Florida police have arrested a 17-year-old male and the Department of Justice has charged two others for their alleged roles in a breach where attackers seized control of high-profile Twitter accounts to push an apparent bitcoin scam.
The state attorney in Hillsborough County, Florida, announced Friday that Graham Ivan Clark “was the mastermind” of the July 15 Twitter breach. In that incident, hackers leveraged accounts belonging to former President Barack Obama, Democratic presidential candidate Joe Biden, Tesla founder Elon Musk and others in an attempt to convince millions of followers to send bitcoin to a particular wallet.
The Department of Justice (DOJ) also announced charges against two other individuals in connection with the breach. Mason Sheppard, a 19-year-old man living the U.K., was charged with conspiracy to commit wire fraud; conspiracy to commit money laundering; and the intentional access of a protected computer. Another Florida man, Nima Fazeli, was charged with aiding and abetting the intentional access of a protected computer.
Sheppard allegedly used the alias “Chaewon,” while Fazeli went by “Rolex” online. Sheppard was not immediately arrested by the U.K.’s National Crime Agency, though British police have visited him at home, according to The Register.
Attorneys for the accused could not be immediately located for comment.
Twitter previously said attackers had targeted 130 accounts, tweeting from 45 of those, accessing the direct messages of 36 and downloading Twitter data from seven users. The scammers contacted Twitter employees by phone, convinced them to provide crucial data, then used that information to take over accounts of other employees who had access to Twitter’s internal controls, the company said Thursday.
Members of the scheme allegedly communicated on the messaging app Discord, advertising illicit access to Twitter accounts and promising to provide other users with access to any account in exchange for a fee.
Tweets from the high-profile victims resulted in 415 bitcoin transfers into a cryptocurrency account controlled by the attackers, according to a criminal complaint. The suspects earned more than $117,000 as part of the effort, according to the DOJ.
Investigators used a stolen database from OGUsers, a discussion forum where hackers often congregate, to identify one of the suspects, according to a court filing. The database included public forum posts, private messages between users, IP addresses and email information about OGUsers members.
Clark was charged with 30 felonies, including 17 counts of communications fraud, 10 counts of fraudulent use of personal information and one count of organized fraud. He will not face federal charges, Warren said, though he will be charged as an adult in Florida.
“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Hillsborough State Attorney Andrew Warren said in a statement. “The State Attorney’s office is handling this prosecution rather than federal prosecutors because Florida law allows for us greater flexibility to charge a minor as an adult in a financial fraud case.”
The complaints against Sheppard and Fazeli are available in full below.
Update, Aug. 6: This story has been updated to note that U.K. authorities have not arrested accused hacking suspect Mason Sheppard, according to The Register.