Twitter Hackers Arrested

Security Now
|

Automatic TRANSCRIPT

We have learned more about who's behind who is believed to be behind the twitter hack. And you know not some four. Powerful state-sponsored cybercrime gang, just A. we believe a seventeen year. Old Kid His name is all over the tech press. I heard you not wanting to say it on on, Mac. Breglio. So but I do have it in the show notes. To find it I mean. Yeah. You know I come from the School of journalism where you don't say the names of miners were accused of crimes, but apparently nobody else does that. So the AD the local Florida news channel. WFL talks Tim right away. They outed him as Graham Clark from Tampa Bay Florida. We. So they also. Suitably creepy, picture. Of Him. I know in fact in fact before. I reduced in size I. Actually had in the show notes. He looks a little bit like spock at so. got kind of a pointed ear. Is Little bit creepy. And, it's interesting too that his nick is Kirk. So Oh, maybe. Two Years Yeah. So Anyway the the the sad thing is this guy's life is now seriously sparked up. Yeah. He's been charged with felonies relating to computer communications and organized fraud for scamming hundreds of people using compromised account according to a press release from Hillsborough State Attorney. Andrew Warren's office. This guy Grab Clark. Now. Faces Thirty Felony Charges? So we have one count of organized fraud involving more than fifty thousand dollars, seventeen counts of communications, fraud of over three hundred dollars. One count of fraudulent use personal information. For an amount over one, hundred, thousand dollars or thirty or more victims. Ten counts of fraudulent use personal information and one count access to computer or electronic devices without authority and scheming to defraud. So in total thirty counts of felony charges, all of those felonies. So I mean I do feel like unfortunately, there's there's sort of a bit of. overreaction I, I, mean I get it that. This was not good and certainly that the law enforcement wants to send a message like don't do this even if you can Initially, the the initial announcement didn't indicate whether Clark had any partners in crime, but a few hours after the press conference announcement, the world learned that the US. DOJ had also filed charges against two other suspects believed to have helped Clark in this hack. The first of those was identified as Mason Shepherd who who's known as chair Juan nineteen years old living in Bognar Regis in the UK and the other is identified as Nima Fazackerley. Also known as Rolex twenty, two year, old residing in Orlando Florida. The US Attorney Anderson said there is a false belief within the criminal hacker community that attacks like the twitter hack can be perpetrated anonymously and without consequence today's charging announcement demonstrates thus I think an example has been meeting is being made. That, the elation of nefarious hacking into a secure environment for fun or profit will be short lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrated, but there's nothing stealthy about it. In particular. He said, I want to say to would be offenders break the law Ed. We will find you please. So exactly the kind of thing hackers go. knows. That's GonNa, really scare me, I remember when I was a teenager. And in Fact Leo, did this did I? You know I was always a good kid. But oh, to be seventeen and have done Brazi network in front of me. Yeah. Yeah. Twitter early, fairly clever. Because, well, go ahead because it the way did it was kind of kind of interesting. Yeah. So for their part twitter disclosed a bit more about the nature of the attacks. They said that the that the phone based social engineering attack allowed the attackers to obtain the credentials of a limited set of employees, which then made it possible to gain access to twitter's internal. Internal Network and support tools although not all of those employees were who are initially targeted had permissions to use account management tools. The attackers you know apparently, just actually just Graham was able to use their credentials to then access twitter's internal systems and gain information about twitter's processes that expanded knowledge then enabled the attackers to target additional employees who did have access to twitter's privileged account support tools. Reuters also had reported something that I had not seen elsewhere, which was that as of Earlier. This year. More than a thousand twitter employees and contractors had access to twitter's in tools and could change user account settings in hand control over to others a thousand. And this was a key. To former twitter employees. Well as we know such widespread access makes it difficult if not impossible to defend against the sort of hacking that occurred.

Coming up next