After Twitter yesterday provided an updated overview of how its recent high-profile, Bitcoin-scam hack occurred, in which various celebrity accounts were taken over by the hackers, the FBI has today announced that a man in Florida has been arrested over the incident, while two others have been charged with assisting the crime.
As reported by The Verge:
"Early this morning, the FBI, IRS, US Secret Service, and Florida law enforcement placed a 17-year-old in Tampa, Florida, under arrest, accusing him of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history [...] Two more individuals were formally charged by the US Department of Justice, including 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon” respectively."
The details emerging largely align with those provided by two hackers who spoke to The New York Times about the incident earlier this month - NYT said that the hackers they interviewed, who both claimed to have participated in the Twitter profile heist, were following the lead of a key player named 'Kirk'. One of the hackers they spoke to was based in the US, the other in the UK. All three are reportedly in their late teens or early 20s.
According to reports, Fazeli and Sheppard connected with 'Kirk' via a Discord discussion, with the following chat log listed in the case file.
Officials made the connection to Sheppard and Fazeli because they used personally identifying documents to establish the crypto accounts where the money was being transferred to. It's not clear, at this stage, that the person arrested in Tampa is indeed 'Kirk', but that seems to be the implication.
The Florida teen was arrested in his own apartment, and is now being held in custody, and facing over 30 felony counts. Fazeli could receive up to 5 years in prison, and a $250,000 fine for the hack, while Sheppard is reportedly facing a potential 20-year jail stint.
As reported by Twitter yesterday, the hackers used 'phone spear phishing', among various other tactics, to obtain the information they required in order to facilitate access to Twitter's admin dashboard.
Phone spear phishing - or 'vishing' as some have called it - involves convincing the person you're speaking to that you're an administrator or an official who requires your details. Over time, through an escalating process of data gathering, the hacker (or hackers) were able to use this, and other methods, to eventually get the key info they needed to gain access to virtually any Twitter account. Twitter says that it's now reviewing all processes to better protect against such vulnerability in future.
The arrests are obviously a significant step, and they may also enable Twitter to share more details on the incident, as Twitter noted that it was unable to share specifics due to the ongoing investigation.
We'll likely have to wait till the case is finalized before we hear more, but the incident highlights not only the importance of security at the world's largest social networks, but also the risks hackers are taking by engaging in such crimes.
As noted by Hillsborough State Attorney Andrew Warren:
"This is not a game, these are serious crimes with serious consequences, and if you think you can rip people off online and get away with it, you’ll be in for a rude awakening.”
There'll be more to come on this case.