Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack.

News articles. Boing Boing post. Florida state attorney press release.

This is a developing story. Post any additional news in the comments.

EDITED TO ADD (8/1): Two others have been charged as well.

EDITED TO ADD (8/11): The online bail hearing was hacked.

Posted on July 31, 2020 at 4:03 PM • 16 Comments

Comments

TatütataJuly 31, 2020 6:34 PM

Florida boy? Meme alert!

The Tampa teen allegedly pretended to work for Twitter’s IT department

It could have been that infamous "400 pound hacker living in New Jersey".

That just the laugh I needed to finish this week.

PhaeteJuly 31, 2020 8:52 PM

I see some security training courses in the future for Twitter employees.
An obligatory Kevin Mitnick hour/day in that training.
In the end, most will have a some sort of certificate and business will resume as normal.

Lightning surely won't hit twice?
Tomorrow it will be another company.

DavidJuly 31, 2020 9:00 PM

They were quick to blame the usual NK/Iran and China and so far two from Florida and one from Bognor Regis are accused.
Annoying the worlds richest men, who are in a position to push the FBI to treat the case seriously, was not a good idea.
Bitcoin probably turned out to be a lot less anonymous than they hoped

echoAugust 1, 2020 1:41 AM

@SocraticGadfly

Otherwise, using your real DL in a case like this? The stupidity of the criminal mind, per Mencken, should never be underestimated.

The stupdity of the criminal mind of those who are easily caught should never be underestimated.

Clive RobinsonAugust 1, 2020 2:07 AM

@ Tatütata,

From the ARS article,

    "[Mason] Sheppard used the hacking names “Chaewon” and “ever so anxious#001” and resides in the UK town of Bognor Regis."

Well I guess someone has to[1]...

Well there is a funny side to this story, I did predict,

    Oh and don't be supprised if Iran or one of the other three some how get blaimed by US politicos, it's just the sort of opportunity some idiot would jump on.

And,

    I suspect that there was an underlying reason why this attack was carried out but the picture being painted is one of adolescents seeking Ego-food, which does not sit well, thus looks like it's a distraction / smoke screen.

Well sometimes things are what they appear to be...

Mind you one oddity that I spotted about "the 17year old" is,

    "He was arrested at his apartment where he lives by himself, authorities stated."

Begs the question of who was paying for the apartment and how did a legal minor get to live there...


[1] Bognor Regis (Royal Bognor) is somewhat of a joke in the UK it is a sleepy little "faded glory" seaside resort and almost town in West Sussex on the south coast of England. Whilst not quite having "tumble weed" blow through it most of the year it used to have the night life of a cemetery. Except when Summer Hove into view and Dr Frankenstein pulled "the more power Egor" switch... Then with a shudder, groan and geriatric smokers wheeze it would once more be reanimated and rise from it's winter cold slab. To festoon it's self with balls of pink cotton candy spun sugar garish colour schemes, flashing lights and the sort of hurdy gurdy music used in gothic horror come splatter fest movies for it's creepy effect, just before someone gets written out of the script with a squelch. As the price of housing in London and for fifty miles around has became to much for most people to aford, seaside towns like Brighton with what should be --but are frequently not-- reasonable rail connections to London became the new "dormer towns" thus they in turn became way too expensive... So speculators figured Bognor was a lucrative real estate investment, especially with "Staycations" becoming "more of a thing". So the place has had it's first real slap of paint in living memory, hence the rebrandibg to "Royal Bognor" just in time for COCID-19 to rain on any kind of economic prosperity from the summer season. But few know how Bognor become "of the King" and what did the King actually think of the place... Well not a lot apparently, when told he would be staying there for "the sea airs" apparently the Royal reply was "Oh bugger Bognor". It's said the place was so unpopular that during WWII it was selected for the Mulbary Harbour caison building because nobody went to bognor not even German reconnaissance planes thus keeping the construction secret would not be difficult. One caison that broke free and sunk is still a prominent feature and can be seen all year around as a hazard to navigation. After the war the place became blighted by a "holiday camp" that spawned many jokes and Butlins and it's "red coats" ment lots of strange folks meeting as Sleepy West Sussex met leary London East Enders who would have a generation before been hop picking in Kent. So as they say about Victorian Workhouses to frighten children "Yes somebody has to live there, but if you work hard it does not have to be you"...

