A Florida teen accused of orchestrating one of last summer's Twitter hacks – who used celebrity accounts to earn more than $ 100,000 in a cryptocurrency scam – pleaded guilty Tuesday in exchange for a three-year prison sentence.
Authorities said 18-year-old Graham Ivan Clark and two other men used social engineering and other techniques to gain access to internal Twitter systems. They then allegedly used their control to take over what Twitter referred to as 130 accounts. A small selection of account holders included President Joe Biden, Tesla Founder Elon Musk, pop star Kanye West, and philanthropist and Microsoft founder and former CEO and Chairman Bill Gates.
The defendants, prosecutors said, then induced the high profile accounts – many with millions of followers – to promote fraud that promised to double returns if people deposited bitcoins in attacker-controlled purses. The program generated more than $ 117,000. The hackers also took over accounts with short usernames, which are very popular in a criminal hacking forum community called OGusers.
According to the Tampa Bay Times, Clark agreed to plead guilty to a three-year prison term and a three-year suspended sentence. The deal enables Clark to be tried as a "juvenile offender". This status allows him to avoid a minimum 10 year sentence that he would have received if convicted as an adult.
Clark will spend time in a state prison designed for young adults, and he may be eligible to serve part of his sentence in a military-style boot camp. He also receives the mandatory minimum if he breaks the terms of his parole.
The defense agreement prohibits Clark from using computers without the permission and supervision of law enforcement agencies. He must submit to a search of his property and give the passwords to all accounts under his control.
A researcher who worked with the FBI to investigate the Twitter violation said the hack was the result of careful research that Clark and the other two hackers made of Twitter employees. They started by searching LinkedIn looking for Twitter employees who likely had access to account holder tools. The hackers then used features that LinkedIn makes available to recruiters to obtain employee cell phone numbers and other private contact information.
The attackers called the employees and used information from LinkedIn and other public sources to convince them that they were authorized Twitter employees. Work-at-home arrangements caused by the COVID-19 pandemic also prevented employees from using normal procedures such as face-to-face contact to verify the identity of callers.
"Giving back to the community"
With the trust of the target employees, the attackers redirected them to a phishing site that impersonated an internal Twitter VPN. The attackers were then given credentials when the target employees entered. To bypass the two-factor authentication protection that Twitter put in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the staff entering their information into the fake one. After the employee entered the one-time password, the attackers found themselves in.
The hackers then took over celebrity accounts and used them to push a cryptocurrency scam.
"I'm giving back to the community," a report from President Joe Biden soon tweeted. "All Bitcoin sent to the address below will be returned twice! If you send $ 1,000, I'll send back $ 2,000. Just do this for 30 minutes … have fun! "
Similar tweets came from other celebrity accounts.
Clark appeared on videoconference at the trial on Tuesday from Hillsborough County Jail, where he has been held since his arrest. 19-year-old Mason Sheppard and 22-year-old Nima Fazeli are charged with their alleged roles in Twitter breach and cryptocurrency fraud.