[2020-08-01] How the FBI tracked down the Twitter hackers

[snipie]

A timeline of the Twitter hack composed from court documents published today.
After earlier today US law enforcement charged three individuals for the recent Twitter hack, with the help of court documents released by the DOJ, ZDNet was able to piece together a timeline of the hack, and how US investigators tracked down the three suspected hackers.

The article below uses data from three indictments published today by the DOJ against:

Mason Sheppard, aka "Chaewon," 19, of Bognor Regis, in the United Kingdom [indictment].
Nima Fazeli, aka "Rolex," 22, of Orlando, Florida [indictment].
Graham Ivan Clark, believed to be "Kirk," 17 of Tampa, Florida [indictment, courtesy of Motherboard]....
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/

[o_e_l_e_o]

Lol, these kids weren't smart.

They used the same email addresses to hijack twitter accounts as they used to create Coinbase accounts, which they then verified by uploading copies of their driver's licenses. They also linked addresses from said Coinbase accounts to their OGUsers and Discord aliases, and logged in to all the services via the same IP addresses. Obviously, Coinbase handed over everything to law enforcement, including names, addresses, emails, dates of birth, copies of KYC documents, addresses, and transaction histories.

People need to learn that anything that touches a centralized exchange is immediately and completely de-anonymized, linked to your real life identity, and shared with dozens of third parties.

[snipie]

-snip-

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them. I mean if those can do this then what about hardcore hackers but also those mistakes will make other newbie hackers learn from it and be more careful, so it will get harder to spot them...

[target]

-snip-

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them. I mean if those can do this then what about hardcore hackers but also those mistakes will make other newbie hackers learn from it and be more careful, so it will get harder to spot them...

Also wonder why they made this public. Its not good. The story says the two hacker are just hiredt it would appear they can bargain they way out.

Its still entertaining to think how they made the popular users look funny especially targeting Bill Gates and Justin Sun, but it got awful when they used it to scam. 
Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

[o_e_l_e_o]

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them.

True. When a careless 17 year old manages to break in to a huge tech company like Twitter, it goes to show just how lax their security practices are. We often see hacks and breaches of crypto companies being made a big deal of on this forum - Ledger's data breach, Binance's data breach, various exchanges and web wallets being hacked for funds, lists of email addresses from ICOs and airdrops being sold, and so on. What a lot of people forget is that such data breaches are commonplace throughout the entire internet, and that even massive tech companies often have terrible security. Google stored passwords in plain text for 14 years. 50 million Facebook accounts were compromised in 2018. Just today an unpatchable exploit to Apple's Secure Enclave has been revealed, meaning an attacker can potentially decrypt and steal all your information and data.

This is why it is so important that people take their privacy and security seriously.

Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

It seems Twitter only picked up on it after they flooded many famous accounts with their bitcoin scam. Given that, it could have been much worse. They could have read or sent private messages to and from world leaders, or tweeted as various CEOs. Remember how much TSLA stock fell when Musk tweeted he thought it was overpriced?

[Lucius]

This is why it is so important that people take their privacy and security seriously.

The only way not to expose your privacy is not to use such social platforms at all - because most of hacked accounts had maximum security settings (if 2FA can be called that), but some not-so-intelligent kids out there played tricks on them. And while the world is now having fun with how the FBI and others have caught hackers, no one is asking how it is possible for Twitter to hire people who have no idea what they are doing?

Hackers are successful because they are allowed to do so by people who are obviously not experts in security issues - but such people come at a price, which leads us to conclude that some large companies would rather hire 5 average experts than one top expert.

[o_e_l_e_o]

The only way not to expose your privacy is not to use such social platforms at all - because most of hacked accounts had maximum security settings (if 2FA can be called that)

Exactly. If you think unchecking a few boxes or changing a few options in Google's or Facebook's settings pages is doing anything meaningful you are kidding yourself. Your data is being harvested, aggregated, stored, transferred, shared, and sold by these companies, and often also leaked or hacked, regardless of what settings you have chosen. The only way to maintain privacy is to stop using them. I'm particularly glad I grew up and developed some sense long before any social media existed. It's a shame for the kids of today, who by the time they realize how important their privacy is, already have their lives splashed across every corner of the internet.

no one is asking how it is possible for Twitter to hire people who have no idea what they are doing?

