A stunning attack on the accounts of some of Twitter’s most prominent users, including Barack Obama, Jeff Bezos and Elon Musk, was orchestrated by a 17-year-old in Florida who recently graduated from high school, according to a local state attorney.
Graham Ivan Clark faces 30 felony charges for hacking those accounts, posting messages on their behalf and luring additional victims into sending him Bitcoin donations worth more than $100,000, authorities said. The charges include communications and organized fraud, fraudulent use of personal information and access to a computer without authority.
State authorities charged Clark as an adult under Florida law, rather than federal, because “Florida law allows us greater flexibility to charge a minor as an adult in a financial fraud case,” said Andrew Warren, the state attorney of Hillsborough County, Florida.
Besides the state case, federal authorities also announced charges Friday against two others for their roles in the attack. Mason Sheppard, 19, of Bognor Regis, in the U.K, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer, according to federal authorities.
Nima Fazeli, 22, of Orlando, was charged with aiding and abetting the intentional access of a protected computer.
The attack hijacked the accounts of some of Twitter’s most prominent users — Joe Biden, Bill Gates and Kanye West were among the others — and sent tweets promising followers who sent Bitcoin to a specific address that their contribution would be paid back double. Authorities said Friday that the attackers used three different Bitcoin wallets to collect their proceeds, receiving more than 400 deposits worth $117,457.58.
The next day, those accounts transfered nearly all of the digital currency, in 11 transfers, to other Bitcoin wallets, in an effort to hide or launder the money, according to government filings.
Both Sheppard and Fazeli were active users on the OGUsers online forum, which caters to a hacker subculture dedicated to stealing, buying and selling exclusive usernames on social media and gaming platforms, according to federal authorities. Users on this forum attempt to obtain original and concise usernames like “@6” or “@dark,” which can sell for tens of thousands of dollars in cryptocurrency and yield virtual bragging rights.
Investigators from the U.S. Secret Service and the Internal Revenue Service were monitoring the forum as early as April and obtained a copy of the OGUsers database, which helped unmask the identities of anonymous users who were linked to the Twitter hack, according to the findings.
“These details may have helped investigators locate the attackers along with the time and date they allegedly committed these crimes,” according to the government filings.
Clark allegedly gained unauthorized access to Twitter’s system as early as May 3, 2020, according to the criminal complaint filed in Florida. He gained access to the Twitter accounts and internal controls of Twitter by compromising a Twitter employee, according to Warren, the Hillsborough County state attorney, who described Clark as the mastermind of the attack.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney David Anderson, of the Northern District of California. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived.”
In a statement, Twitter said, “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.”