en
Back to the list

How were the Twitter hackers caught

source-logo  en.cryptonomist.ch 04 August 2020 07:30, UTC

The hackers responsible for the July 15th Twitter attack have been identified and caught

They are a 17-year-old guy from Tampa, Florida (USA), considered the mastermind of the operation, and two other 20-year-old guys, one from Orlando, also in Florida, and the other from Great Britain. 

However, it seems that there were more than three people involved, and the investigators may arrest other people in the next few days. 

The FBI special agent in charge of the investigation, John Bennett, said

“While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks”.

This unexpected progress was most likely due to some mistakes made by the hackers. 

The mistakes made by the Twitter hackers

In fact, according to the New York Times, some of them ended up depositing part of the stolen bitcoin on their personal accounts of some crypto exchanges, in particular Coinbase, and the latter promptly reported the suspicious deposit to the authorities. 

Although the hackers tried to make it difficult for investigators to trace the BTC stolen with this scam, using techniques to conceal transactions, it was not particularly complicated to trace them, thanks to special analysis software of the Bitcoin public blockchain. 

Therefore, as soon as part of those bitcoins were deposited on the exchanges, they detected their suspicious origin and reported them to the authorities, including the identity of the account owners. 

Among other things, Coinbase itself revealed a few days ago that it had already made efforts during the attack to prevent its users from paying bitcoin to the address used by the fraudsters. 

According to Wired, one of the hackers also made another mistake. 

In fact, identified as the Discord user Rolex #0373, on October 30th, 2018 he left a trace on an OGUsers forum of one of the bitcoin addresses of his Coinbase account. The latter turns out to be registered under the same name used on OGUsers, namely “Nim F” and since the user was suspected of being involved in the Twitter attack, it was enough to verify the identity of the account to find out that it was Nima Fazeli, from Orlando (Florida), who had verified his identity with his driver’s license. 

It would appear, therefore, that this was an attack not organized and managed particularly well, by hackers not particularly experienced as fraudsters. 

As far as the technical aspect is concerned, Wired reports that the procedure used was relatively complex. 

en.cryptonomist.ch