Three charged for hacking Twitter accounts of Barack Obama, Kanye West and Bill Gates

Dozens of celebrities and politicians targeted in $100,000 bitcoin scam

The Hillsborough County Sheriff's Office, Fla., released the photo Graham Ivan Clark, 17, after his arrest Friday, July 31, 2020. Clark is accused of hacking Twitter, gaining access to the account of Bill Gates, Elon Musk and many others. Clark was able to scam people around the glove of more than $100,000 in Bitcoin. (Hillsborough County Sheriff's Office via AP)
Powered by automated translation

Three men have been charged after hacking Twitter accounts of celebrities and politicians in a $100,000 bitcoin scam.

In one of the most high-profile security breaches in recent years, hackers sent out bogus tweets on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.

Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

On Friday, British teenager Mason Sheppard, 19, of Bognor Regis, Wales, was charged along with Graham Ivan Clark, 17, from Tampa, and Nima Fazeli, 22, of Orlando, were charged in the California federal court.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” US Attorney David Anderson, for the Northern District of California, said in a news release.

“Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived."

Although the case against Mr Clark was also investigated by the FBI and the US Department of Justice, Hillsborough State Attorney Andrew Warren explained that his office is prosecuting him in Florida state court because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate.

“This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,” Mr Warren said.

Twitter previously said hackers used phones to fool the social media company's employees into giving them access.

It said hackers targeted “a small number of employees through a phone spear-phishing attack.”

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

After stealing employee credentials and getting into Twitter's systems, the hackers were able to target other employees who had access to account support tools, the company said.

The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. 

Internal Revenue Service investigators in Washington, were able to identify two of the hackers by analysing bitcoin transactions on the blockchain — the ledger where transactions are recorded — including ones the hackers attempted to keep anonymous, federal prosecutors said.

Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.

Twitter said it would provide a more detailed report later “given the ongoing law enforcement investigation.”

The company has previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal systems and tools.

It did not provide any more information about how the attack was carried out, but the details released so far suggest the hackers started by using the old-fashioned method of talking their way past security.