Soon after the devastating cyberattack targeting numerous Twitter accounts, here is some hack update. In brief, it’s now much clear about how the attackers executed the attack. Moreover, law enforcement authorities have also arrested suspects.
Twitter Discloses More Hack Update
While Twitter continued investigating the hack that jolted up their network recently, they now share an update. As revealed, they have established how the attackers managed to gain access to Twitter’s internal system to hack bulk accounts.
According to their recent post, the attackers targeted a ‘small number of employees’ via phone phishing (spearphishing) attack to know their Twitter account credentials. Though, not all of the targeted employees had access to the company’s internal system. Yet, the information they provided sufficed for the attackers to break into Twitter’s infrastructure.
A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.
Consequently, they hacked 130 Twitter accounts, tweeted through 45 of them, accessed the DMs of 36 of these, and downloaded data of 7 accounts.
Besides investigations, Twitter is also improving its security by taking several measures to prevent such instances in the future.
Suspects Behind The Bitcoin Scam Arrested
While Twitter continued with the investigations, the law enforcement authorities also got busy in identifying the attackers. And recently, they have arrested three suspects who allegedly executed the attack.
According to a U.S. Attorney’s Office press release, the suspects include three individuals from different regions. Two of them are Mason Sheppard (Chaewon) (19y) from Bognor Regis, UK, and Nima Fazeli (Rolex) (22y) from Orlando, Florida. Whereas, a third minor was also arrested whose name wasn’t mentioned in the press release due to federal laws that protect the identity of the juvenile.
However, according to WFLA, this minor, the 17-year old Graham Clark, was the actual mastermind of the whole Twitter attack.
While announcing the arrests of the suspects, U.S. Attorney David L. Anderson said,
There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence. Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.
He further added that until the allegations are proved true without reasonable doubt, the defendants are presumed innocent.
Let us know your thoughts in the comments.