UPDATED 22:03 EDT / AUGUST 02 2020

SECURITY

Twitter hackers were caught after sending bitcoin to verified Coinbase accounts

Following the arrest of three people in relation to the hacking of Twitter Inc. on Friday, more details have emerged as to how the trio were tracked down and how they managed to gain access to Twitter.

The mastermind of the hack was not named by the U.S. Federal Bureau of Investigation but was later identified in media reports as Graham Ivan Clark, 17, from Tampa, Florida. According to the indictment, Clark hired Mason Sheppard, 19, from the U.K. and Nima Fazeli, 22, of Orlando, Florida, to help him gain access to Twitter through a phone spear phishing campaign.

Twitter detailed in a series of tweets how the attack took place. The trio is said to have “targeted a small number of employees through a phone spear-phishing attack,” with a “significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.” Having gained that access, the trio then tweeted bitcoin scam messages across a number of high-profile accounts, including those of former U.S. President Barack Obama and Tesla Inc. Chief Executive Officer Elon Musk.

The path to capturing the trio turned out to be fairly easy for the FBI. The three may have been crafty in gaining access to Twitter, but ultimately they were extraordinarily lax in hiding their trail. Using blockchain analysis tools, the FBI traced the bitcoin sent to the trio in the scam to Coinbase Inc. accounts that had been registered and verified with real driver’s licenses of Fazeli and Sheppard.

Although Fazeli and Sheppard are certainly not master criminals, the story of Clark is more interesting. A long piece in The New York Times details his path to hacking from becoming a Minecraft scammer at the age of 10 to joining a hacking forum at 15, then moving on to bitcoin at 16. Clark had been previously investigated for the theft of $865,000 in bitcoin but was never charged over the matter.

Clark’s criminal activities prior to the Twitter hack may have been even more extensive. At a hearing on Saturday that granted him bail for $725,000, Clark’s attorney said that his client had more than $3 million in bitcoin.

That social engineering was used by the trio was of particular interest to security analysts. Lisa Plaggemier, chief strategy officer at digital security awareness training company MediaPro Holdings LLC, told SiliconANGLE that the Twitter attack was a well-planned targeted voice phishing, or vishing, attack.

“Employee training against these types of attacks is critical and it can be tricky,” she said. “When the attackers have done their research on the targeted individuals and used data gained in previous breaches, they can be extremely convincing over the phone.

As a result, she added, “employees, and the general public for that matter, have become accustomed to the obvious phone scans, like the IRS phone scam that was so pervasive a few years back. It was ‘spray and pray,’ not targeted, and therefore relatively obvious to many people who knew to hang up. But therein lies the problem.”

Ray Kelly, principal security engineer at application security firm WhiteHat Security Inc., noted that the incident demonstrates that social engineering is still a common method for attackers to gain access to internal systems.”The human is often times the weakest link in any security chain,” he said. “Proper employee training and employing services that test human susceptibility to social engineering attacks such as email spear-phishing, phone calls and in-person attacks can be invaluable to help prevent the employee from being the security gap in any organization.”

Image: Shawn Campbell/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU