Teenage 'mastermind' involved in celebrity Twitter hack to serve three-year sentence
By Rachel Lerman
San Francisco - A Florida teenager who was involved in the high-profile and massive hack of Twitter last year has reached a plea deal with prosecutors and will serve three years in a juvenile facility, followed by three years of probation.
Graham Ivan Clark, now 18, was the "mastermind" of the so-called "Bit-Con" hack, authorities said, and one of three charged in the immediate aftermath of the incident. He pleaded guilty to all charges according to the Office of the State Attorney 13th Judicial Circuit in Tampa. Charges included organized fraud, communications fraud and fraudulent use of personal information.
The massive security breach targeted accounts with huge followings, including those belonging to Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, then-presidential candidate Joe Biden, former president Barack Obama and others. Hackers posted tweets instructing people to send cryptocurrency to the same bitcoin address, saying they would get their money back.
People sent the equivalent of $117,440 to the account.
"He took over the accounts of famous people, but the money he stole came from regular, hard-working people," Hillsborough State Attorney Andrew Warren said in a statement.
Twitter played Whac-A-Mole with the tweets throughout the day on July 15, removing them after they popped up. But it wasn't until later that night that Twitter seemed to mostly regain control, after shutting down all verified accounts for more than two hours. The next day, as federal investigations started to heat up, some people still were not able to access their accounts. Twitter said at the time it had locked down any accounts that tried to change their passwords in the past 30 days "out of an abundance of caution."
The scale and longevity of the hack showed just how vulnerable even sophisticated technologies can be to security breaches. Last summer, cybersecurity expert Rachel Tobac said it was "extremely lucky" that the attackers were trying to get money and not cause mass chaos.
The attack was orchestrated through a phone spearphishing scheme, Twitter said last year. Hackers called employees, and tricked them into giving the attackers access to some internal Twitter tools, which eventually led them to take over account support controls.
In the aftermath, Twitter said it had "significantly limited access" to the internal control tools and was improving the way it detects breaches.
Clark, who was 17 when the hack occurred, is expected to remain under supervision during probation until he is 23 years old. Authorities seized the money he collected during the hack and said it is expected to be returned to people who sent it.
The Washington Post