The morning of July 31, a 17-year-old based in Tampa Florida was placed under arrest by the US Secret Service, FBI, and IRS following a massive Twitter hack that compromised the accounts of numerous high-profile users.
Clark netted at least $100,000 from the scheme by using the celebrity accounts to solicit investments from unsuspecting Twitter users, state officials said. "This "Bit-Con" was created to defraud money from regular Americans from across the country and here in Florida", Warren said. "This massive fraud was orchestrated right here in our backyard, and we will not stand for that", said Andrew Warren, Hillsborough state attorney. The teenager also had two accomplices: 22-year-old Nima Fazeli from Orlando, Florida and 19-year-old Mason Sheppard from the United Kingdom. Fazeli was charged with aiding and abetting the intentional access of a protected computer. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven.
"This case serves as a great example of how following the money, worldwide collaboration, and public-private partnerships can work to successfully take down a perceived anonymous criminal enterprise", said IRS criminal investigation special agent Kelly Jackson. "But no make no mistake, this was not an ordinary 17-year-old". Spear phishing is a technique in which hackers trick victims into believing that they're someone they're not in order to gain access to personal information, in the case of the Twitter hack it was access to account management tools.
In a statement, Warren said that the FBI and the US Department of Justice had found the suspect in Hillsborough County after a "complex, nationwide investigation".
The hackers are alleged to have created a scam Bitcoin account, to have hacked into Twitter VIP accounts, to have sent solicitations from the Twitter VIP accounts with a false promise to double any Bitcoin deposits made to the scam account, and then to have stolen the Bitcoin that victims deposited into the scam account.
As part of its incident response, Twitter did briefly lock down any accounts that had attempted a password change during the past 30 days, the @TwitterSupport team tweeted. He now faces 30 state felony charges, and federal charges may also be filed.
Twitter commented on the latest case update, writing that they "appreciate the swift actions of law enforcement in this investigation".
"As a crypto-currency, Bitcoin is hard to track and recover if stolen in a scam", Mr Warren said.
Twitter said it has "significantly limited" access to internal tools and is "improving our methods for detecting and preventing inappropriate access to our internal systems".