Authorities have charged three men in a major Twitter breach this month that hacked the accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $100,000 in bitcoin.
The suspects include a 19-year-old British man from Bognor Regis, a 22-year old man from Orlando, Florida, and a teenager from Tampa, Florida.
The 17-year-old boy was arrested Friday in Tampa, authorities said. He faces 30 felony charges, according to a news release.
Two others were arrested on Friday on charges relating to the hack. Another accomplice, 22-year-old Nima Fazeli, was charged with aiding and abetting the intentional access of a protected computer.
A third suspect, a 19-year-old named Mason Sheppard who went by the moniker “Chaewon” online, was arrested in the United Kingdom and charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer.
On 15 July, hackers took control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.
The compromised accounts, which have tens of millions of followers, sent a series of tweets proposing a classic bitcoin scam: followers were told that if they transferred cryptocurrency to a specific bitcoin wallet, they would receive double the money in return.
The hack unfolded over the course of several hours, and in the course of halting it, Twitter stopped all verified accounts from tweeting at all – an unprecedented measure.
Twitter said on Thursday the hackers used a phone “spear-phishing” attack to target Twitter employees. After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
The hackers targeted 130 accounts and managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. The Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.