UPDATED, with additional charges against two others: A 17-year-old was arrested on Friday for being the “mastermind” behind the July 15 hack of the Twitter accounts of Joe Biden, Barack Obama, Bill Gates, Elon Musk and other high-profile figures. Two other individuals also face federal charges.
Graham Ivan Clark, of Tampa, was arrested early in the day on allegations that he orchestrated a scheme to “steal the identities of prominent people,” then posted messages in their names directing people to send Bitcoin to accounts associated with him, according to Andrew Warren, state attorney in Hillsborough County, FL. He said that Clark reaped more than $100,000 in a single day.
The Justice Department also announced federal charges against Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom; and Nima Fazeli, aka “Rolex,” 22, of Orlando.
Clark faces 30 felony charges. According to the Tampa Bay Times, those include one count of organized fraud of more than $50,000, 17 counts of felony communications fraud, one count of aggravated identity theft, 10 counts of identity theft and one count for hacking and unlawful access to a computer in furtherance of a scheme to defraud.
The hack proved to be a major embarrassment for Twitter, as it scrambled to secure the platform. It was forced it to temporarily block verified users, or those whose accounts have blue check marks next to their names, from tweeting out messages.
Warren said that the FBI and the Justice Department conducted a nationwide investigation that led them to the suspect.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida.
According to Twitter, the hacking attack targeted a “small number of employees” through a “phone spear phishing attack.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” according to Twitter.
“By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”
Twitter said that it was “accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”
Sheppard and Fazeli were charged in federal court in Northern California. Sheppard faces charges of conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer. Fazeli was charged with aiding and abetting the intentional access of a protected computer.
Subscribe to Deadline Breaking News Alerts and keep your inbox happy.