On July 15th, 2020, many were shocked when some big names – including US President Biden and former president Barack Obama – tweeted, promising to “give back” to the community by doubling any Bitcoin sent to their address.
Despite seeming like an obvious scam to most, the 130 high-profile accounts that touted the ruse still managed to rake in hundreds of payments, with the attackers fraudulently obtaining more than $100,000.
At the time of the Twitter hack, the company scrambled to contain the attack, temporarily preventing all verified users – those with a blue tick on their accounts – from tweeting.
Attackers were able to bypass account security as they had gained access to Twitter’s own internal administration tools by targeting Twitter employees to steal credentials to access the systems.
The San Francisco Division of the Federal Bureau of Investigation (FBI) has been investigating the case, helped by the Internal Revenue Service Criminal Investigation Cyber Crimes Unit and the United States Secret Service.
Previously, authorities had charged three men in relation to the Twitter hack, a 19-year-old from Bognor Regis, another teenager and a 22-year-old from Florida.
Also charged with hacking TikTok and Snapchat, 22-year-old UK citizen Joseph O’Connor faces charges including three counts of conspiracy to intentionally access a computer without authorisation and obtaining information from a protected computer.
- LinkedIn hacking campaign highlights rise in zero-day exploits
- Governments stepping up demands to remove news content on Twitter
- New UK rules to crack down on fake reviews and subscription traps
“Bitcoin scam is a misguided way to frame this incident,” Roi Carthy, CEO of cyber-crime intelligence firm Hudson Rock said. The company had spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
Carthy says: “If anything, the ‘scam’ part supports the conclusion that the group behind the attack was, to Twitter’s luck, unsophisticated. The incident can either be characterised as an account take-over campaign for sale on the Darkweb, or a data breach to get a hold of Direct Messages for malicious purposes.”
The arrest of O’Connor brings a close to one of the most high-profile Twitter hacks in recent memory.
“If O’Connor is convicted, a federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors,” the US Justice Department said.