FBI San Francisco Remarks on Twitter Security Incident Investigation

Sanjay Virmani, assistant special agent in charge of the Cyber Branch in the San Francisco Division of the FBI, provides update on developments in the investigation into the Twitter security incident that occurred on July 15, 2020.

Video Transcript

Hi, my name is Sanjay Virmani, assistant special agent in charge of the Cyber Branch in the San Francisco Division of the FBI.

I would like to take a moment to update you on recent developments in the investigation into the Twitter security incident that occurred on July 15, 2020. Our investigation is ongoing, and there is still more work to yet to do. However, as of today, the FBI and our partners have taken two individuals into custody. They are all facing either federal or state criminal charges, including computer intrusion, fraud, money laundering, wire fraud, and identity theft.

Before I get into the compromise itself, I would like to take a moment to emphasize our partnerships with local, state, federal and international law enforcement partners, as well as the private sector, all of which made this investigation successful.

We could not do our work effectively without close working relationships with these entities, and this investigation is a great example of how important they truly are to holding those who commit crimes responsible for their actions. Cyber investigations often take years, but in this case we were able to conduct our investigation and make a number of arrests in just a few weeks.

In this investigation, we worked with the:

• United States Attorney’s Office, Northern District of California

• United States Attorney’s Office, Middle District of Florida

• The Internal Revenue Service (IRS)

• The U.S. Secret Service

• FBI Tampa Division

• Office of the State Attorney, 13th Judicial Circuit in Tampa, Florida

• The Florida Department of Law Enforcement

• The National Crime Agency of the United Kingdom

During this attack, numerous verified Twitter accounts were compromised, to include the accounts of prominent politicians, industry leaders, and well-known US companies. After the accounts were compromised, fraudulent tweets were posted to conduct a cryptocurrency scam. To address and mitigate this security breach, Twitter disabled all verified Twitter accounts for several hours. During this incident it was discovered that hackers had also compromised numerous non-verified Twitter accounts, which were targeted based on the perceived value of their screen names.

Our goal was to identify those responsible, put a stop to their illegal activity, and hold them responsible for these crimes. Today’s arrests represent just the first step for law enforcement. Our investigation will continue to identify anyone else who may have been involved in these crimes.

We encourage the public to come forward if you know of any additional information relating to this case. To contact FBI San Francisco, please go to tips.fbi.gov or call 415-553-7400. Tips can remain anonymous.