A 17-year-old teen from Tampa, Florida, was arrested on Friday, July 31, as authorities from the FBI, IRS, US Secret Service, and Florida law enforcement identified him as the mastermind behind the biggest security and privacy breach in the history of Twitter.
Earlier this month, Graham Clark and two others hacked the Twitter accounts of high profile individuals, including former US President Barrack Obama, Democratic presidential candidate Joe Biden, businessmen Bill Gates and Elon Musk, rapper Kanye West, tech company Apple and a lot more.
Their goal is to perpetuate a huge Bitcoin scam on July 15. Clark and his accomplices were able to scam people around the world of a total of $100,000 in Bitcoin. The three of them have been charged already of their crimes.
READ: Witches Band Together on TikTok to Hex the Moon: Did They Succeed?
Graham Ivan Clark, 17, poses for a booking photo at Hillsborough County Jail in Tampa, Florida, U.S. July 31, 2020.
Pretending to be a Twitter employee
The authorities found out that Graham Clark was not alone in pulling the recent Bitcoin scam on Twitter. After the Tampa authorities arrested him, two more individuals were charged by the US Department of Justice.
They are Nima Fazeli, alias "Rolex," 22 years old from Orlando, and Mason Sheppard, alias "Chaewon," 19 years old from the United Kingdom.
Both of them are already in the custody of the authorities. Moreover, a minor in California admitted to the FBI that they had helped Cahewon sell access to Twitter accounts.
However, based on the affidavit released on late Friday, the authorities believe that Clark had gotten access to Twitter's internal tools and directly preceded with scamming people on Twitter.
He allegedly convinced an employee of Twitter through social engineering that he worked at the IT department and tricked the said employee into giving him access to confidential credentials to enter Twitter's customer service portal.
But it remains a mystery how Twitter's systems were accessed. The company merely said that it had fallen victim to a phishing attack, and earlier reports suggest that the hacker must have bribed an employee.
Federal agents said that Shepard was caught partly because he used his personal driver's license as one of the verification processes in Binance and Coinbase cryptocurrency exchanges. It is said that his account received some of the scammed bitcoin.
He also used the same identification card to verify with Coinbase the accounts controlled "Rolex" to send payments in exchange for the hacked Twitter usernames.
READ ALSO: Twitter Now Testing "Fleets" Tweets that Vanish After 24 Hours
Twitter Hackers Face Jail Time
The suspects are now facing jail time due to their crimes. Fazeli is charged with five years in prison with a $250,000 fine for every account of computer intrusion.
Meanwhile, Sheppard faces a charge on computer intrusion, wire fraud conspiracy, and money laundering conspiracy. He is set to face 20-year imprisonment for the most severe crime and a fine of $250,000 in the US.
It appears that the two of them were just the middlemen, and it was hacker "Kirk#5270" is the mastermind for getting access to the internal system of Twitter as of July 22.
Some say, "Kirk" is an employee of Twitter based on a Discord chat log. It is still unclear whether Clark is Kirk, authorities are continuing to investigate the case, hoping to look for more suspects.
Nonetheless, Clark is currently in jail and will face more than 30 felony counts, including hacking, communications fraud, identity theft, and organized fraud.
He is being charged as an adult as his actions were not of an ordinary 17-year-old's behavior, said the state attorney. The enforcement will be looking into how bad the consequences are of his hacking as they suspect it could be beyond $100,000 in bitcoin.
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
For the latest, see here https://t.co/kHty8TXaly — Twitter Comms (@TwitterComms) July 31, 2020