It's the same everywhere. I have around 10 different software packages I use regularly at work, and they all require a mandatory password change every month. We are not allowed to use a password manager or a physical device such as a USB. What this means is that everyone either uses the same password for everything and simply changes a single digit on the end each month or appends the first three letters of the month, or they write all their passwords down in a notebook or similar which they carry around with them, since we are logging in and using PCs across the whole hospital every day. You point out to the IT department how terrible this is for security, but they don't listen.

[bL4nkcode]

I was really amazed at how these kids able to do the hacking using some social engineering methods but in the end, such a good laugh for how one of them used the same email address to register on a centralized exchange and they used on their illegal activity. By their move, they even don't know that such a bitcoin mixer exists.

[snipie]

-snip-
By their move, they even don't know that such a bitcoin mixer exists.

Sad part they know bitcoin mixers do exist and they already used it to mix ~half of their illegal money. But they aren't clever enough to avoid stupid mistakes like o_e_l_e_o said!

[hatshepsut93]

Lol, these kids weren't smart.

They used the same email addresses to hijack twitter accounts as they used to create Coinbase accounts, which they then verified by uploading copies of their driver's licenses. They also linked addresses from said Coinbase accounts to their OGUsers and Discord aliases, and logged in to all the services via the same IP addresses. Obviously, Coinbase handed over everything to law enforcement, including names, addresses, emails, dates of birth, copies of KYC documents, addresses, and transaction histories.

People need to learn that anything that touches a centralized exchange is immediately and completely de-anonymized, linked to your real life identity, and shared with dozens of third parties.

I just can't wrap my mind around how can these kids be smart enough to hack Twitter, yet dumb enough to reuse emails and leave trail to their social profiles. It's almost like during this entire thing they not once have though "how do I not get caught"?

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

[gentlemand]

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

It was pretty much the least harmful hack that could've happened. I hope it's a wake up call to platforms with this much influence. If moronic brats can do this then you need to get your shit together and fast.

As soon it was mentioned the address had previous they were clearly toast. Mind boggling stupidity on their part.

[hatshepsut93]

And I think we should kinda be glad that the hack was used for a Bitcoin scam, and not for starting a war or crashing the global market.

It was pretty much the least harmful hack that could've happened. I hope it's a wake up call to platforms with this much influence. If moronic brats can do this then you need to get your shit together and fast.

As soon it was mentioned the address had previous they were clearly toast. Mind boggling stupidity on their part.

Like o_e_l_e_o pointed earlier, this isn't the first big security incident, and the fact that Twitter got away with it so easy would likely mean that it won't be a wake up call. If Trump's account got hacked and caused something horrible, or if there was some important info stolen from any of those account's DMs, then maybe it would have stirred some change.

[cr1776]

I am worried that newbies hackers managed to do all of this, leaving tons of mistakes that leads to them.

True. When a careless 17 year old manages to break in to a huge tech company like Twitter, it goes to show just how lax their security practices are. We often see hacks and breaches of crypto companies being made a big deal of on this forum - Ledger's data breach, Binance's data breach, various exchanges and web wallets being hacked for funds, lists of email addresses from ICOs and airdrops being sold, and so on. What a lot of people forget is that such data breaches are commonplace throughout the entire internet, and that even massive tech companies often have terrible security. Google stored passwords in plain text for 14 years. 50 million Facebook accounts were compromised in 2018. Just today an unpatchable exploit to Apple's Secure Enclave has been revealed, meaning an attacker can potentially decrypt and steal all your information and data.

This is why it is so important that people take their privacy and security seriously.

Its all just to monetize their access to twitter, they could have just got away with it if they just continue to sell accounts than aiming for this giveaway scam thru those high profile accounts.

It seems Twitter only picked up on it after they flooded many famous accounts with their bitcoin scam. Given that, it could have been much worse. They could have read or sent private messages to and from world leaders, or tweeted as various CEOs. Remember how much TSLA stock fell when Musk tweeted he thought it was overpriced?

This is a nice point, it goes to show why distributed services like bitcoin (twister etc) should be preferred.  Instead of someone being able to "hack into Bitcoin Inc" they would need to hack into each individual's account.  Without a centralized point like Twitter, this becomes much harder - presuming no one finds P=NP and/or breaks PKE.

