A Florida teen was identified on Friday as the mastermind of a scheme earlier this month that commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $100,000 in Bitcoin. Two other men were also charged in the case.
Graham Ivan Clark, 17, was arrested on Friday in Tampa, where the Hillsborough State Attorney’s Office will prosecute him as an adult. He faces 30 felony charges, according to a news release.
READ MORE
Foreign threats loom ahead of US presidential election
Trump names retired army colonel as envoy to Germany
Two men accused of benefiting from the hack — Mason Sheppard, 19, of Bognor Regis, UK, and Nima Fazeli, 22, of Orlando — were charged separately in a California federal court.
Picture shown is for illustrative purposes only.
In one of the most high-profile security breaches in recent years, bogus tweets were sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address. The hack alarmed security experts because of the grave potential of such an intrusion for creating geopolitical mayhem with disinformation.
Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as "Kirk” and said he could "reset, swap and control any Twitter account at will” in exchange for cybercurrency payments, claiming to be a Twitter employee.
The documents do not specify Kirk's real identity but say he is a teen being prosecuted in the Tampa area.
Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from "a small number” of Twitter employees "to gain access to our internal systems.” Spear-phishing uses email or other messaging to deceive people into sharing access credentials.
Associated Press