SpaceLifeFormAugust 1, 2020 3:30 AM

Opsec fail. FBI used data from a hack dump of hackers forum.

hXXps://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/

According to court documents, the entire hack appears to have begun on May 3, when Clark, a teen from Tampa, but living in California, gained access to a portion of Twitter's network.

AndersAugust 1, 2020 4:24 PM

If bunch of kiddies can play around with Twitter just for fun and profit, then think what governments with virtually unlimited resources can do.

Why should i trust any of those tweets now? All of them could be altered just for my region so i could see what THEY want me to see...

echoAugust 2, 2020 5:33 AM

@anders

If bunch of kiddies can play around with Twitter just for fun and profit, then think what governments with virtually unlimited resources can do.

Why should i trust any of those tweets now? All of them could be altered just for my region so i could see what THEY want me to see...

Twitter can be a bit of a toy at one end and can be useful at another. It really depends who you follow and what value is being added. The problem it's a mix of all this and places an "undue burden" on the responsible end user. Yes, you pretty much have to validate stuff and yes you need to check other peoples understanding of what is happening. Can twitter be hacked? Yes. Can twitter content be spoofed? I'm sure. That's why you need to have a "big picture" approach as well as keep your eye open for obvious stupidity.

Twitter is not and does not pretend to be a certified and hardwired real-time system.

I simply couldn't get on with twitter. It is utterly useless for policy discussion and getting things done.

ExistentialTormentAugust 2, 2020 6:19 AM

all it took was 3 teens to breach the security of one of the biggest social media sites in the world. I hope this opens up some good dialogue considering what this means for the validity of statements made online, good on them I say... after all the money will be returned im sure.

echoAugust 3, 2020 3:35 AM

@ExistentialTorment

all it took was 3 teens to breach the security of one of the biggest social media sites in the world. I hope this opens up some good dialogue considering what this means for the validity of statements made online, good on them I say... after all the money will be returned im sure.

There are two problems:

* Authoritarians at the state, organisational, and individual levels.

* Yahoos at the state, organisational, and individual levels.

This makes parsing some news reports and puff pieces and the odd "placed" article very tricky as you have to unpack them and figure out who is crossing the line and in what way and what the spin and nonsense is. You also have to weigh "legitimate concerns" and benign sounding concerns from the agenda and figure out how this fits with human rights and equality abuses and known best practice as established by courts and the law and known good standards.

There is a lot of state level belligerence and demagoguery and criminality and general stupidity and mouthing off and evidence free nonsense swirling around at the moment. The fact it was a sugarcrazed barely into adulthood individual with a record of "you can see him coming" criminal behaviour should be a wakeup call.

SpaceLifeFormAugust 3, 2020 2:23 PM

Alleged *mastermind* has 300 bitcoin.

Bail set at $725,000.

hXXps://www.yahoo.com/news/alleged-17-old-twitter-hacker-065537801.html

SpaceLifeFormAugust 4, 2020 11:46 PM

Staying off of social media and linkedin will reduce the attack surface.

hXXps://twitter.com/RachelTobac/status/1290656685200154624

Clive RobinsonAugust 5, 2020 4:09 AM

@ SpaceLifeForm,

With regards Rachel Tobac's advice...

This is spoofable,

    "Hang up & call back."

With old style phones such as POTS lines and many small business lines, as the recipient of a call puting the phone back on the hook does not necessarily "clear the line".

Thus when you pick the phone up again you will still have the caller on the line. This is because with older phones it alowed you to "transfer the call" to a parallel wired phone without loosing the call.

So when you pick up and dial a number it has no real effect apart from reconecting you with the original caller who carries on with their "social engineering".

The slightly smarter "social engineers" who know this also have "tone boxes" that fake dial tones, ringing, engaged, number not available etc. The smarter designed tone boxes would recognize things like non local trunk or international call numbers and give the right tones and repeat cycles, so that the "target" was not alerted.

As the old saying goes,

    Been there done that...

Well not the "social engineering" but as part of designing "Pole Job" equipment that is like an "infinity bug on steroids". Essentially when they picked up and dialed you could,

1, Relay the call through.
2, Give them an engaged tone.
3, Give them a number unavailable.

The advantage of relaying was whilst you got to pay for the call you could comfortably listen in to both sides of the call and still have the infinity bug working when they hung up. You'ld be suprised just how much Government customers paid for such equipment...

echoAugust 5, 2020 10:47 AM

@Clive @SpaceLifeForm

See also: call interception and gold bullion and bankers drafts.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.