- The FBI identified, tracked down, and arrested three individuals who are responsible for the Twitter hack.
- Two of the three are considered accomplices, and one claims to have been deceived by the mastermind.
- The FBI had ample leads to work with and give specific direction to the investigation.
Only two weeks after the most catastrophic hack ever to have hit Twitter, the FBI managed to track down the persons responsible and arrest them in simultaneous operations taking place in Florida and the United Kingdom.
Graham Ivan Clark (aka “Kirk”), 17, Tampa, Florida
Nima Fazeli (aka “Rolex”), 22, Orlando, Florida
Mason Sheppard (aka “Chaewon”), 19, Bognor Regis, United Kingdom
Fazeli and Sheppard are charged with a criminal complaint, conspiracy to commit wire fraud, unauthorized access to a computer, and money laundering. Ivan Clark, however, is facing a long list of 30 counts, as he is considered to be the mastermind of the operation.
In fact, Sheppard even told investigators he did not know what “Kirk” was up to. Due to the severity of Clark’s actions and his marginal adolescence, the prosecutors decided to charge him as an adult, so we may get to see a very harsh punishment towards the young hacker.
The latest information that Twitter confirmed about the hack yesterday presents a spear-phishing attack, with the hackers targeting only a couple of employees to gain access to their tools. From there, they moved to compromise 130 Twitter accounts, tweeted from 45 of them, accessed the DM inbox of 36, and downloaded the data of seven.
According to an earlier NYT report, “Kirk” found credentials for one of Twitter’s tech support tools pinned to a Slack channel that was used internally, and which he had access to.
After the incident, investigators immediately started digging into the OGUsers platform and monitored every possible activity linked to the stolen 12.83 Bitcoin. FBI also reached out to Discord and got chat logs and user details from accounts the agency believed to be connected with the Twitter hack.
Moreover, Coinbase – which blocked the malicious transactions when the actors attempted to carry them out – also shared all technical details they had about the addresses with the FBI.
Coinbase requests an ID or a driver’s license for users to verify, so this was key in figuring out the real identities behind hacker monikers. Attempting to use Coinbase to receive stolen Bitcoin from such a high profile security incident was an unfortunate decision, if not a straight out stupid move.