How FBI tracked the Twitter Hackers: 17-year-old masetermind

The three masterminds behind the massive Twitter hack have reportedly been hacked, after this, you might be wondering on how FBI tracked the Twitter hackers and how the US investigators tracked down suspected hackers.

The three indictments published against Graham Ivan Clark believed to be “Kirk,” 17 of Tampa, Florida, Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida.

twitter hack story
court document regading the twitter hack

The mastermind behind the Twitter hack was 17 years old Clark, according to the court documents the entire hack begun on May 3, when Clark gained access to a portion of Twitter’s network.

How FBI Tracked the Twitter hackers?

From here the Twitter hack journey started and what happened between May 3 and July 15 isn’t clear but it seems that initially, Clark wasn’t able to get the entry point in the Twitter admin tool that he used in the Twitter hack to hijack the high-profile accounts.

According to the reports by the New York Times initially, the hacker got access to one of Twitter’s tech support tools. 

According to the updates shared by Twitter with a detailed report of the investigation, Twitter also said that the accounts for this administrative backend were protected by two-factor authentication (2FA).

admin tool of twitter
Twitter admin tool

Twitter also said that the hacker used a phone spear-phishing attack to trick some of the employees of Twitter and gained access to their accounts and got away to bypass Twitter two-factor authentication.

According to the Discord, chats of Clark named Kirk#5270 obtained by FBI the hacker contacted two other individuals to help him to get the access.

The hacker contacted the two other individuals on the discord channel of OGUusers, a hacking forum dedicated to hackers for buying and selling of social media accounts.

The two hackers approached by Clark were Fazeli as Discord user “Rolex#037” and Sheppard as Discord user “ever so anxious#0001” claimed to work at Twitter.

twitter hacker leaked chats
Twitter hacker’s chat log

These were the chat logs of the obtained by FBI.

leaked chats of twitter hacker
Twitter hacker chat logs
Twitter hacking story
Discord chat logs of twitter hacker

It is said that multiple users bought the access to the Twitters accounts and investigators are looking for multiple users who participated in the hack.

The investigation also says that one of these parties was responsible for buying access to celebrity accounts and started posting cryptocurrency scam messages.

After that multiple cryptocurrency scam messages were posted from the top profiles of Twitter including Apple, Uber, Kanye West, Kim Kardashian, Floyd Mayweather, Michael Bloomberg, Coinbase, Bitcoin, Barrack Obama, Joe Biden, Bill Gates.

According to the court documents the scam hackers received around 12.83 bitcoin ($117,000), also according to the Coinbase they came into the matter and prevented $280,000.

At this time the Twitter hack has gained so much attention into the public’s eye and spreaded like fire and after this Twitter shared updates that the Clark accessed 130 accounts with the twitter admin tool and for 45 accounts he initiated a password reset and also accessed private messages of 36 users.

Isn’t the story going very interesting about continue reading the real twist still about to come on actually how FBI tracked the Twitter hackers.

After this massive Twitter hack, Twitter filed a criminal complaint to the concerned authorities and FBI and Secret Service started the investigation.

Twitter hack ad posted on ogusers
Twitter hack ad

With the help of IRS, the authorities obtained the data of bitcoin address involved in the hack from Coinbase and FBI started tracking down the addresses mentioned by the three hackers in the discord chats and OGUsers forum posts.

After relating all the information including addresses, IP addresses used by the three hackers FBI was able to track the three hackers.

Also, the mistakes made by these hackers made it easy for the FBI to track down these hackers like Fazil used [email protected] address to register an account on the OGUsers forum and the [email protected] email address to hijack the @foreign Twitter account.

He also used the same email address to the Coinbase profile which was later verified with a photo of him and driving license. 

how fbi tracked the hackers
Twitter hack logs

Furthermore, Fazil didn’t use a VPN service and used his home connection to access the three website OGUsers, Coinbase and Discord which left the IP addresses in the logs.

Also for Sheppard (anxious#0001), he posted an ad on the same day of the Twitter hack and also going through the leaked database of the OGUsers he bought a video game earlier with the same bitcoin address connected with the Twitter hack from there they got the confirmation.

And also Sheppard used the real driving license for the Coinbase verification.

And for the Twitter hack mastermind Clark (Kirk#5270) the authorities managed to get the information from the different sources.

How FBI tracked the Twitter hackers was very interesting and very cleverly the authority traced down the three hackers behind the twitter hack.

Satender Kumar

A tech Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others.

Leave a Reply

Your email address will not be published. Required fields are marked *