Early on July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed 17-year-old Graham Clark of Tampa, Florida, under arrest. He’s accused of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history, one that took over the accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk, Kanye West, Apple, and more to perpetrate a huge bitcoin scam on July 15th.
Apparently, he wasn’t alone: shortly after the Tampa arrest was revealed and after we published this story, two more individuals were formally charged by the US Department of Justice: 22-year-old Nima Fazeli in Orlando and 19-year-old Mason Sheppard in the UK. They go by the hacker aliases “Rolex” and “Chaewon,” respectively, according to the DOJ. The FBI says that two individuals in total are in custody. An unidentified minor in California also admitted to federal agents that they’d helped Chaewon sell access to Twitter accounts.
But according to an affidavit released late Friday, authorities have probable cause to believe Clark, the Tampa teen, was the one who got access to Twitter’s internal tools and directly carried out the scam. Specifically, he allegedly convinced a Twitter employee that he worked in the Twitter IT department and tricked that employee into giving him the credentials.
From the affidavit:To wit: Clark without authorization gain [sic] access to Twitter Inc.’s Customer Service Portal. Clack used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal. Clark then accessed the Twitter accounts of prominent individuals, including VP Joe Biden, former President Barack Obama and business [sic] such as Apple and Coinbase. Clark then posted on their Twitter accounts a communication that if...