A 17-year-old “mastermind” behind the massive hack of high-profile Twitter accounts in an alleged bitcoin scam was arrested during an early morning raid in Florida on Friday.
The Tampa teenager, Graham Ivan Clark, is facing 30 felony charges over the “Bit-Con” hack of famous celebrities, politicians and business leaders including Elon Musk, Bill Gates, Barack Obama, and many others.
Hillsborough State Attorney Andrew Warren said the extensive fraud was sophisticated and used famous personalities to target regular Americans.
The Federal Bureau of Investigation, the Department of Justice, IRS and Secret Service conducted a nationwide search after the biggest security breach in Twitter’s history that company said exposed about 130 accounts, allowing the hacker to tweet from about 45, access in boxes of 36, and download date from seven.
Mr Warren told a news conference that he couldn’t comment on whether the teenager worked alone, but said he “was not an ordinary 17-year-old”.
“This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe; because he had access to powerful politicians’ Twitter accounts, he could have undermined politics as well as international diplomacy,” Mr Warren said.
The boy, who was arrested at an apartment where he lives alone, has been charged as an adult with felonies including organised fraud, communications fraud, identity theft and hacking.
Mr Warren said Clark gained access to the accounts and internal Twitter controls through compromising a company employee, before selling access to some accounts and using high-profile identities to solicit bitcoin.
The specific accounts he was charged for using included those Barack Obama, Joe Biden, Bill Gates, Warren Buffett, Jeff Bezos, Elon Musk, Michael Bloomberg, Floyd Mayweather, Kim Kardashian, and Kanye West, as well as the companies Apple, Bitcoin, Uber, and bitcoin exchanges Coinbase, Gemini, and Binance.
While the celebrity tweets went live on 15 July, the charges stem over a period of more than two months dating back to 3 May. Mr Clark is currently in police custody and is expected to appear in court as early as tomorrow morning.
“He’s a 17-year-old kid who apparently just graduated high school, but make no mistake this was not an ordinary 17-year-old. This was a highly sophisticated attack on a magnitude not seen before,” Mr Warren said.
Twitter thanked law enforcement in a statement on Friday, saying they were focused on being transparent about the hack.
A day earlier, the company said the attack targeted a small number of employees through a phone spear phishing attack that “relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems”.