By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Sean Hollister, reporting for The Verge:
Early on July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed a 17-year-old in Tampa, Florida, under arrest. He’s accused of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history, one that took over the accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk, Kanye West, Apple, and more to perpetrate a huge bitcoin scam on July 15th.
But apparently, he wasn’t alone: shortly after the Tampa arrest was revealed and after we published this story, two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ.
According to federal agents, Sheppard had used a personal driver’s license to verify himself with the Binance and Coinbase cryptocurrency exchanges, and his accounts were found to have sent and received some of the scammed bitcoin. Fazeli also used a driver’s license to verify with Coinbase, where accounts controlled by “Rolex” allegedly received payments in exchange for stolen Twitter usernames.
It appears Twitter wasn’t the victim of anything vaguely approaching an expert caper. These kids are such dingbats they used Bitcoin accounts opened in their own names. This profoundly disturbing and dangerous hack was pulled off by unsophisticated pranksters.
Makes me wonder what actual expert hackers are getting away with on Twitter.
★ Friday, 31 July 2020