Police have arrested a suspect in this month's major Twitter hack (opens in new tab) that compromised high-profile accounts belonging to Elon Musk, Bill Gates, Apple, Uber, Barack Obama, and dozens of others. The Hillsborough State Attorney's Office (opens in new tab) said that an investigation involving the FBI, the IRS, the Secret Service, the US Attorney's Office for the Northern District of California, and Florida law enforcement agencies led to the arrest of a 17-year-old alleged "mastermind" of the hack.
Messages posted to the compromised Twitter accounts asked followers to make payments to Bitcoin accounts and promised to pay double the deposited amount in return, as a way of "giving back" to fans. That might seem like a transparent ploy, but it was effective: The teen reportedly pulled in more than $100,000 in a single day.
"These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” State Attorney Andrew H Warren said.
The suspect is now facing 30 felony charges, including:
- Organized Fraud (Over $50,000) – 1 count
- Communications Fraud (Over $300) – 17 counts
- Fraudulent Use of Personal Information (Over $100,000 or 30 or more victims) – 1 count
- Fraudulent Use of Personal Information – 10 counts
- Access Computer or Electronic Device Without Authority (Scheme to Defraud) – 1 count
Despite the arrest, the Attorney's Office implied that the stolen money may not be recoverable, saying that "as a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam."
"Working together, we will hold this defendant accountable. Scamming people out of their hard-earned money is always wrong," Warren said. "Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it."
Shortly after the teen's apprehension, three more arrests (opens in new tab) were announced: 19-year-old Mason "Chaewon" Sheppard of Bognor Regis in the UK; 22-year-old Nima "Rolex" Fazeli of Orlando, Florida; and another juvenile who cannot be named.
Twitter has also posted an update about the "security incident (opens in new tab)," saying that a "phone spear phishing attack" targeting its employees eventually gave the hackers access to Twitter's account support tools, which were used to post the scam tweets from 45 different accounts. Twitch was also forced to block tweets from all verified accounts for several hours in order to halt the hack.
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service," Twitter said. "We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe."
Access to those tools has been "significantly limited" since the attack, which has "impacted" some features and means that Twitter will be slower to respond to account support requests and abusive tweet reports.
Thanks, The Verge (opens in new tab).