Connect with us

News

Florida teen arrested as mastermind of Twitter hack

Inside Telecom Staff

Published

on

Florida teen arrested as mastermind of Twitter hack

MIAMI (AP) — A Florida teen was identified Friday as the mastermind of a scheme earlier this month that commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin. Two other men were also charged in the case.

Graham Ivan Clark, 17, was arrested Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a news release.

Two men accused of benefiting from the hack — Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando — were charged separately in California federal court.

In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.

Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as “Kirk” and said he could “reset, swap and control any Twitter account at will” in exchange for cybercurrency payments, claiming to be a Twitter employee.

The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.

Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from “a small number” of Twitter employees “to gain access to our internal systems.” Spear-phishing uses email or other messaging to deceive people into sharing access credentials.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David L. Anderson for the Northern District of California said in a news release.

The evidence suggests, however, that those responsible did a poor job indeed of covering their tracks. The court documents released Friday show how federal agents tracked down the hackers through Bitcoin transactions and by obtaining records of their online chats.

Although the case was investigated by the FBI and the U.S. Department of Justice, Hillsborough State Attorney Andrew Warren said his office is prosecuting Clark in state court because Florida law allows minors to be charged as adults in financial fraud cases when appropriate. He called Clark the leader of the hacking scam.

“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said.

Security experts were not surprised that the alleged mastermind is a 17-year-old, given the relatively amateurish nature of both the operation and how participants discussed it with New York Times reporters afterward.

“This is a great case study showing how technology democratizes the ability to commit serious criminal acts,” said Jake Williams, founder of the cybersecurity firm Rendition Infosec. “There wasn’t a ton of development that went into this attack.”

Williams said the hackers were “extremely sloppy” in how they moved the Bitcoin around. It did not appear they used any services that make cryptocurrency difficult to trace by “tumbling” transactions of multiple users, a technique akin to money laundering, he said.

He also said he was conflicted about whether Clark should be charged as an adult.

“He definitely deserves to pay (for jumping on the opportunity) but potentially serving decades in prison doesn’t seem like justice in this case,” Williams said.

The hack targeted 130 accounts with tweets being sent from 45 accounts, obtained access to the direct message inboxes of 36, and downloaded Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.

Court papers suggest Fazeli and Sheppard got involved in the scheme after Clark dangled the possibility of obtaining so-called OG Twitter handles, short account names that due to their brevity are highly prized and considered status symbols in a certain milieu. They said Sheppard purchased @anxious and Faceli wanted @foreign.

Internal Revenue Service investigators in Washington, D.C., identified two of the defendants by analyzing Bitcoin transactions on the blockchain — the universal ledger that records Bitcoin transactions — that they had sought to make anonymous, federal prosecutors said.

Marcus Hutchins, the 26-year-old British cybersecurity expert credited with helping stop the WannaCry computer virus in 2017, said the skillset involved in the actual hack was nothing special.

“I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,” added Hutchins, who pleaded guilty last year to creating malware designed to steal banking information and just completed a year’s supervised release.

British cybersecurity analyst Graham Cluley said his guess was that the targeted Twitter employees got a message to call what they thought was an authorized help desk and were persuaded by the hacker to provide their credentials. It’s also possible the hackers got a call from the company’s legitimate help line by spoofing the number, he said.

Fazeli’s father said Friday he hasn’t been able to talk to his son since Thursday.

“I’m 100% sure my son is innocent,” Mohamad Fazeli said. “He’s a very good person, very honest, very smart and loyal.”

“We are as shocked as everybody else,” he said by phone. “I’m sure this is a mix up.”

Attempts to reach relatives of the other two weren’t immediately successful. Hillsborough County court records didn’t list an attorney for Clark, and federal court records didn’t list attorneys for Sheppard or Fazeli.


This story has been corrected to show that participants in the operation, not the hacker identified as ‘Kirk,’ discussed it with The New York Times.

By DAVID FISCHER and FRANK BAJAK Associated Press.
Bajak reported from Boston. Associated Press Writers Kelvin Chan in London, Matt O’Brien in Providence, Rhode Island, contributed to this report.

We’re a diverse group of industry professionals from all corners of the world. Our desire is to provide a high-quality telecoms publication that caters to an international market, offering the latest and most relevant telecoms information to businesses, entrepreneurs and enthusiasts.

News

Trump bans dealings with Chinese owners of TikTok, WeChat

Inside Telecom Staff

Published

on

Trump bans dealings with Chinese owners of TikTok, WeChat

NEW YORK (AP) — President Donald Trump has ordered a sweeping but unspecified ban on dealings with the Chinese owners of consumer apps TikTok and WeChat, although it remains unclear if he has the legal authority to actually ban the apps from the U.S.

