British teen charged over Twitter hack named by US officials

Twitter says that hackers used spear phishing to compromise one of its employees (Getty)

A British teenager was one of three hackers named by US officials as being responsible for the attack on Twitter last month.

On July 15, several prominent Twitter users – including Barack Obama, Jeff Bezos and Kanye West – had their accounts hacked to promote a bitcoin scam.

Mason Sheppard, who used the alias ‘Chaewon,’ from Bognor Regis, was named alongside Graham Ivan Clark and Nima Fazelli, both from Florida, in a criminal complaint in the Northern District of California last Friday

Sheppard, 19, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

He now faces an extradition hearing which could see him sent to the US to face trial. Police have yet to release his mugshot.

According to Twitter itself, the attackers used a spear phishing attack to compromise on of its employees into giving up access to its internal systems.

The noted security specialist Brian Krebs has posted that he spoke with Chaewon regarding selling access to compromised Twitter accounts.

The teen apparently told Krebs he had acted as a broker for Clark, who used the alias ‘Kirk’, and had not been involved in hijacking the high-profile accounts for the purposes of executing the bitcoin scam.

‘Encountering Kirk was the worst mistake I’ve ever made due to the fact it has put me in issues I had nothing to do with,’ he told KrebsOnSecurity.

‘If I knew Kirk was going to do what he did, or if even from the start if I knew he was a hacker posing as a rep I would not have wanted to be a middleman.’

Graham Ivan Clark, 17, using an alias ‘Kirk’ was arrested in Tampa on Friday morning, according to the Hillsborough State Attorney’s Office.

At any rate, the penalty sheet included on the criminal complaint for Sheppard lists up to 20 years’ imprisonment each for wire fraud and money laundering conspiracy as well as up to five years imprisonment for computer intrusion.

US Attorney David L. Anderson said: ‘Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.’  

He continued: ‘There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence. 

‘[The] charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.

‘Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. 

‘In particular, I want to say to would-be offenders, break the law, and we will find you.’ 

Former US president Barack Obama was one of the compromised accounts(Credits: PA)

Overall, the scam tricked Twitter users into transferring £76,000 worth of bitcoin, according to the criminal complaint.

‘The result of the Twitter hack was the compromise of approximately 130 Twitter accounts pertaining to politicians, celebrities, and musicians,’ it says.

Several high profile Twitter accounts were compromised by the hackers (United States district court)

‘The hackers are alleged to have created a scam bitcoin account, to have hacked into Twitter VIP accounts, to have sent solicitations from the Twitter VIP accounts with a false promise to double any bitcoin deposits made to the scam account, and then to have stolen the bitcoin that victims deposited into the scam account.

‘As alleged in the complaints, the scam bitcoin account received more than 400 transfers worth more than 100,000 US dollars (£76,000).

‘The defendants are alleged to have victimised the Twitter VIP users whose accounts were hacked. 

‘The defendants are alleged to have victimised the people who sent bitcoin in response to the scam solicitations.’


READ  Nasa launches ‘NICER’ study aimed at exposing the ‘lighter’ side of black holes


Please enter your comment!
Please enter your name here