Tampa teen faces 30 felony charges for hacking prominent Twitter accounts; 2 others charged

Prosecutors announced the arrest of a Tampa teenager believed to be the mastermind behind the hacking of prominent Twitter accounts, along with two other suspects.

Graham Ivan Clark, 17, was arrested in Tampa on July 31 and faces 30 felony charges for scamming people across America, perpetuating the “Bit-Con” hack of prominent Twitter accounts including Bill Gates, Barack Obama, and Elon Musk on July 15.

Meanwhile, Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, were charged in California federal court.

Although the case against the teen was also investigated by the FBI and the U.S. Department of Justice, the Hillsborough State Attorney’s Office is prosecuting Clark because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate. The FBI and the Department of Justice will continue to partner with the office throughout the prosecution. 

ivan-clark.jpg

Courtesy: Hillsborough County Sheriff's Office

“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said.

The hacks led to bogus tweets being sent out July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

Previous: Hackers appear to target Twitter accounts of Joe Biden, Elon Musk, Kanye West, others in bitcoin scam

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” Warren said. 

The investigation revealed Clark was the mastermind of the recent hack of Twitter. Clark’s scheme to defraud stole the identities of prominent people, posted messages in their names directing victims to send Bitcoin to accounts associated with Clark, and reaped more than $100,000 in Bitcoin in just one day, according to the Hillsborough State Attorney’s Office. As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam. 

Related: Experts say Twitter breach troubling, undermines trust

“I want to congratulate our federal law enforcement partners—the US Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service—as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of sophisticated and extensive fraud,” State Attorney Warren said. 

Clark has been charged with one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information, 10 counts of fraudulent use of personal information and one count of access computer or electronic device without authority.

“Working together, we will hold this defendant accountable,” Warren said. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.” 

Related: Michigan teacher and coach says he was fired for tweeting 'Trump is our President'

Twitter previously said hackers used the phone to fool the social media company's employees into giving them access. It said targeted “a small number of employees through a phone spear-phishing attack.”

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

After stealing employee credentials and getting into Twitter's systems, the hackers were able to target other employees who had access to account support tools, the company said.

The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven.

The Associated Press contributed to this report.