Florida Teen Arrested As Alleged “Mastermind” In Twitter Hack, Bitcoin Scam
Thirty felony fraud-associated charges were filed in Hillsborough County
Last month, several high profile Twitter accounts were hacked with a bitcoin scam promising “double” bitcoins back for “donations.” Hilariously, the offer was only good for 30 minutes. Apparently, there are a lot of stupid people out there following these accounts because the hackers reportedly raked in over $110k.
Authorities have now tracked down the “mastermind” behind this hack that embarrassed Twitter and sent political, tech, and financial spheres into an immediate tizzy: a 17-year-old from Florida. Being from Florida, I find this amusing—a Florida Teen story, as opposed to our regular and always fun Florida Man stories.
A Tampa teenager is in jail, accused of being the “mastermind” behind a hack on the social media website Twitter that caused limited access to the site and high-profile accounts, according to jail records and the Hillsborough State Attorney’s Office.
8 On Your Side’s Ryan Hughes received exclusive information about the arrest of 17-year-old Graham Clark.
Hillsborough State Attorney Andrew Warren filed 30 felony charges against the teen this week for “scamming people across America” in connection with the Twitter hack that happened on July 15. The charges he’s facing include one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority.
Hillsborough County Jail records show Clark was booked into jail shortly after 6:30 a.m. Friday.
. . . . Former President Barack Obama, presidential candidate Joe Biden, Amazon CEO Jeff Bezos and SpaceX and Tesla CEO Elon Musk were just some of the names who were impacted by the hack. Twitter officials recently said that it had limited access to its internal tools after the high-profile hack.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida,” Warren said in a statement. “This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
Two others were also involved in the hack, according to WFLA:
According to the state attorney’s office, the FBI and U.S. Department of Justice found the suspect behind the attack in Hillsborough County after a “complex, nationwide investigation.”
According to the U.S. Attorney’s Office in the Northern District of California, Clark is one of three people charged for their alleged roles in the Twitter hack. The two other suspects were identified as 22-year-old Nima Fazeli, a.k.a. “Rolex,” of Orlando and 19-year-old Mason Sheppard, a.k.a. “Chaewon,” of the United Kingdom.
“I want to congratulate our federal law enforcement partners – the US Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service – as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,” State Attorney Warren said in his statement.
Donations tax deductible
to the full extent allowed by law.
Comments
I wonder if Twitter will ban him for violating their sacred “Termos of Service?”
Nope.
I’m not buying it.
Too easy.
Interesting how fast this is sealed up but the same social media outlet can’t give up the names on murderers and rioters
Um, what sort of comparison is that? They got these people by tracking the bitcoin transactions. How is that supposed to work to catch a murderer or arsonist?
The question is: why was it so easy to hack into these accounts? Maybe using “password” as your password is a bad idea. 🙂
At this level, the big cheese usually has an underling working the account, so the likely culprit was Linkdin. The teenager likely used it to find who was in charge of the Twitter account for the big cheese. From there, it was social engineering, research, or malware loaded with key loggers that got him what he needed.
And, that is exactly how the Chinese do it too.
One hopes that at the level these people are, that two factor authentication is used.
How he did it was in the press. He gained access to the admin tools with a phishing email. With that access, he change the email address. The verification email was sent to the new email address. Nothing was sent to the old email address.
After he had the new email address, he did a password reset.
The $100K and some from the Bitcoin was the small side. He picked up private messages from those elite accounts as well.
Effectively implemented technical security is pretty hard to penetrate. Humans, on the other hand, are easily gulled, bribed or intimidated into giving a malicious actor access to things. Hackers who want to prove how smart they are crack technical systems. Hackers who want money crack employess.
Unpossible!! I have it on authority from the FBI and 17 intelligence agencies that this Twitter hack/Bitcoin fraud was such a sophisticated piece of computer hackery and manipulation that it could only have been done by a state-sponsored actor. They, further, have abundant evidence that it was the dreaded Grizzly Steppe who carried out the bulk of this state-level computer piracy!
I am sure it was done by White supremacists, the same ones responsible for the mostly peaceful protests in Portland and elsewhere that intensified.
We should have media confirmation soon. Any minute now.
Computer security in general is surprisingly poor.
The basic password systems themselves are quite good. In particular, the “hash” system is downright brilliant; even a successful attack on a system’s host computer can’t recover the stored passwords of thousands or millions of legit users, because the computer doesn’t have those stored anywhere. It has the hashes derived from the passwords stored instead, and the hashes are useless to a hacker.
The weak point in the entire thing seems to be that little “I forgot my password” box they all have. It allows someone with minimal credentials to change a password, and that gives him access to everything a legit user can do. A very secure password recovery system would defeat its own purpose.
I don’t mean to be insulting, but pretty much none of that is true.
I have worked at businesses that store HIPAA and FISA-protected data that cannot implement the most basic data security, including effective password hashing, due to apathy and incompetence.
Also password hashing doesn’t protect the information that’s in the same database.
Kid will be out of jail, the story will be shut down and NSA will have a new employee to spy on Americans.
Maybe.
This is twatter. I’m not sure any of their systems, or people, are that robust.