Earlier this month a number of Twitter accounts belonging to prominent, highly-followed individuals like Elon Musk, Joe Biden, Barack Obama, Bill Gates, and Jeff Bezos were compromised, seemingly to defraud strangers out of bitcoin. Unfettered access to potentially sensitive information contained therein generated speculation: Was the cryptocurrency gambit a front to cover up blackmail attempts or nation state-level hacking?
Nope: It was literally just kids who made (and has now presumably lost, or at least lost ready access to) around $180,000 in bitcoin for their troubles, authorities say.
Seventeen-year-old Graham Ivan Clark of Florida was brought into Hillsborough County Jail around 6:30 am local time today, according to WFLA. The Department of Justice later announced charges against two additional individuals: Mason Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Florida.
Charges for Clark, which were filed State Attorney Andrew Warren, total 30 felonies, including communications fraud, fraudulent use of personal information, and unauthorized access to a computer or electronic device. He will be charged as an adult.
Sheppard was charged in federal court in California’s Northern District with aiding and abetting the intentional access of a protected computer, according to the DOJ. Fazeli, also charged in the Northern District, is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.
An investigation into the hack—which, again, compromised a former president and a current presidential candidate and could not have used that access less ambitiously—required two weeks and help from the FBI, IRS, and Secret Service, among others, to complete. In total, the hack impacted around 130 accounts.
It’s believed the hackers responsible were able to gain access to an internal tool used by Twitter employees, which allowed the scammers to reset the email addresses associated with the affected accounts, thereby taking control of them. Twitter has already admitted that Direct Messages sent by and to these accounts were available to the hacker, as they are not encrypted, though it’s unknown if the hackers downloaded those non-public messages.
Update 4:40pm ET: Two additional individuals have been charged in the Twitter hack. We’ve updated the piece above with the additional information.