Authorities have charged three people who were allegedly behind with the recent high-profile Twitter hack – including a 17-year-old Tampa, Florida teen that they also arrested and say is the “mastermind” behind the attack.
Hillsborough State Attorney Andrew Warren said on Friday that Florida law enforcement (along with the FBI, IRS and US Secret Service) have arrested and charged the teen with over 30 felony counts. The Department of Justice (DoJ) announced the arrest of two others in connection to the hack.
That includes Mason Sheppard (who goes under the alias “Chaewon”) 19, of Bognor Regis, in the United Kingdom, charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer; and Nima Fazeli (who goes under the alias “Rolex”) 22, of Orlando, Florida, charged by federal authorities with aiding and abetting the intentional access of a protected computer.
The three are allegedly behind the high-profile July 15 Twitter hack that compromised 130 accounts of high-profile users such as Bill Gates, Elon Musk, Apple and Uber – to promote a bogus advance-fee cryptocurrency deal. Warren said the teen was linked to the scheme posting messages in the names of high-profile accounts and directing victims to send Bitcoin to accounts that were associated with him. According to the state attorney, the attackers behind the hack received more than 400 transfers, earning them more than $100,000 in Bitcoin in just one day.
“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here. This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that,” State Attorney Warren said in a statement.
Charges against the teen [PDF] include one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to computer or electronic device without authority (scheme to defraud).
In an update late Thursday on the situation Twitter said that a mobile spearphishing attack targeting “a small number of employees” is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam.
“We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” said Twitter in a Friday post. “For our part, we are focused on being transparent and providing updates regularly.”
We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly.
For the latest, see here 👇 https://t.co/kHty8TXaly
— Twitter Comms (@TwitterComms) July 31, 2020
According to Warren, the FBI and Department of Justice will continue to partner with the Hillsborough State Attorney office throughout the prosecution.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” said U.S. Attorney David L. Anderson for the Northern District of California. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you.”
Complimentary Threatpost Webinar: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar “Cloud Security Audit: A Confidential Computing Roundtable” brings top cloud-security experts together to explore how Confidential Computing is a game changer for securing dynamic cloud data and preventing IP exposure. Join us Wednesday Aug. 12 at 2pm ET for this FREE live webinar.