Tampa teen charged over massive Twitter hack


Angela Lang/CNET

A Florida teenager is accused of being the “mastermind” behind a massive Twitter hack earlier this month that hijacked the accounts of dozens of high-profile politicians, celebrities and businesses to peddle a bitcoin scam. Hillsborough State Attorney Andrew Warren filed 30 felony charges against 17-year-old Graham Ivan Clark, who was arrested Friday.

The US Department of Justice also filed charges against two other people, 19-year-old UK resident Mason Sheppard and 22-year-old Florida resident Nima Fazeli, for their alleged role in the hack. 

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” said Warren in a release. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida.”

The scam bitcoin account received more than 400 transfers worth more than $100,000, according to the DOJ. 

Clark faces charges including organized fraud, communications fraud and fraudulent use of personal information. Sheppard faces charges including conspiracy to commit wire fraud and conspiracy to commit money laundering, while Fazeli is charged with aiding and abetting the intentional access of a protected computer.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said US Attorney David Anderson in a release. “Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.”

Investigators reviewed chats on Discord, bitcoin transactions, and records from a hacked forum database to tie Sheppard and Fazeli to the Twitter bitcoin scam, legal documents show. 

CNET wasn’t able to immediately identify the lawyers for the three suspects. Fazeli’s father told the Associated Press that he thinks his son is innocent. “We are as shocked as everybody else,” Mohamad Fazeli said. “I’m sure this is a mix up.”

Twitter on Thursday said the hack — which targeted the accounts of Elon MuskBill GatesKanye West, Barack Obama and other celebrities — was the result of a spearphishing attack. Twitter said the attackers needed both access to Twitter’s internal network and employee credentials that granted access to specific support tools. 

The hackers allegedly relied on an approach that typically involves bogus emails disguised as legitimate ones to fool recipients into revealing passwords or other sensitive information. Twitter said 130 accounts were targeted in the attack, with hackers managing to tweet from 45 accounts, accessing the direct message inboxes of 36 accounts and downloading the Twitter data from seven.

The Twitter hack fueled concern among politicians, cybersecurity experts and Twitter users that the social media site isn’t prepared to combat election meddling and other security challenges. Election security has been a top concern for tech companies since Russian trolls used social media posts and ads on Facebook and Twitter to sow discord among Americans during the 2016 US presidential election.

“Increasingly we rely on platforms like Twitter to receive news and other information that is important to our lives. The Twitter VIP hack undermines public confidence in those information platforms. Everyone who uses Twitter or is influenced by it has been victimized by this hack,” Anderson said in a video announcing the charges. 

In a statement posted to Twitter on Friday, the company said it appreciates the “swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses.” Twitter added that it’ll continue to provide updates.



Source

1 Comment

  1. Avatar

    Literally crying watching this over and over again! haha.I currently have tonsillitis
    so I had to type my msg on my phone to her and I got a
    photo as well. I went to 5 shows and that was my last one,
    best way to end my trip!

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *