A Florida teenager, who is accused of being the “mastermind” behind the July hacking of social media site Twitter, has been arrested, according to Tampa’s WFLA Channel 8 News site.
17-year-old Graham Clark is facing 30 felony charges for “scamming people across America” with the Twitter hack. He’s been accused of organized fraud, 17 counts of communication fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to a computer or electronic device without authority.
The July 15 Twitter hack saw the accounts of multiple prominent companies and individuals taken over, with hackers sharing bitcoin scam images in an attempt to collect money. Apple’s Twitter account was included in the attack.
According to Twitter’s internal investigations, Twitter employees were targeted in a “phone spear phishing attack,” which suggests hackers called some of its staff and tricked them into thinking they were speaking with fellow Twitter employees.
The targeted employees provided access to Twitter’s internal systems, which is how the hackers were able to breach the accounts. Twitter’s internal tools were used to target 130 accounts, and for 45 of those accounts, the hackers used a password reset and had full access to send tweets.
Of the 130 accounts breached, which included the accounts Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, and presidential candidate Joe Biden, hackers had access to information like email addresses and phone numbers, plus for some accounts, Direct Messages were accessed.
Hillsborough State Attorney Andrew Warren said that Clark’s scheme earned him more than $100,000 in bitcoin.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida,” Warren said in a statement. “This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
In a statement, Twitter said that it appreciated the swift actions of law enforcement agents in Florida.
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
For the latest, see here 👇 https://t.co/kHty8TXaly
— Twitter Comms (@TwitterComms) July 31, 2020
Twitter earlier today said that it is taking a “hard look” at how to improve its internal tools and systems and has limited access until better security protocols are in place.
Update: Along with Graham Clark, the United States Department of Justice announced that a 22-year-old man from Florida and a 19-year-old from the United Kingdom have also been accused of breaching Twitter’s site.
Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged in a criminal complaint in the Northern District of California with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged in a criminal complaint in the Northern District of California with aiding and abetting the intentional access of a protected computer.
The DoJ declined to name Graham Clark because he is under 18, but his identity was already revealed by Florida news sites.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney Anderson. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”
Sheppard is facing up to 45 years in prison, while Fazeli is facing up to five years in prison.