Prosecutors in Florida on Friday said they have filed a slew of criminal charges against a 17-year-old accused of masterminding the massive hack of high-profile Twitter users in mid-July. He is facing 30 felony charges.
Mason "Chaewon" Sheppard, a 19-year-old from Bognor Regis, U.K., also was charged in California with conspiracy to commit wire fraud, money laundering and unauthorized access to a computer.
On July 15, Twitter faced the biggest security lapse in its history after an attacker managed to hijack almost 130 high-profile twitter accounts, including Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple. Entertainers Kanye West and his wife, Kim Kardashian West, were also hacked. The hacker asked followers to send Bitcoin, which will be doubled and returned to the same address.
"There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without outcome", said US Attorney Anderson. "Today's charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. This "Bit-Con" was created to defraud money from regular Americans from across the country and here in Florida", Hillsborough County State Attorney Andrew Warren said at a press conference on Friday.
The documents do not specify Kirk's real identity but say he is a teen being prosecuted in the Tampa area. The social media company said the attackers then used the access to target 130 accounts, sent Tweets from 45, accessed direct messages from 36, and downloaded data from seven others.
By targeting specific Twitter employees, the perpetrators were able to gain access to internal Twitter tools.
According to Twitter's internal investigations, Twitter employees were targeted in a "phone spear phishing attack", which suggests hackers called some of its staff and tricked them into thinking they were speaking with fellow Twitter employees.
The defendants were allegedly part of an underground subculture of hackers - known as "OGUsers" - who are dedicated to stealing, buying and selling online accounts with desirable usernames. Due to the severity of Clark's actions and his marginal adolescence, the prosecutors chose to charge him as an adult, so we may get to see a very harsh punishment towards the young hacker.
Twitter said it would provide a more detailed report later "given the ongoing law enforcement investigation".
"This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe; because he had access to powerful politicians' Twitter accounts, he could have undermined politics as well as global diplomacy", Warren said.
The attack - thought to be the largest and most coordinated in Twitter's history - has exposed vulnerabilities on the platform, which is a major communications channel for news outlets, companies, celebrities and politicians including President Donald Trump.