Another week, another piece of the Twitter hack details are revealed. Last week, the company revealed that internal employee tools were used to access the affected accounts and that, for some, DMs were also accessed. The questions remained: who did this, and how did they gain access to the tools set they used?
The question of how was also answered by Twitter. The company says that a sophisticated "spear phishing attack" was used in order to gain access to the corporate network, allowing the hackers to learn about the internal processes. From there, they targeted the correct employees to gain access to the tools required to tweet the Bitcoin scam information, which ultimately led to $113,500 being stolen from people who fell for the trick.
This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service.
The answer to who was also answered this week, care of the US Attorney's Office of the Northern District of California. According to the information shared by the Justice Department, 3 individuals have been charged with the hack. Mason Sheppard, a 19-year-old from the United Kingdon, Nima Fazeli, a 22-year-old from Orlando, Florida, and an unnamed 17-year-old (later identified as Graham Clark by local NBC Affiliate WFLA) from Tampa, Florida.
While the team is young, the youngest is claimed to have been the mastermind behind the attack. According to WFLA, Clark has had 30 felony charges filed against him,
one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority.