from the that-didn’t-take-long dept
This seemed fairly inevitable, after it became quite clear that the Twitter hack from a few weeks ago was done by teen hackers who didn’t seem to do much to cover their tracks, but officials in Florida announced the arrest of a Florida teenager for participating in the hack, followed by the DOJ announcing two others as well — a 19 year old in the UK and a 22 year old in Florida.
As for why the first announced was separate and done by Florida officials, it appears that it involved a 17-year-old, and apparently it was easier to charge him as an adult under state laws, rather than under federal law, as with the other two.
Hillsborough State Attorney Andrew Warren filed 30 felony charges against the teen this week for “scamming people across America” in connection with the Twitter hack that happened on July 15. The charges he’s facing include one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority.
Hillsborough County Jail records show Clark was booked into jail shortly after 6:30 a.m. Friday.
Warren’s office says the scheme to defraud “stole the identities of prominent people” and “posted messages in their names directing victims to send Bitcoin” to accounts that were associated with the Tampa teen. According to the state attorney, the scheme reaped more than $100,000 in Bitcoin in just one day.
Once again, it’s looking like we got incredibly lucky — that it was just some young hackers mostly messing around, rather than anyone with serious ill-intent and the ability to plan something bigger. It now appears that Twitter’s internal security controls were kind of a mess. Over 1,000 employees had access to the control panel that would allow people to make the changes that enabled the hack — and even that some staffers and contractors somehow made it a game to abuse their powers to spy on users.
Once again, it seems that Twitter needs to fix up a lot of things on the security side, including figuring out how to do end-to-end encryption for direct messages.