Update 8/1/2020 1020ET: The two other individuals charged include 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to The Verge.
Clark, however, appeared to be the one that got access to Twitter's internal tools and "directly" carried out the scam. An affidavit released Friday states:
Clark without authorization gain [sic] access to Twitter Inc.’s Customer Service Portal. Clack used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal.
Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if Bitcoins are sent to accounts they will be doubled and returned to the victim. Clark did not return the funds and he moved the funds to another account. 10 prominent people had their personal identification information in the form of a verifide [sic] Twitter Account use without consent be used [sic] in the fraudulent activity. Clark received approximately $117,000 during the commission of his scheme to defraud.
Sheppard was found out because he used a personal license to verify himself at Binance and Coinbase and his accounts were shown to have sent some of the scammed Bitcoin. Fazeli also used a driver's license to verify on the same exchanges.
Fazeli is facing five years in prison and a $250,000 fine for one count of computer intrusion. Sheppard is being charged with computer intrusion, wire fraud conspiracy, and money laundering conspiracy, the most serious of which comes with a 20-year sentence and a $250,000 fine in the US.
Clark reportedly may have disguised himself as "Kirk" on a Discord chat log, where he told the other "middlemen" that he had access to any Twitter account. The FBI investigation into whether "Kirk" and Clark were the same person continues.
Update 7/31/2020 1520ET: The Department of Justice has also noted that 2 additional individuals have been charged, including a 19 year old from the UK and a 22 year old from Orlando, Florida, according to Bloomberg:
*DOJ: THREE CHARGED FOR ALLEGED ROLES IN TWITTER HACK
*DOJ: 19-YEAR-OLD FROM UK, 22-YEAR-OLD FROM ORLANDO CHARGED
*DOJ: 3RD INDIVIDUAL IS JUVENILE WHO WON'T BE FURTHER IDENTIFIED
Before Democrats even had time to blame the Twitter hack on Russians and meddling in the upcoming election, a 17 year old from Tampa has stolen their thunder.
The teenager, 17-year-old Graham Clark, is being hailed as the "mastermind" behind the hack that rocked Twitter weeks ago, when major celebrity accounts like Bill Gates and Barack Obama were hacked and then used to request Bitcoin from their followers.
Unfortunately for Democrats, Clark's name doesn't even sound Russian.
Regardless, Hillsborough State Attorney Andrew Warren filed 30 felony charges against Clark this week for “scamming people across America” in connection with the hack, according to NBC Tampa.
Clark is facing "one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority."
He was booked into jail at about 6:30am Friday morning. The state attorney's office said: “As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam. These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”
Clark was found after a "complex nationwide" investigation. Warren concluded: “I want to congratulate our federal law enforcement partners – the US Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service – as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud.”
“This defendant lives here in Tampa” and “he committed the crime here,” Warren stated. You can watch the state attorney general's press conference here:
Recall, just moments ago we noted that Twitter had blamed the hack on "spear-phishing", which is a targeted attack to trick people into simply handing out their passwords.
Twitter staff were targeted through their phones, according to a new report from the BBC. The attacks then allowed hackers the ability to Tweet from celebrity Twitter accounts. Twitter has said it was "taking a hard look" at how it could improve its permissions and processes.
"The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter wrote on Wednesday.