How FBI tracked down the celebrity Twitter hackers

How FBI tracked down the celebrity Twitter hackers: Cyber criminals ‘who took over accounts of 45 stars’ were ‘extremely sloppy’ when covering their tracks, ‘using their own home IP addresses and real driver’s license to verify their Bitcoin wallets’

  •  On July 15, 45 high-profile Twitter accounts were hacked
  • The hackers then sent out a tweet to hundreds of millions of users encouraging them to give $1000 to a Bitcoin address
  • Accounts belonging to  Barack Obama, Elon Musk, Joe Biden and Kanye West all sent out the bogus message 
  • The FBI subsequently launched an investigation to find out who was responsible
  • Police have now charged three young men – two from Florida and one from the UK – with participating in the hack  
  • According to charging documents and cybersecurity experts, the men made little attempt to conceal their identities
  • They used home IP addresses, and their Bitcoin addresses were able to easily traced to legitimate forms of identification they had uploaded on the internet 

The FBI were able to track down three hackers who pulled off the largest Twitter breach in history because they were ‘extremely sloppy’ with how they moved their Bitcoin transactions around. 

Graham Ivan Clark, 17, of Tampa, Florida; Nima Fazeli, 22, of Orlando, Florida; and Mason Sheppard, 19, of Bognor Regis, U.K. have all be charged in relation to the hack, which took place on July 15. 

On that date, the men conspired to hijack Twitter accounts belonging to famous figures and companies – including Barack Obama, Kanye West and Uber -before they posted tweets asking for donations to a Bitcoin wallet.  

‘I am giving back to my community due to Covid-19. All Bitcoin sent to my address below will be sent back double. If you send $1,000, I will send back $2,000,’ the bogus tweets read. 

Authorities say that the hackers  netted more than $100,000 in Bitcoin through the illegal scheme.

But the youngsters were easily able to be traced when the FBI subsequently launched their investigation. 

Graham Ivan Clark, 17, of Tampa, Florida, is believed to be the mastermind of the July 15 Twitter hack 

Former US president Barack Obama, the most followed account on Twitter, was among the high-profile targets used to carry out the Bitcoin scam

Authorities were able to obtain data about the Bitcoin addresses involved in the hack by analyzing blockchain – a ledger that records cryptocurrency transactions. 

They then traced the addresses to Coinbase – a digital currency exchange that stores Bitcoin. 

Both Fazeli and Sheppard had registered and verified their Coinbase accounts with their real driver’s licences, according to ZNET.  

Fazeli also used his home IP address, meaning investigators were able to easily trace his location. 

Furthermore, the alleged hackers did not move around the Bitcoin funds they received in a bid to throw detectives off the trail.  Such an act is known as ‘tumbling’, and is the digital equivalent of money laundering. 

Cybersecurity expert Jake Williams told The Associated Press that their efforts were ‘sloppy’.  

‘This is a great case study showing how technology democratizes the ability to commit serious criminal acts,’ Williams stated. 

‘There wasn’t a ton of development that went into this attack.’ 

A British teenager has been charged with hacking the social media site Twitter and stealing thousands of dollars worth of Bitcoin by taking over the accounts of celebrities and business leaders (file photo)

Fellow cybersecurity expert Marcus Hutchins concurred. 

‘I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,’ he explained. 

Court papers suggest Fazeli and Sheppard only got involved in the scheme on a hacking chatroom after Clark dangled the possibility of taking over Twitter handles of short names such as  @anxious and @foreign. 

From there, that scam appears to have evolved into the full-scale hijacking of high-profile accounts. 

Investigators claim Clark, who only recently finished high school in Florida, was the mastermind of the entire episode. 

Twitter has officially stated that the hacker – purported to be Clark-  gained access to a company dashboard that manages accounts  on July 15.

He did this by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees to break in to the internal systems. 

From there, the hackers targeted 130 accounts. They managed to tweet their bogus tweet from 45 prolific accounts. 

They also accessed the direct message inboxes of 36 others, and download the Twitter data from seven separate accoubts. 

Dutch anti-Islam MP Geert Wilders has said his inbox was among those accessed. 

All three alleged hackers will be tried separately. 

Twitter says hackers ‘manipulated’ employees to access 130 accounts 

Twitter said that hackers ‘manipulated’ some of its employees to access accounts.

More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to, which monitors crypto transactions.

‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.

For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.

Twitter locked down affected accounts and removed the fraudulent tweets. It also shut off accounts not affected by the hack as a precaution.

Source: Read Full Article