Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter’s history.

In July 2020, the Twitter accounts of public figures and well-known organisations were compromised, allowing malicious hackers to post tweets to millions of unsuspecting followers.

Compromised accounts included those of then-Presidential candidate Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos, as well as the corporate Twitter identities of Apple, Uber, and Coinbase.

Compromised Twitter accounts

As we described at the time, the accounts were hijacked to publish a cryptocurrency scam:

I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled. If you send $1,000 I will send back $2,000! Only doing this for the next 30 minutes! Enjoy.

The scale of the attack suggested that the malicious hackers had somehow managed to compromise Twitter’s internal systems to gain access to so many accounts that would normally be expected to be protected by strong passwords and multi-factor authentication.

The authorities quickly identified Graham Ivan Clark, of Tampa, Florida as having gained access to Twitter’s internal support tools through what the social network described as a “phone spear phishing attack” against a small number of its employees.

Clark, who was 17 years old at the time of the attack, is said to have managed to dupe unsuspecting Twitter users out of $117,000 worth of Bitcoin through the scam. He was ultimately sentenced to three years in a juvenile detention facility.

But the authorities have said for some time that they do not believe that Clark was the only person involved with the attack.

Yesterday the US Department of Justice announced the arrest in Estepona, Spain of 22-year-old Joseph O’Connor, a British citizen.

O’Connor’s name is one that is not unknown to (Read more...)