TAMPA, Fla. — The FBI and the U.S. Justice Department say a 17-year-old Tampa teen masterminded the massive Twitter hacking in July that included Barack Obama, Joe Biden, Elon Musk, Kanye West and several other celebrities and tech CEOs and companies.
An Orlando man and a man from the United Kingdom were also charged.
What You Need To Know
- 17-year-old Graham Clark arrested Friday in Tampa
- Nima Fazeli, 22, of Orlando also arrested
- Accused of getting access to compromised Twitter employee info, hacking several accounts
- Twitter says he was not the only one involved
- High-Profile Twitter Accounts Hacked in Apparent Scam
- Twitter Says Hackers Used Phone to Fool Staff, Gain Access
The Hillsborough state attorney filed 30 charges against Graham Clark, who was arrested Friday. The state attorney filed the charges because Florida law allows minors to be charged as adults in financial fraud cases.
Nima Fazeli, 22, a man from Orlando, was also charged with aiding and abetting "the intentional access of a protected computer."
Mason Sheppard, 19, of the United Kingdom is also facing several charges.
Investigators say Clark and the others pulled off the "Bit-Con," where he used compromised Twitter employee information to hack several prominent Twitter accounts and posting tweets in their names that asked people to send Bitcoin, promising to send twice as much back. They say any cryptocurrency sent went to accounts associated with Clark, allowing him to get $100,000 in Bitcoin in one day.
To battle the hack, Twitter had to disable all of its verified accounts for several hours.
Clark is facing the following charges:
- One count from organized fraud of over $50,000
- 17 counts of communications fraud
- One count of aggrevated identity theft
- 10 counts of identity theft
- One count of hacking
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here," said Hillsborough State Attorney Andrew Warren. "This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
Twitter said Thursday that the compromised employee material came from a phone spear-phishing attack, targeting certain employees to get to the companies systems.
After stealing employee credentials, Twitter said the hackers targeted other employees who had access to account support tools. The company said it would not release more information at this moment because of the ongoing investigation.
Twitter says the hackers targeted 130 accounts, but managed to tweet from 45.
Information from the Associated Press was used in this report.