TAMPA, Fla. — A Tampa teen is accused of acting as the mastermind behind a a large Twitter hack that impacted prominent accounts on July 15, according to the state attorney.
Hillsborough State Attorney Andrew Warren has filed 30 felony charges against 17-year-old Graham Clark, of Tampa. He is accused of perpetrating the "Bit-Con" hack of Twitter accounts, including Bill Gates, Barack Obama and Elon Musk on July 15. The teen is one of three people facing charges tied to the hack.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” State Attorney Warren said.
Clark was arrested in Tampa on July 31.
According to court records, Clark convinced a Twitter employee he was a coworker in the IT department and had the employee provide credentials to access the customer service portal. Eventually, investigators said he was able to access the social media site's internal controls.
Investigators said Twitter had to disable all verified accounts for several hours, and that hackers also compromised non-verified accounts, targeted based on the perceived value of their screen names.
On the hack, Twitter said in a blog post that a small number of employees were targeted through a phone spear-phishing attack. The company said not all employees initially targeted had permission for account management tools, but the attackers used their credentials to get to the internal systems and information about processes and were then able to target employees with access. Twitter said the attackers targeted 130 accounts, Tweeting from 45, accessing the inbox of 36 and downloading the Twitter data of 7.
Clark then stole the identities of prominent people, posted messages in their names directing victims to send Bitcoin to accounts associated with himself. The messages told users they would be sent back twice as much Bitcoin. He had more than $100,000 in Bitcoin in just one day, officials said.
"Keep in mind, besides the dollar amount that was stolen, this could have had a massive, massive amount of money stolen from people and it could have destabilized financial markets both in America and across the globe because he had access to powerful politicians' twitter accounts. He could have undermined American politics as well as international diplomacy," Warren said.
The FBI and the U.S. Department of Justice conducted a complex nationwide investigation and located the teen in Hillsborough County.
“I want to congratulate our federal law enforcement partners—the US Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service—as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,” State Attorney Warren said.
Clark is facing the following charges:
- Organized fraud of over $50,000
- 17 counts of communications fraud of over $300
- Fraudulent use of personal information of over $100,000 or 30 or more victims
- 10 counts of fraudulent use of personal information
- Access to computer or electronic device without authority, scheme to defraud
“Working together, we will hold this defendant accountable,” Warren said. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.”
Federal officials in the Northern District of California said Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
Officials said Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida, was charged with aiding and abetting the intentional access of a protected computer.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney David Anderson. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”
In explaining Graham's prosecution in Tampa, Warren said Florida law allows greater flexibility to charge a minor as an adult in financial fraud cases where appropriate.
Following Graham's arrest, Florida Chief Financial Officer Jimmy Patronis said on social media that he had called law enforcement to investigate the Twitter hacks a week ago. He called out Twitter co-founder and CEO Jack Dorsey on social media saying he needed to "step in and protect our citizens."
"This alleged fraudster lived right in our back yard & who knows how many more Floridians were victimized," Patronis said on social media.
Officials said the hack was a combination of technical breach and social engineering.
"Most of the Florida ransomware attacks perpetrated on local governments come from the same origin. Somebody in error letting them in," said Ron Sanders, the staff director for Florida Center for Cybersecurity at USF.
He said social engineering attacks prey on people's gullibility.
"The number of people who are not computer savvy has increased and it just means we need to do a better job of training people in what I would call cyber hygiene," he said.
Others say the risk is in the manipulation of public opinion.
"What we’re doing today to help organizations like Twitter and other organizations secure their environment, you think about what is truly privileged information. How do I want access? How do I want to grant authority? So we have what’s called privilege access management," said Michael Ebert, the executive vice president of advisory services at Focal Point, a cybersecurity and risk management firm.
Twitter said it's improving its methods for detecting and preventing inappropriate access to internal systems, among other steps.
This is EXACTLY why I called on FDLE to investigate the @Twitter hacks and for @jack to step in and help protect our citizens. This alleged fraudster lived right in our back yard & who knows how many more Floridians were victimized. https://t.co/OuYGV4iNaZ @fdlepio https://t.co/MRZnh96hFr
— Jimmy Patronis (@JimmyPatronis) July 31, 2020