Police have arrested a suspect in this month’s major Twitter hack that compromised high-profile accounts belonging to Elon Musk, Bill Gates, Apple, Uber, Barack Obama, and dozens of others. The Hillsborough State Attorney’s Office said that an investigation involving the FBI, the IRS, the Secret Service, the US Attorney’s Office for the Northern District of California, and Florida law enforcement agencies led to the arrest of 17-year-old Graham Ivan Clark, the alleged “mastermind” of the hack.
Messages posted to the compromised Twitter accounts asked followers to make payments to Bitcoin accounts and promised to pay double the deposited amount in return, as a way of “giving back” to fans. That might seem like a transparent ploy, but it was effective: Clark reportedly pulled in more than $100,000 in a single day.
State Attorney Andrew Warren filed 30 felony charges against Tampa resident Graham Ivan Clark, 17, for scamming Americans, perpetrating the “Bit-Con” hack of @BillGates , @BarackObama , & @elonmusk Twitter accts. TY to our federal law enforcement partners. https://t.co/iLyq8guuBN pic.twitter.com/RrchWo5TOyJuly 31, 2020
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” State Attorney Andrew H Warren said.
The defendant is now facing 30 felony charges, including:
- Organized Fraud (Over $50,000) – 1 count
- Communications Fraud (Over $300) – 17 counts
- Fraudulent Use of Personal Information (Over $100,000 or 30 or more victims) – 1 count
- Fraudulent Use of Personal Information – 10 counts
- Access Computer or Electronic Device Without Authority (Scheme to Defraud) – 1 count
The Attorney’s Office didn’t say whether authorities are pursuing other suspects, although the characterization of Clark as the “mastermind” of the hack suggests that others were involved. It did imply that the stolen money may not be recoverable, however, saying that “as a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam.”
“Working together, we will hold this defendant accountable. Scamming people out of their hard-earned money is always wrong,” Warren said. “Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.”
Twitter has also posted an update about the “security incident,” saying that a “phone spear phishing attack” targeting its employees eventually gave the hackers access to Twitter’s account support tools, which were used to post the scam tweets from 45 different accounts. Twitch was also forced to block tweets from all verified accounts for several hours in order to halt the hack.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service,” Twitter said. “We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”
Access to those tools has been “significantly limited” since the attack, which has “impacted” some features and means that Twitter will be slower to respond to account support requests and abusive tweet reports.
Thanks, The Verge.