The twin executive orders issued Thursday — one for each app — take effect in 45 days. They say they are necessary because the China-owned apps “threaten the national security, foreign policy, and economy of the United States,” and call on the Commerce Secretary to define the banned dealings by that time. While the wording of the orders is vague and appears to have been rushed out, some experts said it appears intended to bar the popular apps from the Apple and Google app stores, which could effectively remove them from distribution in the U.S.

“This is an unprecedented use of presidential authority,” Eurasia Group analyst Paul Triolo said in an email. At a minimum, he said, the orders appear to “constitute a ban on the ability of U.S. app stores run by Apple and Google to include either mobile app after 45 days.”

Triolo said the orders may face legal challenges and warned that Beijing is likely to “react harshly, at least rhetorically.” Trump’s orders cited legal authority from the International Emergency Economic Powers Act and the National Emergencies Act.

The action is the Trump administration’s latest attempt to hobble China, a rising economic superpower. Over the past several years, it has waged a trade war with China, blocked mergers involving Chinese companies and stifled the business of Chinese firms like Huawei, a maker of phones and telecom equipment. China-backed hackers, meanwhile, have been blamed for data breaches of U.S. federal databases and the credit agency Equifax, and the Chinese government strictly limits what U.S. tech companies can do in China.

Election-year politics in the U.S. are fanning the flames, as Trump appears to be using friction with China to drum up voter support.

Both Republican and Democratic lawmakers share concerns about TikTok running from its vulnerability to censorship and misinformation campaigns to the safety of user data and children’s privacy. But the administration has provided no specific evidence that TikTok has made U.S. users’ data available to the Chinese government. Instead, officials point to the hypothetical threat that lies in the Chinese government’s ability to demand cooperation from Chinese companies. 

Earlier in the week, Trump threatened a deadline of Sept. 15 to “close down” TikTok unless Microsoft or another company acquires it, a threat the new executive order appears to formalize. On Wednesday, U.S. Secretary of State Mike Pompeo announced an expansion of the U.S. crackdown on Chinese technology to include barring Chinese apps from U.S. app stores, citing alleged security threats and calling out TikTok and WeChat by name.

TikTok did not reply to queries. Tencent and Microsoft declined to comment.

“The U.S. thinking is that anything that is Chinese is suspect,” said Andy Mok, a senior research fellow at the Center for China and Globalization in Beijing. “They’re being targeted not because of what they’ve done, but who they are.” 

Leading mobile security experts say TikTok is no more intrusive in its harvesting of user data and monitoring of user activity than U.S. apps owned by Facebook and Google.

“I am the first to yell from the rooftops when there is a glaring privacy issue somewhere. But we just have not found anything we could call a smoking gun in TikTok,” mobile security expert Will Strafach told The Associated Press last month after examining the app. Strafach is CEO of Guardian, which provides a firewall for Apple devices.

The order doesn’t seem to ban Americans from using TikTok, said Kirsten Martin, a professor of technology ethics at the University of Notre Dame. She added that such an order would be nearly impossible to enforce in the first place.

“If goal is to get teenagers to stop using TikTok, I’m not sure an executive order will stop them,” she said. “Every teenager knows how to use a VPN (a virtual private network). They will just pretend they are in Canada.”

And it would be difficult to prohibit people from using the apps if they already have them, even if an app-store ban went into effect, said Vanderbilt University law professor Timothy Meyer. 

TikTok, known for its short, catchy videos, is widely popular among young people in the U.S. and elsewhere. It is owned by the Chinese company ByteDance, which operates a separate version for the Chinese market. TikTok insists it does not store U.S. user information in China, instead caching it in the U.S. and Singapore, and says it would not share it with the Chinese government.

TikTok says it has 100 million U.S. users and hundreds of millions globally. According to research firm App Annie, TikTok saw 50 million weekly active users in the U.S. during the week of July 19, the latest available figure. That’s up 75% from the first week of the year.

WeChat and its sister app Weixin in China are hugely popular apps that incorporate messaging, financial transfers and an array of other services, and claim more than one billion users. Around the world, many people of Chinese descent use WeChat to stay in touch with friends and family and to conduct business in mainland China. 

Within China, WeChat is censored and expected to adhere to content restrictions set by authorities. The Chinese government Citizen Lab internet watchdog group has said WeChat monitors files and images shared abroad to aid its censorship in China.

The order against Tencent could have ramifications for users beyond WeChat, which is crucial for personal communications and organizations that do business with China. Tencent also owns parts or all of major game companies like Epic Games, publisher of Fortnite, a major video game hit, and Riot Games, which is behind League of Legends.

