NewsNational

Actions

3 facing charges in Twitter hack; details emerge how 17-year-old got access to accounts

3 facing charges in Twitter hack; details emerge how 17-year-old got access to accounts
Posted at 11:13 AM, Aug 05, 2020
and last updated 2020-08-05 11:16:57-04

TAMPA, Fla. (AP) — A Florida teen identified as the mastermind of scheme that gained control of Twitter accounts of politicians, celebrities and technology moguls has pleaded not guilty to multiple counts of fraud.

Seventeen-year-old Graham Clark is accused of using the hijacked Twitter accounts to scam people around the world out of more than $100,000 in Bitcoin.

He faces numerous charges including 17 counts of communications fraud and 11 counts of fraudulent use of personal information.

Two other men were also charged in the case. Mason Sheppard, 19, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando were charged separately last week in California federal court.

Court papers in the California cases say Fazeli and Sheppard brokered the sale of Twitter accounts stolen by a hacker who identified himself as “Kirk,” and said he could “reset, swap and control any Twitter account at will” in exchange for cybercurrency payments, claiming to be a Twitter employee.

The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.

Twitter has said the hacker gained access to a company dashboard that manages accounts by using social engineering and spear-phishing smartphones to obtain credentials from “a small number” of Twitter employees “to gain access to our internal systems.” Spear-phishing uses email or other messaging to deceive people into sharing access credentials.

The prosecution believes Clark called a Twitter employee and was able to convince the employee he was a coworker, according to the Wall Street Journal.

A blog post from Twitter last week shared some details of the hack. "Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7."

Clark was arrested Friday and entered the not-guilty pleas Tuesday. He remains in jail with bond set at $725,000. A bond hearing is set for Wednesday.