[2020-08-01] How the FBI tracked down the Twitter hackers

[snipie]

A timeline of the Twitter hack composed from court documents published today.
After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers.

The article below uses data from three indictments published today by the DOJ against:

Mason Sheppard, aka "Chaewon," 19, of Bognor Regis, in the United Kingdom [indictment].
Nima Fazeli, aka "Rolex," 22, of Orlando, Florida [indictment].
Graham Ivan Clark, believed to be "Kirk," 17 of Tampa, Florida [indictment, courtesy of Motherboard]....
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/

[1715016437]

1715016437

[1715016437]

1715016437

[o_e_l_e_o]

Lol, these kids weren't smart.

They used the same email addresses to hijack twitter accounts as they used to create Coinbase accounts, which they then verified by uploading copies of their driver's licenses. They also linked addresses from said Coinbase accounts to their OGUsers and Discord aliases, and logged in to all the services via the same IP addresses. Obviously, Coinbase handed over everything to law enforcement, including names, addresses, emails, dates of birth, copies of KYC documents, addresses, and transaction histories.

People need to learn that anything that touches a centralized exchange is immediately and completely de-anonymized, linked to your real life identity, and shared with dozens of third parties.

[snipie]

-snip-

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them. I mean if those can do this then what about hardcore hackers but also those mistakes will make other newbie hackers learn from it and be more careful, so it will get harder to spot them...

[target]

-snip-

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them. I mean if those can do this then what about hardcore hackers but also those mistakes will make other newbie hackers learn from it and be more careful, so it will get harder to spot them...

Also wonder why they made this public. Its not good. The story says the two hacker are just hiredt it would appear they can bargain they way out.

Its still entertaining to think how they made the popular users look funny especially targeting Bill Gates and Justin Sun, but it got awful when they used it to scam. 
Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

[o_e_l_e_o]

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them.

True. When a careless 17 year old manages to break in to a huge tech company like Twitter, it goes to show just how lax their security practices are. We often see hacks and breaches of crypto companies being made a big deal of on this forum - Ledger's data breach, Binance's data breach, various exchanges and web wallets being hacked for funds, lists of email addresses from ICOs and airdrops being sold, and so on. What a lot of people forget is that such data breaches are commonplace throughout the entire internet, and that even massive tech companies often have terrible security. Google stored passwords in plain text for 14 years. 50 million Facebook accounts were compromised in 2018. Just today an unpatchable exploit to Apple's Secure Enclave has been revealed, meaning an attacker can potentially decrypt and steal all your information and data.

This is why it is so important that people take their privacy and security seriously.

Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

It seems Twitter only picked up on it after they flooded many famous accounts with their bitcoin scam. Given that, it could have been much worse. They could have read or sent private messages to and from world leaders, or tweeted as various CEOs. Remember how much TSLA stock fell when Musk tweeted he thought it was overpriced?

[Lucius]

This is why it is so important that people take their privacy and security seriously.

The only way not to expose your privacy is not to use such social platforms at all - because most of hacked accounts had maximum security settings (if 2FA can be called that), but some not-so-intelligent kids out there played tricks on them. And while the world is now having fun with how the FBI and others have caught hackers, no one is asking how it is possible for Twitter to hire people who have no idea what they are doing?

Hackers are successful because they are allowed to do so by people who are obviously not experts in security issues - but such people come at a price, which leads us to conclude that some large companies would rather hire 5 average experts than one top expert.

[o_e_l_e_o]

The only way not to expose your privacy is not to use such social platforms at all - because most of hacked accounts had maximum security settings (if 2FA can be called that)

Exactly. If you think unchecking a few boxes or changing a few options in Google's or Facebook's settings pages is doing anything meaningful you are kidding yourself. Your data is being harvested, aggregated, stored, transferred, shared, and sold by these companies, and often also leaked or hacked, regardless of what settings you have chosen. The only way to maintain privacy is to stop using them. I'm particularly glad I grew up and developed some sense long before any social media existed. It's a shame for the kids of today, who by the time they realize how important their privacy is, already have their lives splashed across every corner of the internet.

no one is asking how it is possible for Twitter to hire people who have no idea what they are doing?

