The abuse of several high-profile accounts has shaken confidence in Twitter’s security measures. A 17-year-old is said to be primarily responsible for the hacker attack. He’s not the only one the US judiciary wants to hold accountable.
Just over two weeks after an unprecedented hacker attack on celebrity Twitter accounts, the police arrested a 17-year-old as the main suspect. The prosecutor Andrew Warren said on Friday in the state of Florida that there were 30 charges against the “mastermind” of the hack. Two other young men are accused of complicity and grants by a California public prosecutor. The three face imprisonment if convicted.
In the unprecedented Twitter hack in mid-July, the accounts of numerous celebrities were hijacked, including those of former US President Barack Obama, presidential candidate Joe Biden, Microsoft founder Bill Gates and Tesla boss Elon Musk. Company accounts, such as those from Apple, were also hacked. Via the accounts, users in tweets were asked to send money in the cryptocurrency Bitcoin to a specific account – with the promise of repaying the amount twice. The abuse of the celebrity accounts has raised questions about Twitter’s security measures.
“We are increasingly relying on platforms like Twitter to get news and other information that is important to our lives,” said California Attorney David Anderson. “The Twitter VIP hack undermines public trust in these information platforms.” Anyone who uses Twitter has been the victim of the hacker attack.
According to the investigators, the scam raised more than $ 100,000 through a good 400 transfers. According to experts, a more sophisticated hack – for example through a targeted call for donations or a political message – could have done much more damage than the quite obviously suspicious Bitcoin call.
17-year-old Graham Ivan C. was arrested on Friday in his Tampa city apartment, prosecutor Warren said. He had made no resistance. He is now accused of organized fraud, communication fraud, hacking and the fraudulent use of personal information.
The main suspect is said to have accomplices. Prosecutors in San Francisco, California, where Twitter is based, said that 19-year-old Mason S. from Bognor Regis, England, was charged with hacking, fraud, and money laundering, among other things. The man known by the username “Chaewon” could face up to 45 years in prison. 22-year-old Nima F. from the city of Orlando in Florida, also known online as “Rolex”, has been accused of having been helped to illegally break into a computer and could face five years in prison. It was initially unclear whether they had already been arrested.
“There is a misconception within the community of criminal hackers that attacks like the Twitter hack could be carried out anonymously and without consequences,” prosecutor Anderson said. The rapid prosecution in this case shows that such action has quick consequences. According to court documents, the suspects left traces in the Bitcoin transactions, among other things.
The investigation was supported by the Federal FBI and the Secret Service. Further investigations should show whether there were other possible accomplices.
The California prosecutor’s office does not want to charge the 17-year-old “mastermind” under federal law because he would then have to be treated as a minor. The charge is therefore left to the local Florida state attorney because he can be held accountable there as an adult under local law. This could result in a significantly higher prison sentence.
“It wasn’t an ordinary 17-year-old,” said Warren, according to several US media. “It was a complex attack of a magnitude never seen before.” The main suspect had managed to penetrate Twitter’s network. The New York Times, citing court documents in Florida, reported that he said he was an engineering colleague of the company who needed the employee’s credentials to access the customer service portal.
After the very embarrassing hack for the company, Twitter had declared that some employees had been “manipulated” and that the attackers could use their login data to gain access to the company’s internal systems. “This attack was based on a significant and coordinated attempt to mislead certain employees and exploit human weaknesses to gain access to our internal systems,” Twitter said Thursday. Since then, access to those systems has been “significantly limited”.
Twitter said on Friday that the company was grateful for the judicial’s swift action and would continue to cooperate with the investigation. According to the attack, 130 accounts were affected. Tweets were sent from 45 accounts, and the user’s private messages were accessed in 36 cases, according to Twitter.
- Hackers: © Amir Kaljikovic – Fotolia.com