Twitter Hack Mastermind

Graham Ivan Clark, 17, of Tampa, was arrested on 30 felony charges. Authorities say he was the “mastermind” of a July 15 Twitter hack scheme which gave him and two others access to the high-profile accounts of Bill Gates, Barack Obama, and many other celebrities with millions of followers.

One by one, the celebrity Twitter accounts posted the same strange message: “Send Bitcoin and they would send back double your money”.

Elon Musk, Kanye West, Joseph R. Biden, Jr. Jeff Bezos, Mike Bloomberg, Warren Buffet, Floyd Mayweather, Kim Kardashian, Apple, Uber and other companies. They, and dozens of others, were being hacked, and Twitter appeared powerless to stop it.

It turns out the “mastermind” of one of the most high-profile hacks in recent years was a 17-year-old recent high school graduate from Florida, the authorities said on Friday.

The “mastermind” of one of the most High-Profile Hacks

Graham Ivan Clark was arrested in his Tampa apartment, where he lived by himself, early Friday, state officials said. He faces 30 felony charges in the hack, including fraud, and is being charged as an adult.

Mason John Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Fla., were accused of helping Clark during the takeover.

Prosecutors said the two appeared to have aided the central figure in the attack, who went by the name Kirk. Documents released on Friday do not provide the real identity of Kirk, but they suggest that it was Mr Clark.

“Clark was skilled enough to go unnoticed inside Twitter’s network”, said Andrew Warren, the Florida state attorney handling the case. “This was not an ordinary 17-year-old”.

Clark convinced one of the company’s employees that he was a co-worker in the technology department who needed the employee’s credentials to access the customer service portal, a criminal affidavit from Florida said.

By the time the hackers were done, they had broken into 130 accounts and raised significant new questions about Twitter’s security. Despite the hackers’ cleverness, their plan quickly fell apart, according to court documents.

They left hints about their real identities and scrambled to hide the money they’d made once the hack became public. Their mistakes allowed law enforcement to quickly track them down.

Twitter users were confused on July 15 when accounts belonging to several celebrities, political figures and well-known corporations began tweeting strange messages.

“I am giving back to the community,” tweeted the account belonging to President Joe Biden. “All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes … Enjoy!”

Authorities said the scam netted about $117,000 in Bitcoin before it was shut down.

Clark and two others Charged in the State Court

The agreement allowed Clark, now 18, to be sentenced as a “youthful offender,” avoiding a minimum 10-year sentence that would have followed if he’d been convicted as an adult. The mandatory minimum will only apply if Clark violates his probation.

He will serve time in a state prison designated for young adults. He may be eligible to serve some of his time in a military-style boot camp.

“In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”, said Andrew Warren.

Clark appeared in a virtual court hearing Tuesday afternoon from the Hillsborough County jail, where he has been confined since his arrest. His voice was a monotone as he answered a series of standard questions from Judge Christine Marlewski, acknowledging that he understood his guilty plea and that he was giving up his right to a trial.

Provisions of the plea agreement require that Clark will be barred from using computers without permission and supervision from law enforcement. He will have to submit to searches of his property and give up the passwords to any accounts he controls.

His defense attorney, David Weisbrod, confirmed that Clark had turned over all the cryptocurrency he had acquired.

Prosecutors charged Clark in state court, they said, because state law allowed greater flexibility to try a minor as an adult in a financial fraud case.  Two others were also charged with federal crimes related to the scheme.

In a statement, Twitter thanked law enforcement for its “swift actions” and said it would continue to cooperate with the investigation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Twitter Hack – Three Men Charged Including 17-Yr Old “MasterMind”

Twitter Hacked – Hackers Exploited Twitter Vulnerability To Match Usernames to Phone Number using Fake Accounts

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.