British teen charged over Twitter hack named by US officials

[ad_1]

Twitter says that hackers used spear phishing to compromise one of its employees (Getty)

A British teenager was one of three hackers named by US officials as being responsible for the attack on Twitter last month.

On July 15, several prominent Twitter users – including Barack Obama, Jeff Bezos and Kanye West – had their accounts hacked to promote a bitcoin scam.

Mason Sheppard, who used the alias ‘Chaewon,’ from Bognor Regis, was named alongside Graham Ivan Clark and Nima Fazelli, both from Florida, in a criminal complaint in the Northern District of California last Friday

Sheppard, 19, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

He now faces an extradition hearing which could see him sent to the US to face trial. Police have yet to release his mugshot.

According to Twitter itself, the attackers used a spear phishing attack to compromise on of its employees into giving up access to its internal systems.

The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.

— Twitter Support (@TwitterSupport) July 31, 2020

The noted security specialist Brian Krebs has posted that he spoke with Chaewon regarding selling access to compromised Twitter accounts.

The teen apparently told Krebs he had acted as a broker for Clark, who used the alias ‘Kirk’, and had not been involved in hijacking the high-profile accounts for the purposes of executing the bitcoin scam.

‘Encountering Kirk was the worst mistake I’ve ever made due to the fact it has put me in issues I had nothing to do with,’ he told KrebsOnSecurity.

‘If I knew Kirk was going to do what he did, or if even from the start if I knew he was a hacker posing as a rep I would not have wanted to be a middleman.’

Graham Ivan Clark - 17 TAMPA ? A 17-year-old Tampa man was arrested Friday morning after the Federal Bureau of Investigation and the U.S. Department of Justice discovered he was behind an extensive Twitter hack, which temporarily gave him access to the accounts of Bill Gates, Barack Obama and many others. Graham Ivan Clark, 17, was arrested in Tampa on Friday morning, according to the Hillsborough State Attorney?s Office. Clark?s scheme was to steal the identities of prominent people, then post messages in their names directing victims to send Bitcoin to accounts he owned. The state attorney?s office said Friday that he reaped more than $100,000 in Bitcoin in just one day. As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam. ?This defendant lives here in Tampa, he committed the crime here, and he?ll be prosecuted here,? State Attorney Warren said Friday. ?I want to congratulate our federal law enforcement partners?the US Attorney?s Office for the Northern District of California, the FBI, the IRS, and the Secret Service?as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,? Warren added. The hacking took place on July 16. At the time, Twitter said it was a ?coordinated? attack targeting its employees ?with access to internal systems and tools.? Clark has been arrested on charges of organized fraud, communications fraud, ten counts of fraudulent use of p — Graham Ivan Clark, 17, using an alias ‘Kirk’ was arrested in Tampa on Friday morning, according to the Hillsborough State Attorney’s Office.

At any rate, the penalty sheet included on the criminal complaint for Sheppard lists up to 20 years’ imprisonment each for wire fraud and money laundering conspiracy as well as up to five years imprisonment for computer intrusion.

US Attorney David L. Anderson said: ‘Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.’

He continued: ‘There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence.

‘[The] charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.

‘Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.

‘In particular, I want to say to would-be offenders, break the law, and we will find you.’