A 17-year-old Florida resident has been arrested and charged for his alleged "masterminding" of the massive Twitter (NYSE: TWTR) hacking campaign that saw hundreds of major accounts hijacked as part of a bitcoin scam. Two other suspects have been arrested for roles in the hack as well.
Graham Ivan Clark of Tampa Bay Florida was charged with 30 felonies by the state. A recent high school graduate, Clark's name originally went unreleased by the media as he is a minor; however, it has since been announced that Clark will be charged as an adult. The charges brought against him include fraud, identity theft, and hacking.
"These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," said Hillsborough County State Attorney Andrew Warren. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that."
An additional Tampa resident has been charged in the hacking campaign, 22-year-old Nima Fazeli, known by the pseudonym "Rolex" online. Fazeli is being charged for aiding and abetting the intentional access of a protected computer. The third suspect charged in the twitter hacks is 19-year-old Mason Sheppard, aka "Chaewon," of the United Kingdom. Sheppard is being charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, along with access of a protected computer. Arraignment has been scheduled for Clark but hasn't for either of the other two suspects.
In the aftermath of the initial hack, Twitter speculated that admin tools, which had been obtained from employees somehow, may have been retrieved through a social engineering attack targeting Twitter employees. Florida prosecutors have confirmed that such an attack indeed took place, with Clark allegedly posing as a member of Twitter's IT department to obtain credentials to access the staff member's account, which provided him with access to the admin tools used in the attack.
U.S. Attorney David Anderson revealed that the Internal Revenue Service helped identify the alleged hackers by analyzing the transactions made through the cryptocurrency trading services using tools specifically created to reveal parties behind anonymous crypto transactions. Anderson has gone on to emphasize that anonymity in cyber crimes is not as ubiquitous as many may assume.
"There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence," he said. "Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you."