Twitter Hack Court Hearing Zoombombed
Judge Christopher Nash of Hillsborough County, Florida, was forced to temporarily halt the hearing of Graham Ivan Clark. Clark, 17, is accused of masterminding the spectacular Twitter hack in mid-July. In a matter of hours, he and two other hackers managed to steal 12.9 Bitcoins, which equates to almost $118,000, by posting fake messages on prominent people’s Twitter pages. Over 130 accounts were compromised, including those belonging to Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, as well as Apple and Uber. The hearing was called for the court to consider a request to lower the $725,000 bail for Clark, who has been held in jail since being arrested last Friday and charged with 30 felony counts, including fraud, hacking and identity theft. The meeting was organized via Zoom, but it was Zoombombed by uninvited guests. Screaming noises, rap music and finally a porn hub video disrupted the proceedings. Judge Christopher Nash ultimately declined to lower Clark’s bail. Graham Ivan Clark is being prosecuted as an adult. If he manages to secure the bail money, he is required to prove that the money has been legitimately earned rather than having been obtained through criminal activity. Two other young men accused of benefiting from the Twitter hack, 19-year old Mason Sheppard and 22-year old Nima Fazeli, were charged separately in California’s federal court.
Latest Update on Twitter Hack
Twitter has been providing updates on the hack that took place on July 15, 2020. Hackers used targeted phone spear phishing attacks to gain access to internal support tools that are meant to be only used by company employees. “Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.” Access to these tools is strictly limited and is only granted for valid business reasons. Nonetheless, the hackers persevered and, in the end, managed to target 130 Twitter accounts. They accessed the Direct Message (DM) inbox of 36 accounts, downloaded Twitter data of 7, and ultimately tweeted from 45. In their tweets, they asked followers to transfer Bitcoins. The tweet on Elon Musk’s account, for example, said: “I am giving back to the community. All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000! Only doing this for 30 minutes!” Since the attack, Twitter has significantly limited access to internal tools and systems and promises to improve their methods for detecting and preventing inappropriate access to internal systems. Given the ongoing investigation, a more detailed technical report will be released at a later date.
Online Hijacking Prevention Strategies
It appears that the judge and his clerks were not aware of some basic settings that would mute attendees and prevent them from taking over the screen. Judge Christopher Nash said that, next time, he would require attendees to login with a password. However, this may not be effective as passwords for public hearings tend to be available online. In general, there are several measures meeting hosts can take to prevent Zoombombing. The most important ones are: use the waiting room feature, manage screen sharing, disable file transfers, and, if a meeting is private, provide a direct link only to invited persons and require a password login. On the Twitter side, there are some privacy settings that allow you to better control what information you share with Twitter. Twitter also provides two options you can unselect to change how Twitter monitors and shares your information. To further enhance your privacy online, consider connecting through a Virtual Private Network (VPN). A quality VPN can help anonymize your information online.
