Florida teenager, two others arrested over major Twitter hack

A Florida teenager and two others have been arrested for allegedly being behind a major Twitter hack earlier this month that resulted in several prominent accounts posting messages for a bitcoin scam.

The Department of Justice announced that U.K. resident Mason Shepard, 19, and Orlando resident Nima Fazeli, 22, who go by the hacking aliases "Chaewon" and "Rolex" respectively, were charged with helping carry out the hack. A third person, a 17-year-old who lives in Tampa, has also been charged.

The 17-year-old is facing 30 felony charges including organized fraud, communications fraud, identity theft and hacking, carrying potential penalties of more than $100,000. Those charges have been filed by Hillsborough State Attorney Andrew Warren in Florida, who described the teenager as the "mastermind" of the hack.


Shepard and Fazeli, meanwhile, have been charged in federal court in California. Shepard was charged with computer intrusion, wire fraud conspiracy and money laundering conspiracy, with the most serious charge bringing 20 years in prison and a $250,000 fine. Fazeli was charged with one count of computer intrusion, which carries a max sentence of five years and a $250,000 fine.

The hack, which took place July 15, affected a number of prominent Twitter accounts, including those of former President Obama, former Vice President Joe BidenJoe BidenHouse Democrats pass sweeping .9T COVID-19 relief bill with minimum wage hike Biden to hold virtual bilateral meeting with Mexican president More than 300 charged in connection to Capitol riot MORE, Microsoft co-founder Bill Gates and Tesla CEO Elon MuskElon Reeve MuskThe cold truth on energy The Hill's Morning Report - Presented by The AIDS Institute - Senate ref axes minimum wage, House votes today on relief bill Tesla temporarily halting some production in California: report MORE, among others.

Authorities say the defendants were able to reap more than $100,000 in bitcoin by posting messages on the hacked accounts asking followers to send funds.

Twitter later said that the hackers obtained employee credentials, allowing them to target 130 accounts, tweeting from 45, accessing direct message inboxes of 36 and downloading data from seven. Twitter temporarily prevented verified accounts from tweeting on the day of the incident, and announced an immediate investigation into what occurred.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David Anderson said in a statement Friday. “Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it.”


“In particular, I want to say to would-be offenders, break the law, and we will find you,” Anderson said.

The FBI announced earlier this month that it was launching an investigation into the hack. Special Agent in Charge John Bennett on Friday highlighted the unusual speed of the charges being brought against the defendants.

“While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks,” Bennett said. “Regardless of how long it takes us to identify hackers, we will follow the evidence to where it leads us and ultimately hold those responsible for cyber intrusions accountable for their actions. Cyber criminals will not find sanctuary behind their keyboards.”

The state attorney told local NBC affiliate WFLA that the 17-year-old in Florida was arrested by federal authorities on Friday and turned over to state officials, who have filed charges against him.

“Working together, we will hold this defendant accountable,” Warren said in a statement. “Scamming people out of their hard-earned money is always wrong. Whether you’re taking advantage of someone in person or on the internet, trying to steal their cash or their cryptocurrency—it’s fraud, it’s illegal, and you won’t get away with it.” 


The Internal Revenue Service and the Secret Service were also involved in the investigation into the hack.

Twitter has posted consistent updates on its investigation into the hacking incident, tweeting Thursday night that the hackers gained access to the accounts through a mobile phone spear phishing attack. This attack allowed the individuals to obtain the credentials of Twitter employees with access to the compromised accounts.

Twitter said it had “significantly limited access to internal tools and systems” as it continued to make improvements stemming from the hacking incident.

“This was a striking reminder of how important each person on our team is in protecting our service,” the company tweeted. “We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

"We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses," Twitter said in a statement Friday.

Updated: 4:58 p.m.