Nima Fazeli is a resident of Orlando, Florida, United States. He was one of the four people behind the biggest security and privacy breach in Twitter’s history that happened in July 2020.
Graham Ivan Clark, a high school graduate born in Tampa, Florida, United States on January 9, 2003, was the mastermind of the Twitter hack. There were almost 130 accounts including high-profile verified accounts such as those of Barack Obama, Benjamin Netanyahu, Bill Gates, Elon Musk, Floyd Mayweather, Jeff Bezos, Joe Biden, Kanye West, Kim Kardashian West, Michael Bloomberg, Wiz Khalifa and Warren Buffet, cryptocurrency exchanges AngeloBTC, Binance, Bitfinex, Coinbase, Gemini and Kucoin and companies Apple and Uber.
The hacked accounts tweeted about “giving back to the community” and doubling any Bitcoin users sent to them. It netted the cryptocurrency worth more than $180,000, The New York Times estimated.
Aside from Clark and Fazeli, Mason John Sheppard, a resident of Bognor Regis, West Sussex, England, United Kingdom born in 2001, also participated in the cyberattack. He used Rolex#0373, Rolex#373 and Nim F his aliases while Clark and Sheppard’s respective aliases were Kirk#5270 and ever so anxious#0001.
U.S. Magistrate Judge Alex G. Tse authorized a search warrant, which federal agents executed on July 21, 2020 at a residence in the Northern District of California, USA. A juvenile, one of the occupants of the home, admitted to working with Sheppard to illegally sell Twitter account access.
According to the authorities, the Twitter hack may have started on May 3, 2020 and ended on July 16, 2020. Here are 13 more facts about Fazeli:
- He was born in 1998. He is the son of Mohamad Fazeli who described him as “a very good person, very honest, very smart and loyal” in an interview with Associate Press.
- On June 24, 2017, he created a Coinbase account named Nima FAZELI, which he registered to the email address email@example.com. This account had approximately 1,900 transactions totaling approximately 21.46 bitcoin or approximately $237,551 as of July 30, 2020. Both of this Coinbase account and his Discord profile named Rolex#0373 were accessed from the IP addresses 22.214.171.124 and 126.96.36.199 from January 20, 2020 to July 17, 2020.
- On December 23, 2017, he used the email address firstname.lastname@example.org to create another Coinbase account named Nim F, which was later closed. He has another account in the cryptocurrency exchange registered to the email address email@example.com.
- Using firstname.lastname@example.org, he registered on the OGUsers forum with a profile named Rolex. He accessed the account from IP address 188.8.131.52, which resolves to Florida. On several occasions in the forum, he advertised the sale of various social media accounts and a currency exchange service claiming to be able to convert Bitcoin to the Paypal online payments service and various cyptocurrencies.
- On October 30, 2018, as Nim F, he sent approximately $20 to the Bitcoin address 1PkwTmn3Eo48oLqE9w4MFckDQmgzq69u1f, which was provided by an individual on the OGUsers forum.
- On multiple occasions in 2018, he provided the email address email@example.com as a method of sending him PayPal payments to multiple OGUsers forum users.
- Between October 11, 2019, and March 17, 2020, he used the bitcoin address 3Aieac9YpxmWkWmRcQNUSMjDSswYxnHZps, which was assigned to his Coinbase account Nima FAZELI, to receive payments from other OGUsers accountholders and conduct money exchanges with them.
- On March 30, 2020, he confirmed to another individual on OGUsers that he was Rolex#0373.
- On July 15, 2020, as Rolex#0373, he received a Discord message from Kirk#5270 who claimed to be working for Twitter and able to claim any handle on the microblogging site for him. He asked Kirk#5270 to prove it and provided the handle @viennacat921 and the latter replied with a screenshot of an internal Twitter panel for it with the associated email and phone number for the account.
- As Rolex#0373, he offered to serve as a proxy for Kirk#5270 and advertise on various internet forums. He told Clark that he could also proxy sell requests for the latter on forums.
- Clark provided him access to the Twitter handle @foreign in exchange for $500. When Clark asked him for his email address to reset the Twitter account associated with that handle, he provided the email firstname.lastname@example.org.
- He and Clark agreed on $1,000 per account at a minimum for non-original Twitter handles names and $2,500 minimum for original names, which are considered status symbols and are desirable handles.
- In a criminal complaint in the Northern District of California, he was charged with aiding and abetting the intentional access of a protected computer. His case is being prosecuted in a federal court in California.