TAMPA — A 17-year-old from Tampa is at the center of a Twitter hack scheme which gave him and two others access to the high-profile accounts of Bill Gates, Barack Obama and many other celebrities with millions of followers, authorities say.
Graham Ivan Clark was arrested Friday at his home in Greater Northdale, according to the Hillsborough State Attorney’s Office. The two others charged Friday are 22-year-old Nima Fazeli of Orlando and 19-year-old Mason Sheppard of the United Kingdom, according to the U.S. Attorney’s Office in California.
Clark faces state charges and will be tried in Hillsborough County because he is a juvenile, federal authorities said. The other two men face federal charges in the Northern District of California.
“He’s a 17 year-old kid who apparently just graduated high school,” said State Attorney Andrew Warren of Clark during a Friday news conference. “But no make no mistake, this was not an ordinary 17-year-old. This was a highly sophisticated attack on a magnitude not seen before.”
The Secret Service seized more than $700,000 of Bitcoin from Clark in April, according to the New York Times. Then came the July 15 hack, which authorities said Clark was the “mastermind” behind.
Clark’s scheme was to steal the identities of prominent people, then post messages in their names directing victims to send Bitcoin to accounts he owned. The accounts received more than 400 transfers and he reaped more than $100,000 in Bitcoin in just one day, the state attorney’s office said Friday.
As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam.
“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Warren said in an online news conference.
He added that Florida law gives prosecutors greater flexibility to try a minor as an adult in a financial fraud case.
“I want to congratulate our federal law enforcement partners—the U.S. Attorney’s Office for the Northern District of California, the FBI, the IRS, and the Secret Service—as well as the Florida Department of Law enforcement. They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,” Warren said.
The hacking took place on July 15. At the time, Twitter said it was a “coordinated” attack targeting its employees “with access to internal systems and tools.”
No one answered the door Friday afternoon at an address listed for Clark. His mother could not be reached for comment.
Sheppard, who used the hacking alias “Chaewon,” faces charges of conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. Fazeli, or known under the alias “Rolex,” faces charges of aiding and abetting the intentional access of a protected computer.
Clark gained access to Twitter accounts and to the social media platform’s internal controls by compromising a Twitter employee, Warren said. Clark then sold access to those accounts and used the identities of prominent people to solicit money in the form of bitcoin, promising in return he would send back twice as much. He collected the bitcoin and never gave back the money he received.
“This was a massive fraud orchestrated right here in our own back yard and we won’t stand for that,” Warren said.
Clark allegedly tricked people into sending money to him with a similar message on the accounts he hacked into. For presumptive Democratic presidential nominee Joe Biden, Clark wrote:
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes ... Enjoy!”
Some of the celebrities who authorities say were hacked by Clark included: Biden, Gates, Obama, Jeff Bezos, Mike Bloomberg, Warren Buffet, Kim Kardashian, Wiz Khalifa, Floyd Mayweather, Elon Musk and Kanye West.
A handful of companies had their accounts hacked, too, including Apple and Uber. The hackers allegedly compromised about 130 Twitter accounts and scammed others who sent money.
In an update on its internal investigation on Thursday, Twitter said that the incident targeted employees using a phone spear-phishing attack, according to a news release.
“We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” the company tweeted from its communications account Friday. “For our part, we are focused on being transparent and providing updates regularly.”
At the time of the attack, the popular social networking company put a temporary freeze on all “verified” accounts to prevent further fraud from public figures.
Clark faces 30 charges including: 17 counts of felony communications fraud, 10 counts of identity theft and one count each of aggravated identity theft and hacking and unlawful access to a computer in furtherance of a scheme to defraud. He was being held Friday without bail in the Hillsborough County jail. He is expected to make his first court appearance on Saturday.