Kate Conger and Nathaniel Popper, The New York Times
Published: 2020-08-01 04:16:42 BdST
Graham Ivan Clark, 17, was arrested in his Tampa home early Friday, state officials said. He is believed to be the linchpin of a hack that turned into an embarrassment for Twitter and called into question the security measures of a range of tech companies. Two other people were also charged with taking part in the hack.
Federal authorities were already tracking Clark before the Twitter hack. In April, the Secret Service seized more than $700,000 worth of Bitcoin from him, according to legal documents. The Tampa youth faces 30 felony charges, including fraud, and is being charged as an adult.
The Twitter hack began July 15 as an effort to steal and sell unusual user names. It quickly escalated as the hackers took over accounts belonging to cryptocurrency companies and celebrities. The scheme netted Bitcoin worth more than $180,000.
Federal authorities also brought charges against Mason John Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida. They are accused of acting as brokers during the hack by selling stolen Twitter user names.
The hackers tweeted from 45 of the accounts, gained access to the direct messages of 36 accounts and downloaded full information from seven accounts. They gained access to internal Twitter systems by stealing login information from employees, then used their access to reset passwords on the accounts.
“While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks,” said John Bennett, a special agent in charge with the FBI. “Cyber criminals will not find sanctuary behind their keyboards.”
In a statement, Twitter thanked law enforcement for its “swift actions” and said it would continue to cooperate with the investigation.
Hackers involved in the breach told The New York Times that they had been quietly selling stolen user names when one person in their group, who went by the name Kirk, suddenly launched the Bitcoin scam before disappearing.
One of the hackers, who used the screen name “ever so anxious,” said he was motivated to participate because he wanted to acquire unique usernames. During the hack, he took the Twitter handle “@anxious” for himself.
“i just kinda found it cool having a username that other people would want,” “ever so anxious” said in a chat with the Times.
A special agent with an Internal Revenue Service investigative unit identified “ever so anxious” as Sheppard in a court filing.
“Working together, we will hold this defendant accountable,” Andrew Warren, the state attorney of Hillsborough County, Florida, said in a statement. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency, it’s fraud, it’s illegal, and you won’t get away with it.”
©2020 The New York Times Company