After Twitter recently confirmed that its cyberattack occurred through phone spear phishing, the world waited for the identities of the hackers involved in the incident.
Just a few hours after the revelation, we got three.
Who hacked Twitter?
A new report from the U.S. Department of Justice (DOJ) exposes the three individuals involved in Twitter's recent security incident:
- 19-year-old Mason Sheppard, aka "Chaewon," of Bognor Regis, in the United Kingdom
- 22-year-old Nima Fazeli, aka "Rolex," of Orlando, Florida
- A juvenile, whose identity remains sealed in accordance with all juvenile proceedings in federal court
Together, the trio used phone spear phishing to gain access to a number of Twitter employees.
From there, they could target employees with access to account support tools, which they used to infiltrate 130 widely followed Twitter accounts.
By tweeting a cryptocurrency scam from 45 of the accounts, the hackers turned a quick $100,000 profit. They also lost that money almost as quickly:
"Upon opening an investigation into this attack, our investigators worked quickly to determine who was responsible and to locate those individuals," said San Francisco FBI Special Agent in Charge John F. Bennett.
"While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks. Regardless of how long it takes us to identify hackers, we will follow the evidence to where it leads us and ultimately hold those responsible for cyber intrusions accountable for their actions. Cyber criminals will not find sanctuary behind their keyboards."
And according to Kelly R. Jackson, Special Agent in Charge of the Washington, D.C., Field Office, it was the money itself that exposed the identity of the hackers:
"Washington DC Field Office Cyber Crimes Unit analyzed the blockchain and de-anonymized bitcoin transactions allowing for the identification of two different hackers. This case serves as a great example of how following the money, international collaboration, and public-private partnerships can work to successfully take down a perceived anonymous criminal enterprise. Regardless of the illicit scheme, and whether the proceeds are virtual or tangible, IRS-CI will continue to follow the money and unravel complex financial transactions."
Many hackers believe that the tools they use cloak them in anonymity. But this case should give them a wake-up call.
And this case also offers another wake-up call, this time about the identities of the hackers involved in cybercrime.
Often, they're closer to home than we like to think.
Rick Holland, Chief Information Security Officer and VP of Strategy at Digital Shadows, highlights what this case reveals about cyberattacks:
"We shouldn't jump to conclusions regarding those responsible for breaches. Given the current geopolitical tensions, it is far too easy to blame China, Russia, or Iran for intrusions. In this case, the advanced persistent threat is more like an advanced persistent teenager.
It is far more critical for defenders to understand how the adversaries gained their initial access and accomplished their objectives. Leave the attribution to law enforcement and intelligence agencies."