WASHINGTON • A 17-year-old Florida boy masterminded the hacking of celebrity accounts on Twitter, including those of Democratic presidential candidate Joe Biden and Tesla chief executive Elon Musk, officials have said.
A 19-year-old British man and a 22-year-old man in Orlando, Florida, were also charged under US federal law with aiding the attack, the Justice Department said on Friday.
A Florida prosecutor identified the 17-year-old as Graham Clark of Tampa and charged him as an adult with 30 felony counts of fraud.
Clark netted at least US$100,000 (S$137,500) from the scheme by using the celebrity accounts to solicit investments from unsuspecting Twitter users, state officials said.
"He's a 17-year-old kid who just graduated from high school," said Florida state attorney Andrew Warren in Hillsborough County, which includes Tampa.
"But make no mistake: This was not an ordinary 17-year-old."
Mason Sheppard, the 19-year-old from Bogner Regis, Britain, who used the alias Chaewon, was charged with wire fraud and money laundering, while Nima Fazeli, the 22-year-old based in Orlando and nicknamed Rolex, was accused of aiding and abetting the crimes, according to a Justice Department statement.
Twitter said it appreciated the "swift actions of law enforcement".
Clark and one of the other participants were in custody, officials said.
In the hack, fraudulent tweets soliciting investments in digital currency bitcoin were posted in the middle of last month by 45 verified Twitter accounts, including those belonging to Mr Biden, former US president Barack Obama and billionaire Bill Gates.
Twitter said the hackers also likely read some direct messages, including to a Dutch elected official.
Over US$100,000 was obtained, the bitcoin public ledger showed.
Twitter has previously said that its employees were duped into sharing account credentials.
The authorities provided new details on Friday in an affidavit alleging that Clark "used social engineering to convince a Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal".
StopSIMCrime founder Robert Ross, whose group tries to combat a popular hacking technique, said the case showed the prowess of adolescent amateurs at defeating corporate security.
"Groups of teens/youngsters are doing this en masse," he said in an e-mail. "It's really a national security risk."
REUTERS