The FBI were able to track down three hackers who pulled off the largest Twitter breach in history because they were ‘extremely sloppy’ with how they moved their Bitcoin transactions around.
Graham Ivan Clark, 17, of Tampa, Florida; Nima Fazeli, 22, of Orlando, Florida; and Mason Sheppard, 19, of Bognor Regis, U.K. have all be charged in relation to the hack, which took place on July 15.
On that date, the men conspired to hijack Twitter accounts belonging to famous figures and companies – including Barack Obama, Kanye West and Uber – before they posted tweets asking for donations to a Bitcoin wallet.
‘I am giving back to my community due to Covid-19. All Bitcoin sent to my address below will be sent back double. If you send $1,000, I will send back $2,000,’ the bogus tweets read.
Authorities say that the hackers netted more than $100,000 in Bitcoin through the illegal scheme.
But the youngsters were easily able to be traced when the FBI subsequently launched their investigation.
Authorities were able to obtain data about the Bitcoin addresses involved in the hack by analyzing blockchain – a ledger that records cryptocurrency transactions.
They then traced the addresses to Coinbase – a digital currency exchange that stores Bitcoin.
Both Fazeli and Sheppard had registered and verified their Coinbase accounts with their real driver’s licences, according to ZNET.
Fazeli also used his home IP address, meaning investigators were able to easily trace his location.
Furthermore, the alleged hackers did not move around the Bitcoin funds they received in a bid to throw detectives off the trail. Such an act is known as ‘tumbling’, and is the digital equivalent of money laundering.
Cybersecurity expert Jake Williams told The Associated Press that their efforts were ‘sloppy’.
‘This is a great case study showing how technology democratizes the ability to commit serious criminal acts,’ Williams stated.
‘There wasn’t a ton of development that went into this attack.’
Fellow cybersecurity expert Marcus Hutchins concurred.
‘I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,’ he explained.
Court papers suggest Fazeli and Sheppard only got involved in the scheme on a hacking chatroom after Clark dangled the possibility of taking over Twitter handles of short names such as @anxious and @foreign.
From there, that scam appears to have evolved into the full-scale hijacking of high-profile accounts.
Investigators claim Clark, who only recently finished high school in Florida, was the mastermind of the entire episode.
Twitter has officially stated that the hacker – purported to be Clark- gained access to a company dashboard that manages accounts on July 15.
He did this by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees to break in to the internal systems.
From there, the hackers targeted 130 accounts. They managed to tweet their bogus tweet from 45 prolific accounts.
They also accessed the direct message inboxes of 36 others, and download the Twitter data from seven separate accoubts.
Dutch anti-Islam MP Geert Wilders has said his inbox was among those accessed.
All three alleged hackers will be tried separately.