A Florida teen hacked influential politicians, actors and technology moguls’ Twitter accounts to cheat people across the globe out of more than $100,000 in Bitcoin, authorities said Friday.
The 17-year-old boy was arrested earlier Friday in Tampa where he will be charged by the Hillsborough State Attorney’s Office. According to a press release he faces 30 criminal charges.
The hacks contributed to fake tweets being sent out July 15 from the accounts of Barack Obama, Joe Biden, Michael Bloomberg and other tech billionaires like Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. There were also hacked Celebrities Kanye West and his wife, Kim Kardashian West.
The tweets offered to send out $2,000 to an anonymous Bitcoin address for every $1,000 sent.
Previously Twitter said hackers used the phone to fool the employees of the social media company into giving them access. It said it was targeting “a limited number of employees via a spear-phishing attack by phone.”
“This assault was based on a massive and deliberate effort to deceive certain workers and manipulate human vulnerabilities in order to gain access to our internal networks,” the firm tweeted.
The company said the hackers have been able to target other workers who had access to account support tools after stealing employee credentials and breaking into Twitter’s systems.
The hackers had been targeting 130 accounts. They managed to tweet from 45 accounts, access 36 inboxes of direct messages and download seven Twitter data. Dutch anti-Islamic lawmaker Geert Wilders has said that his inbox has been hacked by others.
Spear-phishing is a more targeted form of phishing, an impersonation scheme that uses email or other electronic communications to trick recipients into passing on sensitive data.
Twitter said it would later provide a more detailed report, “given the ongoing investigation into law enforcement.”
Previously, the company said the incident was a “coordinated social engineering assault” which targeted some of its employees with access to internal systems and instruments. It did not provide any further specifics on how the attack was executed, but the details released so far indicate that the hackers began by using the old-fashioned method of talking their way past security.
British cybersecurity expert Graham Cluley said his hypothesis was that a targeted Twitter employee or contractor received a telephone message telling them to call a number.
“If the worker called the number they could have been taken to a convincing (but fake) helpdesk operator, who could then use psychological manipulation tactics to trick the intended victim into handing over their credentials,” Clulely wrote on his blog Friday.
It is also probable that the hackers tried to call by spoofing the number from the company’s official help line, he said.