A 17-year-old male and two others were charged on Friday for their alleged involvement in the massive Twitter hack involving the accounts of some of the most high-profile people like Joe Biden, Barrack Obama, Bill Gates and Elon Musk earlier this month. The hack was used to promote a bitcoin scam. The state attorney in Hillsborough County, Florida, said that 17-year-old, Graham Ivan Clark, was the "mastermind" of the high-profile Twitter breach and was helped by one of his friends based in Florida.
A third individual was charged for aiding international access to a protected computer during the hack. The FBI said two people charged in the attack had been arrested. The Justice Department has charged all three with multiple counts of felony and fraudulent use of personal information and organized crime.
It took investigators more than a fortnight to zero in on Florida resident Clark, who they believe to be the primary author of the cyberattack. Clark was arrested in Tampa on Friday, Hillsborough State Attorney Andrew Warren said. Two others, Mason Sheppard, a 19-year-old man living in the UK and Nima Fazeli, a 22-year-old from Orlando, Florida, were also charged. Also a fourth person, a minor, was charged with abetting the crime.
Sheppard goes by the moniker "Chaewon" online, while Fazeli used the alias "Rolex" to commit the crime. Warren said that his office was handling the prosecution because Florida law allows greater flexibility than the federal law to charge a minor as an adult in cases like this. Sheppard has been charged with conspiracy to commit wire fraud; conspiracy to commit money laundering; and the intentional access of a protected computer, while Fazeli has been charged with helping and abetting the intentional access of a protected computer.
Investigators Shocked and Surprised
The FBI had initially thought the involvement would lead them to a bigger group of professional cyber attackers. However, agents were surprised to find a minor behind the crime. According to court documents, although the accounts were hacked on July 15, the entire planning began on May 3, when Clark, a teen from Tampa but living in California, gained access to a portion of Twitter's network.
"Today's charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived," United States Attorney David Anderson said in a statement. However, it took a lot of effort for the FBI to track down Clark and his gang. Investigators used a stolen database from discussion forum named OGUsers where hackers often congregate. The database contained public forum posts, private messages of users, IP addresses and email information about the members. This helped them identify Clark.
Clark won't be facing federal charges but in Florida he will be charged as an adult. He has been charged with 30 felonies, including 17 counts of communications fraud, 10 counts of fraudulent use of personal information and one count of organized fraud.
All for Money
Twitter had initially said that the attackers had targeted around 130 accounts of which 45 were used to tweet. Besides, the direct messages of 36 accounts were accessed and the Twitter data of seven users were downloaded. Clark, along with the other attackers, contacted Twitter employees by phone and convinced them to provide important data, which was then used to access accounts of other employees who had access to Twitter's internal controls, according to Twitter.
The tweets from these accounts resulted in at least 145 bitcoin transfers into a cryptocurrency account controlled by the scammers. The Department of Justice said that the attackers made more than $117,000 from the hack. Authorities said that this type of hack could have disrupted global financial markets, US politics or international diplomacy but luckily was prevented.