The 17-year-old Florida teenager is accused of a massive Twitter hack


Graham Ivan Clark, 17, was arrested Friday morning in Tampa

Graham Ivan Clark, 17, was arrested Friday morning in Tampa

Three people have been arrested and charged in a massive Twitter rape earlier this month that affected dozens of high-profile users.

Graham Ivan Clark, 17, was arrested Friday morning in Tampa, Florida, after a federal investigation focused on him, and he faces 30 felony charges that will be prosecuted in state court.

The Hillsborough State Attorney’s Office called Clark the “mastermind” of the July 15 rape, which saw famous Twitter accounts hijacked and used to advocate donating bitcoin to a wallet controlled by the attacker.

Authorities say the hackers behind the attack obtained more than $ 100,000 in bitcoins through the illegal scheme.

Also on Friday, federal prosecutors announced charges against two suspected conspirators: Mason ‘Chaewon’ Sheppard, 19, of Bognor Regis in the United Kingdom, and Nima ‘Rolex’ Fazeli, 22, of Orlando, Florida.

Former United States President Barack Obama, the most followed Twitter account, was among the high-profile targets used to carry out the bitcoin scam

Former United States President Barack Obama, the most followed Twitter account, was among the high-profile targets used to carry out the bitcoin scam

Sheppard is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and intentional access to a protected computer.

Fazeli is accused of aiding and abetting intentional access by a protected computer.

According to criminal complaints, Sheppard, also known as Chaewon, also used the nickname ‘always anxious’, the username of a rape participant who told the New York Times that he lives in the south of England with his mother.

It was not immediately clear if prosecutors believe Clark was the mysterious ‘Kirk’ hacker who initially offered to take over Twitter accounts for a fee using intermediaries at a gamer forum, or if they suspect he was higher up the chain. , with ‘Kirk’ working as yet another intermediary.

Chat records obtained by the IRS criminal investigation division showed discussions that ‘Rolex’ (Fazeli) and ‘always so anxious’ (Sheppard) had with the dark ringleader ‘Kirk’.

In chats, ‘Kirk’ claims to work on Twitter and offers to take over any username for a fee. The original scam of selling stolen usernames appears to have evolved into the large-scale hijacking of high-profile accounts.

Another participant, known by the nickname ‘lol’, was also mentioned in the prosecution documents, but was not identified by name. The complaints also concern an unidentified juvenile suspect.

Chat records obtained by investigators show 'Kirk' and 'Rolex' discussing the plan

Chat records obtained by investigators show ‘Kirk’ and ‘Rolex’ discussing the plan

The duo conspired to sell stolen Twitter shooters, but the attack escalated

The duo conspired to sell stolen Twitter shooters, but the attack escalated

“There is a false belief within the criminal hacker community that attacks like Twitter hacking can be carried out anonymously and without consequence,” said US Attorney David L. Anderson of the Northern District of California.

“Today’s indictment announcement shows that the euphoria of nefarious piracy in a safe environment for fun or profit will be short-lived,” Anderson said.

Although the investigation was conducted by the FBI and involves federal crimes, Clark will be prosecuted locally because Florida law allows minors to be charged as adults in financial fraud cases, when appropriate.

“This ‘Bit-Con’ was designed to steal money from regular Americans across the country, including here in Florida,” said Hillsborough State Attorney Andrew Warren. “This massive fraud was orchestrated right here in our backyard, and we will not tolerate it.”

“This defendant lives here in Tampa, he committed the crime here, and he will be prosecuted here,” Warren said.

Hillsborough County Jail records show Clark was booked shortly after 6.30 a.m. on Friday

Hillsborough County Jail records show Clark was booked shortly after 6.30 a.m. on Friday

Records from the Hillsborough County Jail show that Clark was incarcerated shortly after 6.30 a.m. on Friday.

Her home address is in a quiet suburb on the edge of the Northdale Golf & Tennis Club in northwest Tampa, within the Gaither High School district.

Clark had reportedly recently graduated from high school, though it was unclear from which school.

Twitter says hackers ‘manipulated’ employees to access 130 accounts

Twitter said last week that hackers ‘manipulated’ some of its employees to access accounts.

More than $ 100,000 of the virtual currency was sent to the email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.

“We know that they accessed tools that are only available to our internal support teams to target 130 Twitter accounts,” said a statement posted on the Twitter blog.

For 45 of those accounts, hackers were able to reset passwords, log in and send tweets, he added, while downloading the personal data of up to eight unverified users.

Twitter blocked affected accounts and removed fraudulent tweets. It also closed accounts unaffected by the hack as a precaution.

“By working together, we will hold this defendant accountable,” Warren said. “Swindling people with the hard-earned money is always wrong.”

“Whether you are taking advantage of someone in person or on the Internet, trying to steal your cash or your cryptocurrency, it is fraud, it is illegal and you will not get away with it,” he said.

The United States Attorney’s Office for the Northern District of California, the FBI, the IRS, the Secret Service and the Florida Police Department participated in the investigation.

Twitter says the hackers responsible for the rape tricked employees of the social media company into giving them high-level administrative credentials through a phone scam.

The company revealed a few more details about the hack earlier this month, which it said targeted “a small number of employees through a phishing phone attack.”

“This attack was based on a significant and concerted attempt to trick certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

The embarrassing July 15 attack compromised the accounts of some of its highest-profile users, including Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an apparent attempt to lure their followers to send money to an anonymous bitcoin account. .

The tweets falsely offered to send $ 2,000 for every $ 1,000 sent to the anonymous bitcoin address.

After stealing the credentials of the employees and entering the Twitter systems, the hackers were able to target other employees who had access to account support tools, the company said.

Hackers targeted 130 accounts. They managed to tweet from 45 accounts, access 36 direct message inboxes, and download data from Twitter from seven. Dutch anti-Islam MP Geert Wilders has said that his inbox was among the people he accessed.

Spear-phishing is a more specific version of phishing, a phishing scam that uses email or other electronic communications to trick recipients into delivering confidential information.

Twitter said it would provide a more detailed report later “given the ongoing investigation of law enforcement.”

The company previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal tools and systems.

It did not provide further information on how the attack was carried out, but the details revealed so far suggest that hackers began to use the outdated method of talking beyond security.

British cybersecurity analyst Graham Cluley said his assumption was that a specific Twitter employee or contractor received a message over the phone asking him to call a number.

“When the worker called the number, he could have been taken to a compelling (but bogus) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over his credentials,” Clulely wrote in his blog on Friday. .

Hackers may also pretend to call from the company’s legitimate helpline by falsifying the number, he said.

.