Early on July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed 17-year-old Graham Clark of Tampa, Florida, under arrest. He’s accused of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history, one that took over the accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk, Kanye West, Apple, and more to perpetrate a huge bitcoin scam on July 15th.
Apparently, he wasn’t alone: shortly after the Tampa arrest was revealed and after we published this story, two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ. The FBI says that two individuals in total are in custody. An unidentified minor in California also admitted to federal agents that they’d helped Chaewon sell access to Twitter accounts.
But according to an affidavit released late Friday, authorities have probable cause to believe Clark, the Tampa teen, was the one who got access to Twitter’s internal tools and directly carried out the scam. Specifically, he allegedly convinced a Twitter employee that he worked in the Twitter IT department and tricked that employee into giving him the credentials.
From the affidavit:
How Twitter’s systems were accessed had been an open question until now; Twitter merely said that it fell victim to a “phone spear phishing attack”, and previous reports suggested the hacker either found their way into Twitter’s internal Slack channel or managed to bribe an employee.
According to federal agents, Sheppard was found out partly because he used a personal driver’s license to verify himself with the Binance and Coinbase cryptocurrency exchanges, and his accounts were found to have sent and received some of the scammed bitcoin. Fazeli also used a driver’s license to verify with Coinbase, where accounts controlled by “Rolex” allegedly received payments in exchange for stolen Twitter usernames.
Fazeli is facing five years in prison and a $250,000 fine for one count of computer intrusion. Sheppard is being charged with computer intrusion, wire fraud conspiracy, and money laundering conspiracy, the most serious of which comes with a 20-year sentence and a $250,000 fine in the US.
Sheppard and Fazeli appear to just be middlemen for the scam — a hacker with the handle “Kirk#5270” is believed to be the one who got access to Twitter’s internal systems as of July 22nd. It’s not clear if Clark is Kirk#5270, though it sounds like that’s the case based on the new affidavit. However, the FBI says its investigation is ongoing and it’s still looking for more suspects…Read more>>