It was an 17 year old teen with the name Graham Ivan Clark who has been considered as the master mind of Twitter Hack hijacking attacks on the platform affected several high profile people’s account including former President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple. which took place on July 15 and has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromised accounts along with Mason Sheppard, aka “Chaewon,” 19, from the United Kingdom, Nima Fazeli, aka “Rolex,” 22, from Florida.
According to Department of Justice
Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.
The third defendant(Graham Ivan Clark) is a juvenile. With exceptions that do not apply to this case, juvenile proceedings in federal court are sealed to protect the identity of the juvenile.
“The hackers allegedly compromised over 100 social media accounts and scammed both the account users and others who sent money based on their fraudulent solicitations,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.
Another U.S. Attorney David L. Anderson said “There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence”
The recent investigation revealed that planning for the attack started on May 3 when Clark got access to access to Twitter internal tool which were pinned Twitter internal Slack workspaces. Clack then used “phone spear phishing attack” to overcome the multi factor authentication for the Twitter internal tools.
Chat logs included in court documents showed Clark (Discord user “Kirk#5270”) approaching two other hackers (Fazeli as Discord user “Rolex#037” and Sheppard as Discord user “ever so anxious#0001”) and claimed to work at Twitter. from the Discord channel of OGUsers, a forum dedicated to hackers selling and buying social media accounts.
Authorities along with FBI gathered the data from from Coinbase(BitCoin address mentioned by hackers), chats from Discord and OGUsers about their IP addresses and emails.
As an example, authorities tracked Fazili down after he linked his Discord username from his OGUsers page, an obvious operational security (OpSec) mistake. Fazili also made multiple other mistakes in hiding his identity. He used the email@example.com address to register an account on the OGUsers forum and the firstname.lastname@example.org email address to hijack the @foreign Twitter account and also used them to register coinbase accounts which he verified with his original driver’s licence.
Similarly goes for Sheppard (anxious#0001), who on OGUsers as Chaewon. Investigators said they were able to connect Sheppard’s Discord user with his OGUsers persona thanks to the ad he posted on the site on the day of the hack, but they also got confirmation going through the OGUsers leaked database, where they found Chaewon buying a video game username with a Bitcoin address that was connected to addresses used on the day of the Twitter hack.