Florida teen masterminded Twitter hack that hit Biden, Musk accounts among others

Florida teen masterminded Twitter hack that hit Biden, Musk accounts among others

Graham Ivan Clark
The Hillsborough County Sheriff's Office, Florida, released a photo of Graham Ivan Clark, 17, after his arrest on Jul 31, 2020. (Photo: AP/Hillsborough County Sheriff's Office)

WASHINGTON: A 17-year-old Florida boy masterminded the hacking of celebrity accounts on Twitter Inc, including those of Democratic presidential candidate Joe Biden and Tesla Chief Executive Elon Musk, officials said on Friday (Jul 31).

A 19-year-old British man and a 22-year-old man in Orlando, Florida were also charged under US federal law with aiding the attack, the Justice Department said.

Florida's State Attorney identified the 17-year-old as Graham Clark of Tampa and charged him as an adult with 30 felony counts of fraud. Clark netted at least US$100,000 from the scheme by using the celebrity accounts to solicit investments from unsuspecting Twitter users.

"He's a 17-year-old kid who just graduated from high school," said Florida State Attorney Andrew Warren in Hillsborough County, which includes Tampa, "But make no mistake: This was not an ordinary 17-year-old."

Mason Sheppard, a 19-year-old from Bogner Regis, Britain who used the alias Chaewon, was charged with wire fraud and money laundering while Orlando-based Nima Fazeli, 22, nicknamed Rolex, was accused of aiding and abetting the crimes, according to a Justice Department statement.

READ: Twitter hacking spree alarms experts concerned about the platform's security

Twitter said it appreciated the "swift actions of law enforcement".

Clark and one of the other participants were in custody, officials said.

In the hack, fraudulent tweets soliciting investments in the digital currency bitcoin were posted in mid-July by 45 verified Twitter accounts, including those belonging to Biden, former President Barack Obama and billionaire Bill Gates. 

Twitter said the hackers also likely read some direct messages including to a Dutch elected official.

Clark was able to obtain more than US$100,000 that way, a public bitcoin ledger showed.

Twitter has said its employees were duped into sharing account credentials.

READ: More than 1,000 people at Twitter had ability to aid hack of accounts: Sources

Sheppard and Fazeli did not return emails seeking comment. An attorney for Clark could not be immediately identified. Phone calls and an email to Clark's mother were not immediately returned.

Warren said the state rather than federal government was prosecuting Clark because Florida law enabled him to be charged as an adult.

StopSIMCrime founder Robert Ross, whose group tries to combat a popular hacking technique, said the case showed the prowess of adolescent amateurs at defeating corporate security.

"Groups of teens/youngsters are doing this en masse," he said by email. "It's really a national security risk," he said.

Source: Reuters/ec