It's the same everywhere. I have around 10 different software packages I use regularly at work, and they all require a mandatory password change every month. We are not allowed to use a password manager or a physical device such as a USB. What this means is that everyone either uses the same password for everything and simply changes a single digit on the end each month or appends the first three letters of the month, or they write all their passwords down in a notebook or similar which they carry around with them, since we are logging in and using PCs across the whole hospital every day. You point out to the IT department how terrible this is for security, but they don't listen.

[bL4nkcode]

I was really amazed at how these kids able to do the hacking using some social engineering methods but in the end, such a good laugh for how one of them used the same email address to register on a centralized exchange and they used on their illegal activity. By their move, they even don't know that such a bitcoin mixer exists.

[snipie]

-snip-
By their move, they even don't know that such a bitcoin mixer exists.

Sad part they know bitcoin mixers do exist and they already used it to mix ~half of their illegal money. But they aren't clever enough to avoid stupid mistakes like o_e_l_e_o said!

[hatshepsut93]

Lol, these kids weren't smart.

They used the same email addresses to hijack twitter accounts as they used to create Coinbase accounts, which they then verified by uploading copies of their driver's licenses. They also linked addresses from said Coinbase accounts to their OGUsers and Discord aliases, and logged in to all the services via the same IP addresses. Obviously, Coinbase handed over everything to law enforcement, including names, addresses, emails, dates of birth, copies of KYC documents, addresses, and transaction histories.

People need to learn that anything that touches a centralized exchange is immediately and completely de-anonymized, linked to your real life identity, and shared with dozens of third parties.

I just can't wrap my mind around how can these kids be smart enough to hack Twitter, yet dumb enough to reuse emails and leave trail to their social profiles. It's almost like during this entire thing they not once have though "how do I not get caught"?

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

[gentlemand]

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

It was pretty much the least harmful hack that could've happened. I hope it's a wake up call to platforms with this much influence. If moronic brats can do this then you need to get your shit together and fast.

As soon it was mentioned the address had previous they were clearly toast. Mind boggling stupidity on their part.

[hatshepsut93]

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

It was pretty much the least harmful hack that could've happened. I hope it's a wake up call to platforms with this much influence. If moronic brats can do this then you need to get your shit together and fast.

As soon it was mentioned the address had previous they were clearly toast. Mind boggling stupidity on their part.

Like o_e_l_e_o pointed earlier, this isn't the first big security incident, and the fact that Twitter got away with it so easy would likely mean that it won't be a wake up call. If Trump's account got hacked and caused something horrible, or if there was some important info stolen from any of those account's DMs, then maybe it would have stirred some change.

[cr1776]

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them.

True. When a careless 17 year old manages to break in to a huge tech company like Twitter, it goes to show just how lax their security practices are. We often see hacks and breaches of crypto companies being made a big deal of on this forum - Ledger's data breach, Binance's data breach, various exchanges and web wallets being hacked for funds, lists of email addresses from ICOs and airdrops being sold, and so on. What a lot of people forget is that such data breaches are commonplace throughout the entire internet, and that even massive tech companies often have terrible security. Google stored passwords in plain text for 14 years. 50 million Facebook accounts were compromised in 2018. Just today an unpatchable exploit to Apple's Secure Enclave has been revealed, meaning an attacker can potentially decrypt and steal all your information and data.

This is why it is so important that people take their privacy and security seriously.

Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

It seems Twitter only picked up on it after they flooded many famous accounts with their bitcoin scam. Given that, it could have been much worse. They could have read or sent private messages to and from world leaders, or tweeted as various CEOs. Remember how much TSLA stock fell when Musk tweeted he thought it was overpriced?

This is a nice point, it goes to show why distributed services like bitcoin (twister etc) should be preferred.  Instead of someone being able to "hack into Bitcoin Inc" they would need to hack into each individual's account.  Without a centralized point like Twitter, this becomes much harder - presuming no one finds P=NP and/or breaks PKE.

Everything should be handled using on-device encryption and not sent off whatever device is being used without being encrypted. 

One thing that concerns me about things like Solid is that they may be making the same error with regard to http and https (and others) again.  I haven't checked in about 6-9 months, but the pods are not encrypted on the device.

[Lanatsa]

-snip-
By their move, they even don't know that such a bitcoin mixer exists.

Sad part they know bitcoin mixers do exist and they already used it to mix ~half of their illegal money. But they aren't clever enough to avoid stupid mistakes like o_e_l_e_o said!

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange? not literally in one go but they can do it on gradual phase.

Its just dumb that they make choice of Coinbase which is heavily centralized.Dont know on whats up to their minds or they have just realized on how stupid they are and letting their faces
uncovered. 

[malevolent]

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange? not literally in one go but they can do it on gradual phase.

They probably got too complacent/comfortable from not facing any consequences over other hacks/scams, otherwise they'd have been better prepared.

[o_e_l_e_o]

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange?

They didn't mix the coins, they used a centralized exchange they had completed KYC on, they used the same email addresses across multiple sites including exchange accounts, forum accounts, and hacked twitter accounts, they used the same usernames and aliases across multiple sites, they did nothing to hide their IPs and again connected to multiple sites from the same IPs, and so on. These weren't experienced hackers with some carefully planned attack - they were naive kids who found a weak point and jumped on the opportunity.

But yes, expecting any sort of privacy from a centralized exchange such as Coinbase was particularly naive.

[dansus021]

Maybe the reason they are not hide their ip address and not mixing the coin beside newbie hacker they just tempted with the money they got.

But using centralized exchange with completed KYC is completely crazy

They probably got too complacent/comfortable from not facing any consequences over other hacks/scams, otherwise they'd have been better prepared.

and this can be a reason too, maybe he hacked ppl at the comfort zone make some withdraw before FBI know about it

[Harlot]

They aren't really smart by pulling this Twitter hack proven by them using the same email on creating various accounts counting Coinbase as well. The hack itself isn't their plan based on the stories I have seen someone leaked the vulnerability of Twitter and how easy they can hack multiple accounts from it and they probably just tried it out and see if it works from them. FBI with the help of IRS and their data made this  huntdown for them possible and if they really have used a Coinbase account to receive all of those crypto then there is a big chance that all of the stolen cryptocurrencies will be recovered by the authorities.

[milewilda]

They aren't really smart by pulling this Twitter hack proven by them using the same email on creating various accounts counting Coinbase as well. The hack itself isn't their plan based on the stories I have seen someone leaked the vulnerability of Twitter and how easy they can hack multiple accounts from it and they probably just tried it out and see if it works from them. FBI with the help of IRS and their data made this  huntdown for them possible and if they really have used a Coinbase account to receive all of those crypto then there is a big chance that all of the stolen cryptocurrencies will be recovered by the authorities.

Didnt know if they do able to halt those transactions, if they were able been caught on that Coinbase halted transactions https://www.theverge.com/2020/7/20/21331499/coinbase-twitter-hack-elon-musk-bill-gates-joe-biden-bitcoin-scam then these cashouts havent able to pass through but as far as i know they had able to cash out and that what makes them being traced due they had a verified account used which is
totally dumb for a hacker to giving out an obvious path for the government to look for and now they've been caught with not soo much effort because the trail is just bright as daylight. lol

[bbc.reporter]

The story continues. This time the new victim is India's prime minister hehehe. I was always skeptical of the official story that the sophisticated hack on Twitter was done by teenagers. I speculate that there is something the authorities are not telling the public.



Being one of the most powerful men in the world offers no immunity from the tricks and wits of scamsters. This was evidenced a few hours ago after Indian Prime Minister Narendra Modi’s Twitter account was hacked by “John Wick,” a few weeks after a wider attack was orchestrated against the likes of Binance, Coinbase, Joe Biden, Barack Obama, Warren Buffett, and Kanye West. The hacker in the present case “appealed” for donations to the “PM National Relief Fund for COVID-19″ in Bitcoin and Ethereum.