“This is a pretty broad and pretty quick expansion of the technology Cold War between the U.S. and China,” said Steven Weber, faculty director for the Berkeley Center for Long Term Cybersecurity. Weber added that “there is a plausible national security rationale” for the orders.

As president, Trump has frequently taken the unusual step of provoking confrontations, often of a personal nature, with specific companies, both American and foreign.

___

By TALI ARBEL AP Technology Writer

AP reporters Barbara Ortutay in Oakland, Calif., Mae Anderson in New York, Frank Bajak in Boston and Zen Soo in Hong Kong contributed to this article.

Continue Reading

News

Facebook, citing virus misinformation, deletes Trump post

Inside Telecom Staff

Published

on

Facebook, citing virus misinformation, deletes Trump post

Facebook has deleted a post by President Donald Trump for violating its policy against spreading misinformation about the coronavirus.

The post in question featured a link to a Fox News video in which Trump says children are “virtually immune” to the virus.

Facebook said Wednesday that the “video includes false claims that a group of people is immune from COVID-19 which is a violation of our policies around harmful COVID misinformation.”

A few hours later, Twitter temporarily blocked the Trump campaign from tweeting from its account, until it removed a post with the same video. Trump’s account retweeted the video. The company said in a statement late Wednesday that the tweet violated its rules against COVID misinformation. When a tweet breaks its rules, Twitter asks users to remove the tweet in questions and bans them from posting anything else until they do.

Twitter has generally been quicker than Facebook in recent months to label posts from the president that violate its policies against misinformation and abuse.

This is not the first time that Facebook has removed a post from Trump, Facebook said, but it’s the first time it has done so because it was spreading misinformation about the coronavirus. The company has also labeled his posts.

Several studies suggest, but don’t prove, that children are less likely to become infected than adults and more likely to have only mild symptoms. But this is not the same as being “virtually immune” to the virus.

A CDC study involving 2,500 children published in April found that about 1 in 5 infected children were hospitalized versus 1 in 3 adults; three children died. The study lacks complete data on all the cases, but it also suggests that many infected children have no symptoms, which could allow them to spread the virus to others.


By BARBARA ORTUTAY AP Technology Writer.
Associated Press Writer Amanda Seitz contributed to this story.

Continue Reading

News

Google unveils budget Pixel phone as pandemic curbs spending

Inside Telecom Staff

Published

on

Google unveils budget Pixel phone as pandemic curbs spending

SAN RAMON, Calif. (AP) — Google has started selling a long-delayed budget smartphone boasting the same high-quality camera and several other features available in fancier Pixel models that cost hundreds of dollars more.

The Pixel 4a unveiled Monday will be available Aug. 20 after months of delay caused by supply problems triggered by the pandemic.

It will cost $349, a $50 discount from a cheap Pixel released last year. It’s also a major markdown from other higher-end models in the existing product line-up that start at $799. The next versions of Google’s top-of-the-line Pixel phones will be released sometime this fall, Google said, without revealing their their price.

The budget-minded Pixel 4a is coming out four months after Apple released a discount iPhone, the SE, priced at $399. The low price helped spur iPhone sales at a time of soaring unemployment, as the economy plunged into a deep recession that is causing millions of households to curb their spending so they can pay rent and buy food.

The availability of a lower-priced model was one of the big reasons Apple’s iPhone shipments during the April-June period climbed 11% from the same time, according to research firm Internal Data Corp. That was in stark contrast to the overall smartphone market, which registered a 16% decline in shipments from last year during the same three months, the steepest drop in the industry’s history, IDC said.

Apple CEO Tim Cook also cited the iPhone SE’s popularity as a major factor in the company’s unexpectedly strong performance during the April-June period. The stellar results have helped Apple’s stock rise 13% to new highs since Apple announced the numbers last week.

It’s doubtful the Pixel 4a will reel in as many consumers as the iPhone SE, based on Google’s inability to make significant inroads as a device maker so far, despite generally positive reviews for the devices, especially their cameras.

Google so far has been selling fewer than 10 million Pixel phones a year since rolling out the product line in 2016, barely making a dent a market where more than 1 billion phones are shipped annually, according to IDC.

The Pixel phones primarily serve as a showcase for Google’s Android operating system, which includes its search engine and other services, such as digital maps, that help sell the ads that generate most of the company’s revenue. Google gives away Android to other smartphone manufacturers such as Samsung, which is expected to show off its next Galaxy phones in a virtual event scheduled for Wednesday.

The new Galaxy phone is expected to cost around $1,000.

By MICHAEL LIEDTKE AP Technology Writer

Continue Reading

Trending