(Adds details from affidavit)
By Raphael Satter, Katie Paul and Elizabeth Culliford
July 31 (Reuters) - A 17-year-old Florida boy masterminded
the hacking of celebrity accounts on Twitter Inc,
including those of Democratic presidential candidate Joe Biden
and Tesla Chief Executive Elon Musk, officials said on Friday.
A 19-year-old British man and a 22-year-old man in Orlando,
Florida were also charged under U.S. federal law with aiding the
attack, the Justice Department said.
Florida's State Attorney identified the 17-year-old as
Graham Clark of Tampa and charged him as an adult with 30 felony
counts of fraud. Clark netted at least $100,000 from the scheme
by using the celebrity accounts to solicit investments from
unsuspecting Twitter users, state officials said.
"He's a 17-year-old kid who just graduated from high
school," said Florida State Attorney Andrew Warren in
Hillsborough County, which includes Tampa, "But make no mistake:
This was not an ordinary 17-year-old."
Mason Sheppard, a 19-year-old from Bogner Regis, Britain who
used the alias Chaewon, was charged with wire fraud and money
laundering while Orlando-based Nima Fazeli, 22, nicknamed Rolex,
was accused of aiding and abetting the crimes, according to a
Justice Department statement.
Twitter said it appreciated the "swift actions of law
enforcement."
Clark and one of the other participants were in custody,
officials said.
In the hack, fraudulent tweets soliciting investments in the
digital currency bitcoin were posted in mid-July by 45 verified
Twitter accounts, including those belonging to Biden, former
President Barack Obama and billionaire Bill Gates. Twitter said
the hackers also likely read some direct messages including to a
Dutch elected official.
More than $100,000 was obtained, bitcoin's public ledger
showed.
Twitter has previously said its employees were duped into
sharing account credentials.
Authorities provided new details Friday in an affidavit
alleging that Clark "used social engineering to convince a
Twitter employee that he was a co-worker in the IT department
and had the employee provide credentials to access the customer
service portal."
Sheppard and Fazeli did not return emails seeking comment.
An attorney for Clark could not be immediately identified.
Phone calls and an email to Clark's mother were not immediately
returned.
Warren said the state rather than the federal government was
prosecuting Clark because Florida law enabled him to be charged
as an adult.
StopSIMCrime founder Robert Ross, whose group tries to
combat a popular hacking technique, said the case showed the
prowess of adolescent amateurs at defeating corporate security.
"Groups of teens/youngsters are doing this en masse," he
said by email. "It's really a national security risk."
(Reporting by Akanksha Rana in Bengaluru, Raphael Satter in
Washington, D.C., Katie Paul in San Francisco and Elizabeth
Culliford in Birmingham, England; Editing by Cynthia Osterman
and Daniel Wallis)