Whoever took down Twitter in the massive hack that resulted in the hijackings of major celebrity profiles surely was a state-sponsored actor, right? Or maybe it was a sophisticated, organized crime ring? Think again. Officials in Florida have arrested a 17-year-old who is accused of being the "mastermind" behind the hack that was used to promote a Bitcoin scam.
Two others were arrested later on Friday, including 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the U.K.
Unfortunately for the crew, it seems they were caught after Sheppard and Fazeli transferred some of the stolen Bitcoin into accounts at cryptocurrency exchanges Binance and Coinbase, where they had verified their identities with driver's licenses. That's a pretty dumb way to go down but, again – these are kids after all.
This is your king? — The 17-year-old, Graham Clark, was hit with 30 felony charges for accessing the computer systems of Twitter "for the purpose of devising and executing a scheme." Over several hours, 130 high-profile accounts were hijacked to tweet out a Bitcoin address that received over $130,000 before Twitter shut down the ability to tweet for all verified accounts. Twitter says its internal tools remain locked down while it strengthens its security measures.
Twitter yesterday said in a series of tweets that the perpetrator of the hack pulled it off by tricking employees over the phone into handing over their login credentials for internal tools. Reportedly over 1,000 employees of the company were able to access a "God Mode" panel allowing one to take over full control of any account. Of the more than 130 accounts that were accessed, 36 of which had their DMs accessed. Seven users had their tweet archives downloaded.
“We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” Twitter said after the arrest was made. “For our part, we are focused on being transparent and providing updates regularly.”
Of all the high-profile accounts, President Trump's went curiously unscathed, but Twitter said that's because his account has extra protections — likely after a previous instance in which a contractor temporarily suspended his account.
How embarrassing — Nonetheless, the whole situation is quite embarrassing for Twitter, a $28 billion company that we now know was effectively crippled for hours by young kids. The company has never been able to shake its reputation as a mess internally, held up by duct tape ever since the early days when the site would frequently crash under high traffic and display the famous Fail Whale.
At the very least, we should be grateful that the hackers apparently didn't have more sinister intentions. The group could've accessed untold numbers of private messages and used them for blackmail. Twitter has previously been infilitrated by employees working as spies for Saudi Arabia to monitor dissidents on the platform. But instead it appears this group's motivations were simply to get enough 'coin to buy a Lamborghini or something.