Officials in Florida say a local teenager named Graham Ivan Clark has been charged with hijacking dozens of Twitter accounts belonging to celebrities and selling access to them.
3 min read
This story originally appeared on PC Mag
The mastermind behind the epic Twitter hack is allegedly a Florida-based 17-year-old.
On Friday, the Justice Department announced it had charged three individuals for hijacking dozens of VIP Twitter accounts on July 15 to promote a Bitcoin scam.
The main suspected instigator, Graham Ivan Clark, was arrested and charged on Friday for orchestrating the hacks, according to the Hillsborough State Attorney in Tampa, Florida.
Image credit: Hillsborough County Sheriff’s Office
Authorities identified Clark as the suspect with the help of the FBI and the US Department of Justice. “This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Andrew Warren, State Attorney for the Thirteenth Judicial Circuit, said in today’s announcement.
His office is prosecuting Clark because Florida law allows minors to be charged as adults in financial fraud causes. Clark currently faces 30 felony charges, including 17 counts of communication fraud, and 10 counts of fraudulent use of personal information.
The two other suspects, 19-year-old UK resident Mason Sheppard and 22-year-old Florida resident Nima Fazeli, were also charged for participating in the hack.
The FBI cited chat records on Discord, the messaging service the trio allegedly used to coordinate their activities. The Justice Department’s complaint indicates Clark was behind the Discord user “Kirk#5270” and sold access to hijacked Twitter accounts.
Kirk#5270 was asking for a minimum of $1,000 or $2,500 for each hijacked account. He then marketed his services on OGUsers.com, an underground forum popular among hackers. But in April, the personal details of OGUsers.com’s membership was leaked through a dumped database, a copy of which the FBI obtained.
The leak enabled federal investigators to identify who was communicating with Kirk#5270. Subsequent record searches showed Sheppard and Fazeli used Coinbase accounts registered to their personal email addresses to facilitate the payments.
How the culprits achieved access to Twitter’s account management systems wasn’t made clear. But on Thursday, the company blamed the intrusion on a “phone spear phishing” scheme that managed to dupe a few Twitter employees into giving up their corporate login credentials. Security firm Unit221B points out the COVID-19 pandemic is forcing many employees to work at home, making them more vulnerable to phishing attacks.
In response to the arrests, Twitter said: “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.”