Security

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

Alleged 17-year-old mastermind among trio charged over account mass hijackings


Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.

It is claimed a social-engineering-driven phishing campaign against Twitter employees led to the brief takeover on July 15 of 45 out of 130 targeted prominent accounts to promote a Bitcoin scam. Accounts belonging to Bill Gates, Elon Musk, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Mike Bloomberg, Warren Buffett, Benjamin Netanyahu, and Kim Kardashian, and to companies like Apple, Uber, and various cryptocurrency exchanges were among those commandeered.

The hijacked accounts were used to urge Twitter users to donate Bitcoin to a specific address, with the promise that a larger sum would be returned. Those involved collected more than $100,000 worth of cryptocurrency. The miscreants also managed to access the Twitter Direct Messages in 36 accounts, and to download Twitter account data for seven accounts.

The account takeovers attracted national and international attention, and elicited concern that the social network's lax internal security could threaten social stability and national security.

"Increasingly we rely on platforms like Twitter to receive news and other information that is important to our lives," said US Attorney for the Northern District of California David Anderson in the video statement below. "The Twitter VIP hack undermines public confidence in those information platforms."

Anderson announced the charges, in conjunction with federal officials from the FBI, the Secret Service, the IRS, and the UK's National Crime Agency.

"There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” he said in a statement. "Today's charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived."

Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, England, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged with aiding and abetting the intentional access of a protected computer.

The third defendant was not identified by the Department of Justice because he's a juvenile. A press release from the Hillsborough County State Attorney's Office in Florida, however, names the boy, a 17-year-old from Tampa, Florida, who faces 30 felony charges for his alleged role as the "mastermind" of the attack.

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

READ MORE

The minor defendant is being prosecuted as an adult, the Hillsborough County State Attorney's Office said, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate."

The complaint [PDF] against Sheppard includes an affidavit from IRS Special Agent Tigran Gambaryan that describes how the suspects were identified.

The IRS investigator relied on account information obtained through a warrant for account data from chat service Discord, data from the public disclosure of a hacked OGUsers.com forum database, records from cryptocoin exchanges Coinbase and Binance, and blockchain analysis.

The affidavit of US Secret Service Agent John A. Szydlik, which recounts how Fazeli was identified, also cites the publicly disclosed OGUsers.com database as a source of information.

The two complaints mention unidentified Discord user "Kirk#5270" who is said to have brokered access to the hacked Twitter accounts and is presumably the 17-year-old "mastermind" arrested in Tampa.

Authorities believe "Kirk#5270" and Sheppard were assisted in their efforts to sell access to Twitter accounts by another unidentified juvenile Discord user who resides in Northern California and was interviewed by federal agents. ®

Send us news
52 Comments

Row breaks out over true severity of two DNSSEC flaws

Some of us would be happy being rated 7.5 out of 10, just sayin'

Amazon finishes pumping $4B into AI darling Anthropic

Adds $2.75B to the ML sweepstakes ante and is counting on Claude

White House and lawmakers increase pressure on UnitedHealth to ease providers' pain

US senator calls cyber attack 'inexcusable,' calls for mandatory security rules

Whizkids jimmy OpenAI, Google's closed models

Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets

Biden's budget proposal boosts CISA funding to $3B

Plus almost $1.5b for health-care cybersecurity

Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Plus potential links to I-Soon, researchers say

AI models show racial bias based on written dialect, researchers find

Those using African American vernacular more likely to be sentenced to death, if LLMs were asked to decide

In the rush to build AI apps, please, please don't leave security behind

Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

Forget TikTok – Chinese spies want to steal IP by backdooring digital locks

Uncle Sam can use this snooping tool, too, but that's beside the point

Microsoft Copilot for Security prepares for April liftoff

Automated AI helper intended to make security more manageable

Miscreants are exploiting enterprise tech zero days more and more, Google warns

Crooks know where the big bucks are

US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing

Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force?