A 17-year-old said to be the “mastermind” behind the massive hack of high-profile Twitter accounts in an alleged bitcoin scam was arrested during an early morning raid in Florida on Friday.
The Tampa teenager, Graham Ivan Clark, is facing 30 felony charges over the “Bit-Con” hack of famous celebrities, politicians and business leaders including Elon Musk, Bill Gates, Barack Obama, and many others.
The Department of Justice, meanwhile, announced later on Friday charges against two alleged co-conspirators, 19-year-old Mason Sheppard of Bognor Regis in the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida, who are said to go by the hacker names “Chaewon” and “Rolex”. Sheppard is facing charges related to wire fraud, money laundering and hacking while Fazeli is facing charges of aiding and abetting.
The Federal Bureau of Investigation, the Department of Justice, IRS and Secret Service conducted a global search after the biggest security breach in Twitter’s history exposed 130 accounts, allowing the hacker to tweet from 45, access the direct message in-boxes of 36, and download data from seven.
Hillsborough State Attorney Andrew Warren said the extensive fraud was sophisticated and used famous personalities to target regular Americans, with more than $100,000 worth of the cryptocurrency sent in a single day. He told a news conference that the hack could have stolen massive amounts of money and destabilized financial markets across the globe
“He had access to powerful politicians’ Twitter accounts, he could have undermined politics as well as international diplomacy,” Mr Warren said.
The boy, who was arrested at an apartment where he lives alone, has been charged as an adult with felonies including organised fraud, communications fraud, identity theft and hacking.
Mr Warren said Clark gained access to the accounts and internal Twitter controls through compromising a company employee, before selling access to some accounts and using high-profile identities to solicit bitcoin.
The specific accounts he was charged for using included Barack Obama, Joe Biden, Bill Gates, Warren Buffett, Jeff Bezos, Elon Musk, Michael Bloomberg, Floyd Mayweather, Kim Kardashian, and Kanye West, as well as the companies Apple, Bitcoin, Uber, and bitcoin exchanges Coinbase, Gemini, and Binance.
While the celebrity tweets went live on 15 July, the charges stem over a period of more than two months dating back to 3 May. Mr Clark is currently in police custody and is expected to appear in court as early as tomorrow morning. Mr Warren said he would not face federal charges so that he could be tried as an adult under Florida law.
“He’s a 17-year-old kid who apparently just graduated high school, but make no mistake this was not an ordinary 17-year-old. This was a highly sophisticated attack on a magnitude not seen before,” Mr Warren said.
Twitter thanked law enforcement in a statement on Friday, saying they were focused on being transparent about the hack.
A day earlier, the company said the attack targeted a small number of employees through a phone spear phishing attack that “relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”.