Source https://eng.ambcrypto.com/donate-bitcoin-ethereum-generously-says-indian-pms-hacked-twitter-a-c/

[feitannnnnnn]

The story continues. This time the new victim is India's prime minister hehehe. I was always skeptical of the official story that the sophisticated hack on Twitter was done by teenagers. I speculate that there is something the authorities are not telling the public.



Being one of the most powerful men in the world offers no immunity from the tricks and wits of scamsters. This was evidenced a few hours ago after Indian Prime Minister Narendra Modi’s Twitter account was hacked by “John Wick,” a few weeks after a wider attack was orchestrated against the likes of Binance, Coinbase, Joe Biden, Barack Obama, Warren Buffett, and Kanye West. The hacker in the present case “appealed” for donations to the “PM National Relief Fund for COVID-19″ in Bitcoin and Ethereum.

Source https://eng.ambcrypto.com/donate-bitcoin-ethereum-generously-says-indian-pms-hacked-twitter-a-c/

The article also says that

Twitter also clarified that prima facie, there is no indication or evidence to suggest that the present case has any connection with the wider hack that shook the platform last month.

So maybe its either a situation where the hacker took chance of getting in the limelight the same time the wider attack happens.

And in this case, I do respect the intention of the hacker to donate generously to PM National Relief Fund for COVID 19.

[cr1776]

While the FBI did "track down" the Twitter hackers, given how stupid they were, it didn't seem to require much work to do the tracking.  Which is good - unless you are the hackers.

[Kakmakr]

Nobody can be this stupid... even if these kids was just some script kiddies who "copied" scripts and methods from real hackers... then they were smart enough to use those tools and not smart enough to hide their real identity. 

I think these kids knew exactly what they were doing and they wanted to get caught. Why...?... well that is easy, Answer : For the Fame and notoriety that comes from being the kids who hacked one of the largest social media companies in the world. (They think it will come with some kind of Book or Movie deal when they are older and also the fame and acknowledgement that they would get from social media or simply brag rights that they did it) 

[bbc.reporter]

@Kakmakr. I am skeptical about this official story as the real story. This was a sophisticated hack that appeared to be a warning disguised as a bitcoin donation scam.

I speculate that there might be a suppression of there larger issue. Am I watching too much movies hehhe?

[cr1776]

@Kakmakr. I am skeptical about this official story as the real story. This was a sophisticated hack that appeared to be a warning disguised as a bitcoin donation scam.

I speculate that there might be a suppression of there larger issue. Am I watching too much movies hehhe?

I think you are right.  Particularly with the concept of parallel construction, aka legalized perjury.  The 2013 use of this during the Obama administration was just disgusting.  Even more so when it is based upon NSA spying.

[Vishnu.Reang]

Nobody can be this stupid... even if these kids was just some script kiddies who "copied" scripts and methods from real hackers... then they were smart enough to use those tools and not smart enough to hide their real identity. 

I think these kids knew exactly what they were doing and they wanted to get caught. Why...?... well that is easy, Answer : For the Fame and notoriety that comes from being the kids who hacked one of the largest social media companies in the world. (They think it will come with some kind of Book or Movie deal when they are older and also the fame and acknowledgement that they would get from social media or simply brag rights that they did it) 

Nowadays anyone can be a hacker, as long as he has the ability to read and write in English. A lot of Blackhat forums are there and a lot of stuff is floating around in the form of PDFs and eBooks. Anyone can go through these eBooks and try their luck with hacking. And in most cases they will be let off with a warning, even if the authorities are able to trace them.

[vlast01]

If the FBI continues to track down hackers and not interfere with the development of the crypto industry, then this will be great.

Yup these and these will benefits both parties, If there are FBI tracking for hackers then cryptoworld will once rise again to the top. Reducing the number of hackers will reduces the risk of being scammed for investors,bounty hunters, traders, developers and etc..

[Sirait]

~snip

I applaud their abilities, they are still very young but already able to make big movements like this. Twitter should not be so harsh on them as they seem to be doing it to increase their reputation.

they are obliged to receive punishment but not a harsh sentence like going to prison.