Cybercrime , Fraud Management & Cybercrime , Social Engineering

3 Charged in Twitter Hack

Florida Teen, 2 Others Charged in Connection With Compromising 130 Accounts
3 Charged in Twitter Hack
(Source: Tom Raftery via Flickr/CC)

A Florida teenager and a second unidentified individual were arrested and a third man was charged in connection with hacking 130 high-profile Twitter accounts to pull off a cryptocurrency scam, according to the U.S. Justice Department and Florida prosecutors.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Andrew Warren, the state attorney for Hillsborough County, Florida, announced Friday that 17-year-old Graham Ivan Clark of Tampa was arrested at his apartment without incident. He is being charged as an adult with 30 felonies, including organized fraud, communications fraud and identity theft.

Warren called Clark the mastermind behind the hacking scheme, alleging he gained access to the accounts through compromising a Twitter employee and then sold access to those accounts.

"Clark ... stole the identities of prominent people, posted messages in their names directing victims to send bitcoin to accounts associated with Clark, and reaped more than $100,000 in bitcoin in just one day,” Warren says. “As a cryptocurrency, bitcoin is difficult to track and recover if stolen in a scam."

The second arrest was announced Friday by the FBI's San Francisco field office, but no details were released and an FBI spokesperson tells Information Security Media Group that no further comment on the matter will be made at this time.

"Our investigation is ongoing, and there is still more work to yet to do. However, as of today, the FBI and our partners have taken two individuals into custody. They are facing either federal or state criminal charges, including computer intrusion, fraud, money laundering, wire fraud, and identity theft, FBI San Francisco Assistant Special Agent in Charge Sanjay Virmani says.

Nima Fazeli, aka "Rolex," 22, of Orlando, and Mason Sheppard, aka "Chaewon," 19, who is a resident of the U.K., were charged for their alleged roles in the Twitter hack; it's not clear who was arrested Friday. Fazeli is charged with aiding and abetting the intentional access of a protected computer, while Sheppard is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer, according to U.S. Attorney's Office for Northern District of California, which is overseeing the federal prosecutions.

"Our goal was to identify those responsible, put a stop to their illegal activity, and hold them responsible for these crimes. Today’s arrests represent just the first step for law enforcement. Our investigation will continue to identify anyone else who may have been involved in these crimes," says Virmani.

130 Accounts Compromised

The 130 Twitter accounts were accessed after employees of the social media firm were scammed out of their credentials. Twitter released a blog Thursday that noted a phone-based phishing attack was the first step toward gaining access to the Twitter credentials needed to take over the accounts (see: Twitter Hackers Targeted Employees With Phone Phishing).

The malicious actors used stolen credentials to take over 130 accounts, and then they tweeted from 45 of them, the social media company says. The hackers also accessed the direct message inbox of 36 accounts and downloaded the Twitter data of seven, according to Twitter.

Among the commandeered accounts were those of Microsoft founder Bill Gates, entrepreneur Elon Musk, Dutch lawmaker Geert Wilders and presumptive Democratic presidential nominee Joe Biden. The attackers used these accounts to conduct a brazen campaign designed to solicit money from the account holder's unwary followers.

The scam ended up collecting about $120,000 from 360 people, according to news reports.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.