. He sold access to those accounts. 

‘He then used the identities of prominent people to solicit money in the form of bitcoin, promising in return that he would send back twice as much bitcoin.’

Clark will be prosecuted as an adult. He faces 30 felony charges. Sheppard and Fazeli were charged separately in California federal court.

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. 

Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.

A total of 130 accounts were targeted.  

The scheme commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin

The scheme commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk

Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as ‘Kirk’ and said he could ‘reset, swap and control any Twitter account at will’ in exchange for cybercurrency payments, claiming to be a Twitter employee.

How the hacker’s ‘sloppy’ work covering their tracks made them easy to track 

The FBI were able to track down three hackers who pulled off the largest Twitter breach in history because they were ‘extremely sloppy’ with how they moved their Bitcoin transactions around.

Authorities were able to obtain data about the Bitcoin addresses involved in the hack by analyzing blockchain – a ledger that records cryptocurrency transactions. 

They then traced the addresses to Coinbase – a digital currency exchange that stores Bitcoin. 

Both Fazeli and Sheppard had registered and verified their Coinbase accounts with their real driver’s licences, according to ZNET.  

Fazeli also used his home IP address, meaning investigators were able to easily trace his location. 

Furthermore, the alleged hackers did not move around the Bitcoin funds they received in a bid to throw detectives off the trail.  Such an act is known as ‘tumbling’, and is the digital equivalent of money laundering. 

Cybersecurity expert Jake Williams told The Associated Press that their efforts were ‘sloppy’.   

Twitter has officially stated that the hacker – purported to be Clark- gained access to a company dashboard that manages accounts on July 15. 

He did this by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees to break in to the internal systems. 

From there, the hackers targeted 130 accounts. They managed to tweet their bogus tweet from 45 prolific accounts. 

They also accessed the direct message inboxes of 36 others, and download the Twitter data from seven separate accounts. 

The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.

Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees ‘to gain access to our internal systems.’ Spear-phishing uses email or other messaging to deceive people into sharing access credentials.

‘There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,’ U.S. Attorney David L. Anderson for the Northern District of California said in a news release.

The evidence suggests, however, that those responsible did a poor job indeed of covering their tracks. The court documents released Friday show how federal agents tracked the hackers through Bitcoin transactions and by obtaining records of their online chats.

Although the case was investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren said his office is prosecuting Clark in state court because Florida law allows minors to be charged as adults in financial fraud cases when appropriate. He called Clark the leader of the hacking scam.

‘This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,’ Warren said.

Security experts were not surprised that the alleged mastermind is a 17-year-old, given the relatively amateurish nature of both the operation and how participants discussed it with New York Times reporters afterward.

‘This is a great case study showing how technology democratizes the ability to commit serious criminal acts,’ said Jake Williams, founder of the cybersecurity firm Rendition Infosec. ‘There wasn’t a ton of development that went into this attack.’

Williams said the hackers were ‘extremely sloppy’ in how they moved the Bitcoin around. It did not appear they used any services that make cryptocurrency difficult to trace by ‘tumbling’ transactions of multiple users, a technique akin to money laundering, he said.

He also said he was conflicted about whether Clark should be charged as an adult.

‘He definitely deserves to pay (for jumping on the opportunity) but potentially serving decades in prison doesn’t seem like justice in this case,’ Williams said.

The hack targeted 130 accounts with tweets being sent from 45 accounts, obtained access to the direct message inboxes of 36, and downloaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.

Court papers suggest Fazeli and Sheppard got involved in the scheme after Clark dangled the possibility of obtaining so-called OG Twitter handles, short account names that due to their brevity are highly prized and considered status symbols in a certain milieu. They said Sheppard purchased @anxious and Faceli wanted @foreign.

Internal Revenue Service investigators in Washington, D.C., identified two of the defendants by analyzing Bitcoin transactions on the blockchain — the universal ledger that records Bitcoin transactions — that they had sought to make anonymous, federal prosecutors said.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation. Obama's account was hacked

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation. Obama’s account was hacked 

Celebrities Kanye West, pictured, and his wife, Kim Kardashian West, were also hacked

Celebrities Kanye West, pictured, and his wife, Kim Kardashian West, were also hacked

Marcus Hutchins, the 26-year-old British cybersecurity expert credited with helping stop the WannaCry computer virus in 2017, said the skillset involved in the actual hack was nothing special.

‘I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,’ added Hutchins, who pleaded guilty last year to creating malware designed to steal banking information and just completed a year’s supervised release.

British cybersecurity analyst Graham Cluley said his guess was that the targeted Twitter employees got a message to call what they thought was an authorized help desk and were persuaded by the hacker to provide their credentials. It’s also possible the hackers got a call from the company’s legitimate help line by spoofing the number, he said.

Fazeli’s father said Friday he hasn’t been able to talk to his son since Thursday.

‘I’m 100% sure my son is innocent,’ Mohamad Fazeli said. ‘He’s a very good person, very honest, very smart and loyal.’

‘We are as shocked as everybody else,’ he said by phone. ‘I’m sure this is a mix up.’

Attempts to reach relatives of the other two weren’t immediately successful. Hillsborough County court records didn’t list an attorney for Clark, and federal court records didn’t list attorneys for Sheppard or Fazeli.

Leave a Comment