Hillsborough State Attorney Andrew Warren announced today that he has filed 30 felony charges against a 17-year-old resident of Tampa, Florida, who was described by the state attorney’s office as “the mastermind of the recent hack of Twitter.”
The hack in question occurred earlier this month and involved high-profile Twitter users like Apple, Elon Musk, Joe Biden and Barack Obama, whose accounts all posted messages promoting a Bitcoin wallet and claiming, “All Bitcoin sent to the address below will be sent back doubled!”
The teen (we’re not identifying them because they’re a minor) allegedly made more than $100,000 through this cryptocurrency scam.
The state attorney’s office said that the teen was arrested earlier today as a result of an investigation by the Federal Bureau of Investigation and the U.S. Department of Justice, and that they will be tried as an adult. They face charges including one count of organized fraud (over $50,000) and 17 counts of communications fraud (over $300).
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
As we reported at the time, the hack used Twitter’s own admin tool to gain access to high-profile accounts. The company just updated its blog post outlining what it knows about the attack:
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
To prevent a similar attack from succeeding in the future, Twitter said it will be “accelerating several of our pre-existing security workstreams and improvements to our tools” and also improving the methods it uses to detect and stop inappropriate access to its internal systems.