Alleged Twitter Hacker Arrested for Spear Phishing Attack: Breach Investigation Updates
The alleged Twitter hacker has been arrested, The Wall Street Journal reports. Graham Ivan Clark, of Tampa, was arrested and charged as an adult on July 31, 2020. Clark faces 30 felony charges related to the hack, the report says.
Also charged were Mason Sheppard, 19, of the U.K., and Nima Fazeli, 22, of Orlando, Fla., who the Justice Department described as brokers in the crime, The Journal says.
The Twitter hack affected multiple celebrity and public official accounts, and tricked users into sending bitcoin to hackers. The Twitter attack raises serious economic, financial, political and national security concerns ahead of the 2020 U.S. Presidential Election.
How was Twitter security breached, who got hacked and what steps will the social media company take to further strengthen its platform? Here’s a regularly updated blog tracking the incident, Twitter’s investigation and corrective measures, and the high-stakes effort to keep social media secure.
Note: Blog originally published on July 16, 2020. Updated regularly thereafter with the latest investigation news.
Twitter Statements About Security Incident
In a July 18, 2020 statement about the security incident, Twitter indicated:
- attackers targeted certain Twitter employees through a social engineering scheme.
- The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through two-factor protections.
- 130 Twitter accounts were targeted.
- For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
- For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool.
- Twitter’s incident response team secured and revoked access to internal systems to prevent the attackers from further accessing the systems and the individual accounts.
- For the 130 accounts that were targeted, attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack. Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools. In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.
More Twitter Breach Investigation Updates:
- Twitter said hackers who breached its systems likely read the direct messages of 36 accounts, including one belonging to an elected official in the Netherlands. Source: Reuters, July 22, 2020.
- More than a thousand Twitter employees and contractors as of early 2020 had access to internal tools that could change user account settings and hand control to others, making it hard to defend against the hacking that occurred in mid-July. Source: Reuters, July 23, 2020.
- The breach involved hackers using phone-based spear phishing. Essentially, hackers gained entry to Twitter’s network by reaching out to Twitter employees on their phones. Source: Twitter, July 30, 2020.
Twitter emphasized that the investigation is ongoing, and the details above could change.
Twitter Hacked: Information About the Breach
Note: Information below published on MSSP Alert on July 16, 2020 through July 17, 2020.
- How Did Twitter Get Hacked/Breached?: A hacker allegedly gained access to a Twitter “admin” tool on the social media network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam. Source: TechCrunch, July 16, 2020.
- Which Twitter Accounts Got Hijacked?: The accounts of U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama, Tesla and Space-X founder Elon Musk, and Microsoft co-founder Bill Gates were allegedly victimized. Source: Reuters, July 15, 2020.
- How Many Twitter Accounts Were Victimized?: Hackers targeted about 130 accounts during the cyber attack this week. Twitter continues to assess whether the attackers were able to access private data of the targeted accounts. Source: Reuters, July 16, 2020.
- What did Twitter Initially Say About the Security Incident?: Twitter’s security account posted around 5:45 p.m. EDT on July 15, 2020 that the company was investigating the incident and taking steps to rectify it. Within roughly a half hour, the company took the extraordinary step of limiting posts from verified accounts with blue check marks, which Twitter generally designates for more prominent users. Twitter, late July 15, said it believed the hackers perpetrated the attack by targeting employees who had access to the company’s internal systems and tools. The hackers may have accessed information or engaged in other malicious activity, Twitter said, adding it was still investigating the incident. The company didn’t say how long the hackers had been able to access its internal systems. Twitter said it had limited access to internal systems in response to the hack and locked compromised accounts. Source: The Wall Street Journal, July 15, 2020.
- How is the U.S. Government Investigating the Twitter Hack?: The FBI’s San Francisco office has launched an investigation into the incident. Source: Reuters, July 16, 2020.
- When the Hack Started: Graham Ivan Clark began his work on breaking into Twitter’s network on May 3—months before the high-profile hack. The scheme started with phone calls to Twitter employees. Through social engineering techniques, the employees were tricked into giving out information about Twitter’s network that they should not have shared. Source: The Wall Street Journal, July 31, 2020.
Twitter Hacked: The Bigger Concerns
- Why Should MSSPs Care?: At first, there was concern that Twitter hackers may have bypassed two-factor authentication (2FA) security settings. But now, the concern has shifted to how hackers allegedly gained control of Twitter’s administration tool(s). Similarly, MSSP administration tools — including remote control and remote access software — have been popular hacker targets for infiltrating end-customer systems.
- Why Are Regulators Concerned?: The Twitter breach raises serious questions and concerns — especially ahead of the 2020 U.S. Presidential Election. Hackers who gain control of social media administration tools can, in theory, spread misinformation that potentially manipulates financial markets, elections, international relations, protests, and overall confidence in political systems.
This remains a developing story. Check back for ongoing updates about the breach.