Cops Arrest 17-Year-Old Suspect in Massive Twitter Hack

The arrest comes after hackers hijacked some of the most high profile accounts on the social network by leveraging an internal Twitter tool.
July 31, 2020, 6:50pm

Authorities have arrested a 17-year-old suspect related to a recent hack of Twitter, where hackers leveraged an internal Twitter tool to take over a slew of high profile accounts.

Local Florida outlet WFLA was first to report the arrest.

Court documents were not ready at press time as they are, per a spokesperson for the Office of the State Attorney for Florida's 13th Judicial Circuit, still being reviewed for redactions.


The specific charges included organized fraud, communications fraud, fraudulent use of personal information, and access to a computer or electronic device without authority, according to a press release from the State Attorney in Hillsborough County, Florida.

“He's a 17-year-old kid who just graduated high school, but make no mistake, this was not an ordinary 17-year-old. This was a highly sophisticated attack on a magnitude not seen before,” the State Attorney said in a video statement.

“The fact that it was just $100,000 in one day is just because it was caught pretty quickly. But keep in mind, that besides the amount of money stolen, it could could have destabilized financial markets, both in America and across the globe, because he had access to powerful politicians' accounts. He could have undermined American politics as well as international diplomacy,” the statement added.

The Department of Justice also announced charges against two other suspects in the hack. Mason Sheppard, aka “Chaewon,” 19, of Bognor Regis, in the United Kingdom, and Nima Fazeli, aka “Rolex,” 22, of Orlando, Florida.

Kelly R. Jackson, IRS Criminal Investigation Special Agent in Charge of the Washington D.C. Field Office, said in a statement, “The public was confused, and everyone wanted answers. We can now start answering those questions thanks to the work of IRS-CI cyber-crime experts and our law enforcement partners. Washington DC Field Office Cyber Crimes Unit analyzed the blockchain and de-anonymized bitcoin transactions allowing for the identification of two different hackers. This case serves as a great example of how following the money, international collaboration, and public-private partnerships can work to successfully take down a perceived anonymous criminal enterprise. Regardless of the illicit scheme, and whether the proceeds are virtual or tangible, IRS-CI will continue to follow the money and unravel complex financial transactions.”


The Florida Department of Law Enforcement said in a statement, “This arrest sends a strong message to hackers that law enforcement will aggressively pursue these cases. FDLE is proud of the quick investigative work of our agents and our partnership with the FBI on this important case. This arrest was not possible without the hard work of the State Attorney’s Office, 13th Judicial Circuit. We are thankful for their efforts on this case.”

When asked for comment, Twitter pointed to a recent tweet from the company, which said, "We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses. For our part, we are focused on being transparent and providing updates regularly."

On Thursday, Twitter said the hackers managed to gain access to internal systems via a "phone spear phishing attack."

During the hack, attackers broke into accounts belonging to President Obama, Vice President Joe Biden, Apple, Uber, and a number of cryptocurrency focused companies. For some accounts, the attackers tweeted a message encouraging people to send them Bitcoin. Twitter later announced that the hackers also viewed the direct messages of some of the hijacked accounts.

As Motherboard reported on the day of the hack, the hackers managed to leverage an internal tool used by Twitter workers in order to take control of the accounts. The hackers changed the email address associated with the target accounts to one they controlled, and then initiated a password reset to gain entry.

Sources who provided information at the time of the hack and connected to the account takeovers were part of the SIM swapping community, who often try to take over rare or valuable social media accounts.

The FBI did not immediately respond to a request for comment.