Spanish National Police arrested a 22-year-old in Spain on Wednesday in connection with a massive hack that compromised more than 130 accounts across Twitter. According to the Department of Justice, Joseph O’Connor, a British national, was arrested at the request of US authorities and is also being charged with hacking TikTok and Snapchat accounts and cyberstalking a juvenile.
Social Media Bitcoin Scam
O’Connor is the second arrested for allegedly hacking Twitter in July 2020, which caused the service to be temporarily shut down. Hackers took over accounts of celebrities, politicians and companies in a bold Bitcoin impersonation scam. Once they had access to the accounts — including President Joe Biden, Barack Obama, Jeff Bezos, Elon Musk, Bill Gates, Apple and Uber — hackers asked their followers to send $1,000 in Bitcoin to a specific blockchain address.
As a way of “giving back to the community” suffering from the COVID-19 pandemic, each fraudulent account promised to send $2,000 back. Though such a strange request should raise eyebrows and red flags, with accounts that have such large amounts of followers (Elon Musk currently has 58 million followers, Pres. Joe Biden has 30 million and Apple 6.5 million), some people fell victim to the scam.
By the time Twitter got a handle on the breach, hackers had walked away with 12.9 Bitcoin worth $118,000 from almost 400 people.
How They Hacked Twitter: Social Engineering Leads to Breach
Hackers didn’t target the individual accounts themselves, but rather Twitter’s tech infrastructure using a method called social engineering. Hacking often comes from the outside, with cybercriminals taking advantage of exploits and vulnerabilities in software and IT systems. But these hackers came from the inside.
Twitter had switched to total remote working in March 2020, and employees were using Twitter’s own Virtual Private Network (VPN) to access administrative parts of the site. Employees had been reportedly having issues with the VPN.
According to New York’s official report on the hack, fraudsters called several Twitter employees, claiming to be the Help Desk in Twitter’s IT department. Hackers said they were responding to a reported problem with Twitter’s VPN and successfully led an employee to a “nearly identical” phishing website for Twitter’s VPN site.
While the employee entered their credentials into the phishing website, hackers simultaneously entered the same credentials into Twitter’s real site. This log-in generated a Multifactor Authentication notification — this could be through biometrics, SMS or an authenticator app — requesting that the employees authenticate themselves.
Once an employee authenticated the MFA, the hackers were in.
Court Hearing Gets Zoombombed
Authorities said that O’Connor will be extradited to the United States, making him the fourth to be arrested in connection to the case. During the first court appearance of 17-year-old Graham Ivan Clark — who prosecutors called the “mastermind” of the hack — unknown pranksters decided to create more chaos.
Judge Christopher Nash had to stop proceedings after mysterious users “Zoombombed” the online hearing. The meeting wasn’t password-protected, and trolls jumped in playing rap music, screaming and writing obscenities and even closed with a pornographic video from Pornhub.
Though they weren’t implicated in the hack itself, 19-year old Mason Sheppard and 22-year old Nima Fazeli were also charged at the hearing. The pair was accused of trying to find buyers for popular Twitter usernames that the hackers had stolen.