Alastair Pike / AFP via Getty Images
Florida prosecutors accused a teenager of being the “mind” of a hack that targeted some of Twitter’s best-known accounts and, according to prosecutors, cheated more than $ 100,000 in Bitcoin from deceived users.
Two other people were also accused by federal prosecutors for their alleged involvement in the July 15 hack, which involved the accounts of the wealthiest and most famous users of the social media network, including former President Barack Obama, alleged Democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos and rapper Kanye West.
Federal agents arrested Graham Ivan Clark, a seventeen-year-old from Tampa, on Friday morning after a national investigation by the FBI and the Department of Justice, according to the Prosecutor’s Office of Hillsborough County, Florida. He is facing 30 criminal charges. (NPR is calling Clark because he is accused of Florida state law as an adult.)
“Clark violated the Twitter accounts of celebrities and celebrities, but they weren’t the main victims. This ‘Bit-Con’ was designed to defraud money from ordinary Americans from all over the country and here in Florida,” prosecutor Andrew Hillsborough County Warren said at a press conference Friday.
Twitter profiles were used to post messages asking their millions of followers to send Bitcoins to accounts associated with Clark, Warren said. The messages promised senders that their payments would double, which never happened. Clark also sold access to some accounts, according to Warren.
Clark “raised over $ 100,000 in Bitcoin in one day,” said Warren. “He’s a 17-year-old boy who apparently just graduated, but don’t make a mistake: this wasn’t a normal seventeen-year-old. It was a highly sophisticated attack on a size never seen before.”
Clark faces 17 counts of communication fraud, a count of organized fraud, a count of fraudulent use of personal information with over $ 100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and a count of computer access or electronic device without authority.
Warren said Clark was charged in Florida rather than federal prosecutors because state law allows minors to be charged as adults in financial fraud cases “when appropriate”.
Separately, the U.S. Attorney’s Office for the Northern District of California accused Mason Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida, with roles in the hack.
Sheppard was charged with conspiracy to commit cable fraud, conspiracy to commit money laundering and intentional access to a protected computer. Fazeli has been accused of helping and promoting intentional access to a protected computer.
Twitter said in a statement: “We appreciate the rapid actions of law enforcement agencies in this investigation and we will continue to collaborate as the case progresses.”
The attack – believed to be the largest and most coordinated in Twitter’s history – exposed vulnerabilities on the platform, which is an important communication channel for news reports, companies, celebrities and politicians, including President Donald Trump.
Twitter said Thursday that a “small number of employees” were targeted in a “spear phone phishing attack” – in which hackers trick people into handing over passwords or other credentials. Once these credentials were obtained, the attackers were able to use the Twitter account support tools to gain access to user accounts.
The July 15, 2020 attack targeted a small number of employees through a phishing attack with a telephone spear. This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
– Twitter support (@TwitterSupport) July 31, 2020
The attack targeted 130 Twitter accounts, tweeted by 45 of them, accessing 36 direct messages and downloading data from seven accounts, the company said.
Twitter said it had “significantly limited” access to internal tools and “is improving our methods of detecting and preventing inappropriate access to our internal systems.”