Two teenagers among three charged over celebrity Twitter hack

Biden, Obama, Musk, Gates and Bezos had account compromised in bitcoin scam

In the course of halting the hack, Twitter stopped all verified accounts from tweeting at all. Photograph: Alastair Pike/AFP via Getty Images
In the course of halting the hack, Twitter stopped all verified accounts from tweeting at all. Photograph: Alastair Pike/AFP via Getty Images

Three men, including a 19-year-old from Britain, have been charged in the US over a hack of high profile Twitter users earlier this month.

The suspects include a man from Bognor Regis, a 22-year-old man from Orlando, Florida, and a 17-year-old from Tampa, Florida.

The boy was arrested Friday in Tampa, authorities said. He faces 30 felony charges, according to a news release.

Two others were arrested on Friday on charges relating to the hack. The 22-year-old was charged with aiding and abetting the intentional access of a protected computer.

READ SOME MORE

The 19-year-old who went by the moniker “Chaewon” online, was arrested in the UK and charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer.

On July 15th, hackers took control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.

The compromised accounts, which have tens of millions of followers, sent a series of tweets proposing a classic bitcoin scam: followers were told that if they transferred cryptocurrency to a specific bitcoin wallet, they would receive double the money in return.

The hack unfolded over the course of several hours, and in the course of halting it, Twitter stopped all verified accounts from tweeting at all – an unprecedented measure.

Twitter said on Thursday the hackers used a phone “spear-phishing” attack to target Twitter employees. After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.

Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

The hackers targeted 130 accounts and managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. – Guardian/Agencies