Two more individuals were charged for their roles in the high-profile Twitter hack on July 15. Mason Sheppard, a 19-year-old British citizen, and Nima Fazeli, a 22-year-old Florida resident, were charged in the Northern California District, the Department of Justice announced on the afternoon of July 31.
Sheppard, 19, is based in Bognor Regis, the U.K. He was charged with “conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer,” according to a statement released by the U.S. Attorney’s Office for the Northern District of California.
The second defendant is Fazeli, a 22-year-old from Orlando, Flordia. He was charged with “aiding and abetting the intentional access of a protected compute,” the authorities said.
Sheppard, who went by “Chaewon” online, faces a “statutory maximum penalty of 45 years of imprisonment,” while the maximum penalty for Fazeli, who used the alias “Rolex,” is five years of imprisonment, U.S. Attorney David L. Anderson for the Northern District of California said in a video announcement.
The third individual involved in the case is 17-year-old Graham Ivan Clark, and the Department of Justice has referred him to Andrew Warren, the State Attorney for the 13th Judicial District in Tampa, Florida, where the juvenile is a resident. Clark was arrested on July 31 and Warren filed 30 felony charges against him.
The hackers created “a scam Bitcoin account,” and compromised about 130 Twitter accounts, which they used to post messages that directed victims to send Bitcoins to the scam account, promising double payments in return, according to prosecutors. The three individuals reaped $117,457 in Bitcoin from 426 transfers, one of the arrest affidavits shows.
Brian C. Rabbitt, Acting Assistant Attorney General of the Justice Department’s Criminal Division accused the hackers of scamming “both the account users and others who sent money based on their fraudulent solicitations.”
Twitter said it appreciated the “swift actions of law enforcement” and promised to be transparent and provide updates about the incident.
Here’s what you need to know:
The FBI Is Looking for More People Who May Have Been Involved in the Hack
FBI San Francisco Assistant Special Agent in Charge Sanjay Virmani said the charges announced were just “first step for law enforcement.”
“Our investigation will continue to identify anyone else who may have been involved in these crimes,” he said in a statement. Anderson also called for people who have involvement with the Twitter hack to “identify” themselves and said the investigation would continue.
“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” Anderson said in a news release.
“Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it. In particular, I want to say to would-be offenders, break the law, and we will find you,” he added.
Sheppard’s affidavit shows that he also “advertised the sale of illicit access to any Twitter account” on a forum called OGUsers.com, charging $2,500 to $3,000.
The ongoing investigation suggests that “bitcoin theft and the sale of access to the accounts” were the hackers’ motive, and that the Twitter attack was not “an intelligence effort by a foreign government,” CNN reported.
The FBI said that two people had been taken into custody. Clark was arrested on July 31, and his arrest report didn’t list an attorney for him. Federal court records didn’t provide information about the attorneys for Sheppard or Fazeli either, according to AP.
All Three People Charged Are Under 22 Years Old & Fazeli’s Father Is ‘100% Sure’ His Son Is Innocent
Identities of the three individuals charged in the Twitter hacking case have been disclosed and all of them are under 22 years old. The “mastermind” of the hack, according to Hillsborough County State Attorney Andrew Warren, is Clark. He’s the youngest of the three and is only 17 years old.
Jake Williams, founder of the cybersecurity firm Rendition Infose, told AP that he was “not terribly surprised,” citing the “relative amateur nature both of the operation and the hackers’ willingness afterward to discuss the hack with reporters online.”
I think this is a great case study showing how technology democratizes the ability to commit serious criminal acts. I’m not terribly surprised that at least one of the suspects is a minor. There wasn’t a ton of development that went into this attack.
He also pointed out that the hackers were “extremely sloppy” in how they dealt with the Bitcoin they received. Investigators successfully tracked down two of the hackers after analyzing Bitcoin transactions, AP reported.
Clark will be prosecuted in Florida, where the law “allows minors to be charged as adults in financial fraud cases such as this when appropriate.” Williams told AP that Clark deserved to pay for what he did, but he was “conflicted about whether Clark should be charted as an adult.”
Despite the charges, Fazeli’s father Mohamad Fazeli said to AP that he believed his son was innocent. “I’m 100% sure my son is innocent,” he said. “He’s a very good person, very honest, very smart and loyal.”
“We are as shocked as everybody else. I’m sure this is a mix up,” Mohamad said in a phone interview with AP. He hasn’t been able to reach his son since July 30.
The Hackers Stole Employee Credentials & Hacked Into Twitter’s Internal Systems
Twitter said the hackers got into its internal systems after stealing the credentials of “a small number of employees through a phone spear phishing attack.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the tech company tweeted.
The hackers then targeted specific employees to gain access to Twitter’s account support tools, which resulted in 130 Twitter accounts being compromised, according to Twitter’s update. Twitter found the hackers “tweeting from 45 accounts, accessing the DM inbox of 36, and downloading the Twitter data of 7.”
It was likely that the hackers “talked their way past security,” according to AP.
“This was a striking reminder of how important each person on our team is in protecting our service,” Twitter said in a thread about the attack.