Cops have reportedly picked up a suspect who may have been involved in a hack over the summer that saw Twitter CEO Jack Dorsey’s own Twitter account compromised.
The suspect is thought to be a former member of a hacker group called the Chuckling Squad and is aged under 18 years old, according to a Motherboard report citing law enforcement and criminal sources. The arrest took place two weeks ago at an unspecified location but has only just come to light.
The incident, which occurred in August 2019, saw Dorsey’s account post a series of offensive messages to his more than 4 million followers before the San Francisco-based company managed to regain control of the account a short while later.
The hack is believed to have used a method known as SIM swapping that involves persuading a cell phone carrier to assign the target’s phone number to a new phone that’s in possession of the attackers. The Chuckling Squad has reportedly been using the technique for a number of years to mount attacks against others in the public eye.
It’s believed that those behind the Dorsey attack used the number to post the offensive tweets via an app called Cloudhopper, which lets users post tweets by texting messages to a specific phone number. The service only requires a phone number to be linked to an account on the microblogging platform, and so it would appear that the Twitter CEO already had his linked.
Shortly after it regained control of Dorsey’s account, Twitter confirmed that those responsible for the hack had obtained the CEO’s number via a security mishap.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” Twitter said at the time. “This allowed an unauthorized person to compose and send tweets via text message from the phone number.”
A member of the Chuckling Group going by the name of Debug told Motherboard that the suspect was also responsible for a number of similar hacks, including one targeting Santa Clara County Deputy District Attorney Erin West. That one was reportedly in response to West taking on the case of a SIM swapper who ended up accepting a plea deal of 10 years in jail after nabbing more than $5 million worth of cryptocurrency.
Debug told Motherboard that the suspect helped the group by “providing celebs/public figure [phone] numbers and helped us hack them,” but added that he was kicked out of the group in October, two months after the Dorsey hack.
The arrest was welcomed by the Santa Clara County District Attorney’s Office, which said that a number of law enforcement agencies were involved in tracking down the suspect. It added that the arrest should serve “as a reminder to the public that people who engage in these crimes will be caught, arrested and prosecuted.”
We’ve reached out to Twitter for comment on the latest developments in the case and will update this piece if we hear back.
- Twitter pauses plan to clear its platform of inactive accounts
- Two former Twitter employees accused of spying for Saudi Arabia
- T-Mobile hack may have affected around a million customers
- Facebook lawsuit may increase accountability for spyware makers
- How to protect your smartphone from hackers and intruders