Three people charged for Twitter’s big hack and a teenager imprisoned

Three people charged for Twitter’s big hack and a teenager imprisoned


In early July 31, the FBI, the IRS, the US Secret Service, and Florida law enforcement arrested 17-year-old Graham Clark from Tampa, Florida. He was arrested as the “mastermind” behind the biggest security and privacy violations in Twitter history, which took over the accounts of President Barack Obama, Democratic presidential candidates Joe Biden, Bill Gates, Elon Musk, Kanye West, Apple, and many more for committing fraud bitcoin on July 15.

Read More: Twitter Accounts From Elon Musk, Bezos, Joe Biden, Obama & Others Hacked

He was not alone: shortly after the Tampa arrest was revealed and after we published this story, two more were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard. In England. They went by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ. The FBI said that a total of two individuals were in custody. An unknown minor in California also admitted to federal agents that they helped Chaewon sell access to Twitter accounts.

But according to a written statement released late Friday, authorities are likely to believe Clark, a Tampa teenager, is someone who gets access to Twitter's internal tools and immediately commits fraud. Specifically, he allegedly convinced a Twitter employee that he worked in Twitter's IT department and tricked the employee into giving him credentials.

From the affirmation:

To wit: Clark without authorization gain [sic] access to Twitter Inc.’s Customer Service Portal. Clack used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal.

Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if Bitcoins are sent to accounts they will be doubled and returned to the victim. Clark did not return the funds, and he moved the funds to another account. 10 prominent people had their personal identification information in the form of a verified [sic] Twitter Account use without consent be used [sic] in the fraudulent activity. Clark received approximately $117,000 during the commission of his scheme to defraud.

How the Twitter system is accessed has become an open question; Twitter only said that it was a victim of a “phone spear phishing attack”, and previous reports suggested the hacker found their way to Twitter's internal Slack channel or managed to bribe an employee.

According to federal agents, Sheppard was found partly because he used a personal SIM to verify himself with the exchange of the Binance and Coinbase cryptocurrency, and his account was known to have sent and received several bitcoin scammed. Fazeli also used a SIM to verify with Coinbase, where an account controlled by “Rolex” allegedly received payment in exchange for a stolen Twitter username.

Fazeli faces a five-year prison sentence and a $ 250,000 fine for one computer intrusion charge. Sheppard was charged with computer disruption, wire fraud conspiracy, and money laundering conspiracy, the most serious of which came with a 20-year sentence and a $250,000 fine in the US.

Sheppard and Fazeli seem to only be intermediaries of fraud — a hacker with a handle “Kirk # 5270” is believed to be the person who gained access to Twitter's internal system on July 22. It is unclear whether Clark is Kirk # 5270, although it sounds like it is based on a new written statement. However, the FBI said its investigation was ongoing and was still looking for more suspects.

Read More: Years before the big hack, Twitter contractors reportedly spied on celebrities, including Beyoncé

Initially, “Kirk” claimed to be a Twitter employee, according to the Discord chat log:

kirk twitter hack log discord

However, Clark is currently in prison and charged with more than 30 counts of crime, including organized fraud, communication fraud, identity theft, and hacking, Hillsborough State Attorney Andrew Warren said in a press conference describing the arrest. The local NBC affiliate, WFLA, told us about the news.

Initially, it was not clear whether the 17-year-old teenager was the only suspect in this case. “I can’t comment on whether he worked alone,” said Warren, Florida attorney. He was arrested in the apartment where he lived alone, authorities said.

He was charged as an adult — “This was not an ordinary 17-year-old,” said a state lawyer — and the press conference explained that law enforcement was considering how bad the consequences of the hacking were, exceeding $100,000-plus in bitcoin that the teenager was accused of having quit unsuspecting Twitter users.

“This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe; because he had access to powerful politicians’ Twitter accounts, he could have undermined politics as well as international diplomacy,” said Warren.

“This is not a game... these are serious crimes with serious consequences, and if you think you can rip people off online and get away with it, you’ll be in for a rude awakening, a rude awakening that comes in the form of a 6 AM knock on your door from federal agents,” he added later.

The teen Clark was “taken into custody without any incident”; his first appearance may be as soon as tomorrow morning, Warren said. He’s being prosecuted in Florida, so he can be charged as an adult, suggesting that there may not currently be any federal charges against him.

In addition to deceiving users from bitcoin, the attacker accesses private direct messages from 36 Twitter users, including one elected official, and may have downloaded a larger data cache for seven other users. Twitter claims that no verified user has a private message or cache of compromised data, indicating, Biden, Obama, and other DM can be safe. President Trump's Twitter account has long had extra protection, which could explain why it wasn't hacked.

Read More: Twitter forced Donald Trump Jr. to delete tweets that spread incorrect information on COVID-19

Following are all press releases from the Hillsborough District Attorney's Office with additional information about the arrest and DOJ complaints about the other two individuals.

Hillsborough State Attorney’s Office tapped to prosecute worldwide “Bit-Con” hack of prominent Twitter users

Tampa, FL (July 31, 2020) — Hillsborough State Attorney Andrew Warren has filed 30 felony charges against a Tampa resident for scamming people across America, perpetrating the “Bit-Con” hack of prominent Twitter accounts including Bill Gates, Barack Obama, and Elon Musk on July 15, 2020.

The Federal Bureau of Investigation and the U.S. Department of Justice conducted a complex nationwide investigation, locating and apprehending the suspect in Hillsborough County.

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” State Attorney Warren said.

The investigation revealed Graham Ivan Clark, 17, was the mastermind of the recent hack of Twitter. He was arrested in Tampa early on July 31. Clark’s scheme to defraud stole the identities of prominent people, posted messages in their names directing victims to send Bitcoin to accounts associated with Clark, and reaped more than $100,000 in Bitcoin in just one day. As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam.

“I want to congratulate our federal law enforcement partners—the US Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service—as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,” State Attorney Warren said.

“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren added. The Hillsborough State Attorney’s Office is prosecuting Clark because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate. The FBI and Department of Justice will continue to partner with the office throughout the prosecution.

The specific charges Clark faces are:

ORGANIZED FRAUD (OVER $50,000) — 1 count





“Working together, we will hold this defendant accountable,” Warren said. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.”

Keywords: twitter tampa news, twitter hack, twitter hackers, twitter bitcoin scammers, twitter clark