A Florida teenager has been identified by authorities as the “mastermind” behind the recent Twitter Bitcoin hack that targeted the accounts of Elon Musk, Barack Obama, Bill Gates and many other high-profile celebrities. The 17-year-old was arrested Friday and charged in Tampa, according to the Hillsborough State Attorney’s Office.
Graham Ivan Clark is now facing 30 felony charges, the office said in a statement. That includes 17 counts of communications fraud (over $300), 10 counts of fraudulent use of personal information, and one count each of organized fraud (over $50,000), fraudulent use of personal information (over $100,000 or 30 or more victims) and access computer or electronic device without authority (scheme to defraud).
Two men accused of benefiting from the hack — Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando — were charged separately in California federal court.
In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.
Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as “Kirk” and said he could “reset, swap and control any Twitter account at will” in exchange for cybercurrency payments, claiming to be a Twitter employee.
The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.
Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from “a small number” of Twitter employees “to gain access to our internal systems.” Spear-phishing uses email or other messaging to deceive people into sharing access credentials.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David L. Anderson for the Northern District of California said in a news release.
The evidence suggests, however, that those responsible did a poor job indeed of covering their tracks. The court documents released Friday show how federal agents tracked down the hackers through Bitcoin transactions and by obtaining records of their online chats.
Twitter said the hack was the result of a phone spear-phishing attack that required access to both the site’s internal network and employee credentials granting restricted access. The hacker was able to obtain passwords and other sensitive information from employees using illegitimate emails, the company said.
The company also said the attackers also accessed direct message inboxes of 36 accounts.