Everything should be handled using on-device encryption and not sent off whatever device is being used without being encrypted. 

One thing that concerns me about things like Solid is that they may be making the same error with regard to http and https (and others) again.  I haven't checked in about 6-9 months, but the pods are not encrypted on the device.

[Lanatsa]

-snip-
By their move, they even don't know that such a bitcoin mixer exists.

Sad part they know bitcoin mixers do exist and they already used it to mix ~half of their illegal money. But they aren't clever enough to avoid stupid mistakes like o_e_l_e_o said!

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange? not literally in one go but they can do it on gradual phase.

Its just dumb that they make choice of Coinbase which is heavily centralized.Dont know on whats up to their minds or they have just realized on how stupid they are and letting their faces
uncovered. 

[malevolent]

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange? not literally in one go but they can do it on gradual phase.

They probably got too complacent/comfortable from not facing any consequences over other hacks/scams, otherwise they'd have been better prepared.

[o_e_l_e_o]

How come these scammers didnt able to realize on using up those all of those coins to be mixed first before sending it on an exchange?

They didn't mix the coins, they used a centralized exchange they had completed KYC on, they used the same email addresses across multiple sites including exchange accounts, forum accounts, and hacked twitter accounts, they used the same usernames and aliases across multiple sites, they did nothing to hide their IPs and again connected to multiple sites from the same IPs, and so on. These weren't experienced hackers with some carefully planned attack - they were naive kids who found a weak point and jumped on the opportunity.

But yes, expecting any sort of privacy from a centralized exchange such as Coinbase was particularly naive.

[dansus021]

Maybe the reason they are not hide their ip address and not mixing the coin beside newbie hacker they just tempted with the money they got.

But using centralized exchange with completed KYC is completely crazy

They probably got too complacent/comfortable from not facing any consequences over other hacks/scams, otherwise they'd have been better prepared.

and this can be a reason too, maybe he hacked ppl at the comfort zone make some withdraw before FBI know about it

[Harlot]

They aren't really smart by pulling this Twitter hack proven by them using the same email on creating various accounts counting Coinbase as well. The hack itself isn't their plan based on the stories I have seen someone leaked the vulnerability of Twitter and how easy they can hack multiple accounts from it and they probably just tried it out and see if it works from them. FBI with the help of IRS and their data made this  huntdown for them possible and if they really have used a Coinbase account to receive all of those crypto then there is a big chance that all of the stolen cryptocurrencies will be recovered by the authorities.

[milewilda]

They aren't really smart by pulling this Twitter hack proven by them using the same email on creating various accounts counting Coinbase as well. The hack itself isn't their plan based on the stories I have seen someone leaked the vulnerability of Twitter and how easy they can hack multiple accounts from it and they probably just tried it out and see if it works from them. FBI with the help of IRS and their data made this  huntdown for them possible and if they really have used a Coinbase account to receive all of those crypto then there is a big chance that all of the stolen cryptocurrencies will be recovered by the authorities.

Didnt know if they do able to halt those transactions, if they were able been caught on that Coinbase halted transactions https://www.theverge.com/2020/7/20/21331499/coinbase-twitter-hack-elon-musk-bill-gates-joe-biden-bitcoin-scam then these cashouts havent able to pass through but as far as i know they had able to cash out and that what makes them being traced due they had a verified account used which is
totally dumb for a hacker to giving out an obvious path for the government to look for and now they've been caught with not soo much effort because the trail is just bright as daylight. lol

[bbc.reporter]

The story continues. This time the new victim is India's prime minister hehehe. I was always skeptical of the official story that the sophisticated hack on Twitter was done by teenagers. I speculate that there is something the authorities are not telling the public.



Being one of the most powerful men in the world offers no immunity from the tricks and wits of scamsters. This was evidenced a few hours ago after Indian Prime Minister Narendra Modi’s Twitter account was hacked by “John Wick,” a few weeks after a wider attack was orchestrated against the likes of Binance, Coinbase, Joe Biden, Barack Obama, Warren Buffett, and Kanye West. The hacker in the present case “appealed” for donations to the “PM National Relief Fund for COVID-19″ in Bitcoin and Ethereum.

Source https://eng.ambcrypto.com/donate-bitcoin-ethereum-generously-says-indian-pms-hacked-twitter-a-c/