Twitter said bitcoin scammers who accessed dozens of high-profile accounts used "spear phishing" to trick a handful of employees into giving up their credentials to access the system

San Francisco (AFP) - Criminal charges were filed on Friday against the suspected teenage mastermind of an epic Twitter hack and two others who allegedly helped hijack celebrity accounts to swindle people out of more than $100,000 in a cryptocurrency scheme.

Prosecutors in Florida said they filed 30 felony counts against 17-year-old resident of the state identified as the “mastermind” of the cyberattack. He was arrested in Tampa, Hillsborough State Attorney Andrew Warren said.

Separately, the US Attorney’s Office in San Francisco announced charges against three people, one of them from Britain, for roles in the mid-July cyberattack that rocked Twitter.

US officials said 19-year-old Mason “Chaewon” Sheppard of Britain along with Nima Fazeli, 22, of Florida face criminal charges in the case.

Details about the third individual were not released by US officials because he is a minor, but it appeared they were referring to the Florida teenager being prosecuted as adult in that state.

The attack on Twitter involved a combination of “technical breaches and social engineering” that let hackers hijack accounts of politicians, celebrities, and musicians, according to federal prosecutors.

- Follow the money -

The mid-July hack of celebrity Twitter accounts sought to get people to send Bitcoin with a promise of doubling their money

The three defendants are accused of hacking Twitter accounts, creating a scam Bitcoin account, and sending out imposter tweets from hijacked account offering to double Bitcoin cryptocurrency deposits.

“This case serves as a great example of how following the money, international collaboration, and public-private partnerships can work to successfully take down a perceived anonymous criminal enterprise,” said criminal investigation special agent Kelly Jackson of the Internal Revenue Service.

The attack which Twitter said resulted from a “phone spear phishing” attack enabled hackers to take control of accounts of famous people such as Bill Gates, Elon Musk and former US president Barack Obama and dupe people into sending Bitcoin.

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a release.

“This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country.”

- Scamming by phone -

Hackers who accessed dozens of high-profile Twitter accounts in mid-July gained access to the system with an attack that tricked a handful of employees into giving up their credentials, according to a company update.

Twitter said this week that the July 15 incident by Bitcoin scammers stemmed from a “spear phishing” attack which deceived employees about the origin of the messages.

The hackers “targeted a small number of employees through a phone spear phishing attack,” according to a Twitter Support statement.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

Twitter said that following the incident it has “significantly limited access to our internal tools and systems” and is taking additional steps to tighten security.

The massive hack of high-profile users from Elon Musk to Joe Biden affected at least 130 accounts, with tweets posted by the usurpers duping people into sending Bitcoin to accounts that Warren said were associated with Clark.

The official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and others were also affected.

Faked tweets were sent from 45 accounts, according to Twitter, and the hackers accessed private messages of 36 and downloaded Twitter data from seven.

The incident has raised concerns about the security of the platform increasingly used for conversations on politics and public affairs.

John Dickson of the security firm Denim Group said the latest disclosure did not necessarily suggest a sophisticated attack from a nation-state and noted it may have been possible to find targets through research on LinkedIn or Google.

“This is like the original hackers from the 1980s and 1990s; they were very good at conning people and getting them to give their credentials,” Dickson said.