- A 17-year-old in Florida was arrested on Friday in connection with a major
Twitter hack involving dozens of high-profile accounts. - State prosecutors filed 30 charges of fraud, identity theft, and hacking against the teen, describing him as the "mastermind" of a "massive fraud."
- Twitter said its internal controls were improperly accessed in mid-July. Prosecutors said the hack tricked people into giving away at least $100,000 in cryptocurrency.
- The Department of Justice also on Friday charged two people in connection with the hack.
A 17-year-old in Tampa, Florida, was arrested on Friday in connection with the massive Twitter hack earlier this month in which dozens of high-profile accounts were hijacked as part of a cryptocurrency scam.
Hillsborough State Attorney Andrew Warren filed 30 charges against the 17-year-old, Graham Clark, describing him as the "mastermind" behind the hack.
"These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," Warren said in a press release. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that."
Later Friday, the US Department of Justice said in a press release that it had arrested two other people in connection with the hack: Mason Sheppard, 19, who lives in the United Kingdom and goes by "Chaewon," and Nima Fazeli, 22, of Orlando, Florida, who goes by "Rolex."
In a press conference, Warren said that Clark was not facing federal charges at this point and that the state was handling prosecution because Florida law allows more flexibility when prosecuting minors. WFLA first reported on the arrest.
Clark was charged with one count of organized fraud over $50,000, 17 counts of communications fraud over $300, one count of fraudulent use of personal information over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of accessing a computer or electronic device without authority.
The
Earlier this month, hackers used Twitter's internal controls to compromise the accounts of prominent people and companies after Twitter employees were tricked into giving over access to the tools, the company said.
Clark convinced a Twitter employee that he was "a coworker in the IT department," according to a court document filed Friday.
The compromised accounts then tweeted that they were feeling "generous" and would match bitcoin donations. The DOJ said that generated more than 400 transfers to the scammers' cryptocurrency wallet worth more than $100,000.
Complaints said victims of the hack included former President Barack Obama, former Vice President Joe Biden, Bill Gates, Warren Buffett, Jeff Bezos, Elon Musk, Michael Bloomberg, Floyd Mayweather, Kanye West, Kim Kardashian West, Apple, Uber, and the cryptocurrency exchanges KuCoin, Coinbase, Gemini, and Binance. The DOJ said more than 100 accounts were compromised.
Warren said Clark was "not an ordinary 17-year-old" and called the hack a "highly sophisticated attack on a magnitude not seen before." He also said that the hack "could have destabilized financial markets" or "undermined American
Clark's mother told NBC News on Friday that she believes her son is innocent.
"I believe he didn't do it. I've spoken to him every day... I'm devastated," she told NBC
The DOJ said "the Secret Service, the U.S. Attorney's Office, the FBI, the IRS, as well as our state, local and international law enforcement partners" were involved in the investigation and arrests.
"We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly," Twitter said in a tweet Friday.
A representative for Warren's office said Clark had not yet been assigned an attorney, according to their records.