Teen Twitter hacker Graham Clark sentenced for bitcoin scam
The teenager honed his skills in a video game before unleashing havoc on some of the world’s biggest celebrities and most valuable companies.
The teenage mastermind behind a high-profile hack on Twitter where well-known celebrities and valuable companies were used to promote a bitcoin scam pleaded guilty and has been sentenced to three years in a Florida prison.
Graham Ivan Clark was just 17 at the time he and two accused others carried out the attack, which embarrassingly compromised the accounts of elite blue-tick verified users like Kim Kardashian, Kanye West, Elon Musk, Joe Biden and Jeff Bezos.
Notable companies like Apple and Uber were also caught up in the scam, which promised to quickly double and return any amount of money in Bitcoin sent to the hackers.
RELATED: Scams cost Aussies $20m in a month
RELATED: Thousands exposed to China’s email hack
Twitter went into damage control, going as far as briefly suspending all verified accounts from posting.
The law would soon catch up with Clark, and two other hackers accused of being involved.
When he first appeared in court back in August he pleaded not guilty to the 30 counts he was charged with during a hearing that was “Zoom-bombed” by people loudly playing pornography and rap music.
But at a court appearance on Tuesday he changed his plea, according to the Tampa Bay Times.
RELATED: China’s dark ‘warning’ to rival
RELATED: Woman dies after hospital hacked
Clark took a deal from the prosecutors that would allow him to be sentenced as a youth offender and avoid a minimum 10-year sentence.
Instead he’ll spend three years in prison and a further three years on probation.
He may also be able to spend some of the prison sentence in a military-style boot camp instead.
Hillsborough state attorney Andrew Warren said in a statement that Mr Clark needs to be held accountable to demonstrate the consequences to other potential scammers.
“In this case we’ve been able to deliver those consequences while recognising that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future,” Mr Warren added.
As part of the deal Mr Clark won’t be allowed to use a computer without permission and supervision from law enforcement.
He also has to give up the passwords for his online accounts and allow searches of his property.
Mr Clark’s lawyer said he’s turned over all the bitcoin he acquired as part of the scam, thought to be worth around $US117,000 ($A151,000).
RELATED: Brothers’ alleged $19m Amazon scam
RELATED: Concern over internet cop’s ‘new powers’
The scam sent Twitter into a spin in July last year, with speculation it could have been the work of a rogue Twitter employee or a hostile government’s intelligence agency.
A few weeks later Mr Clark and others were charged.
But Mr Clark’s online exploits started long before.
Shortly after his arrest The New York Times reported how the teen had honed his skills, beginning from the age of 10.
Several friends told the Times he started playing Minecraft as an escape from an “unhappy home life”, but soon became an adept scammer who exploited others in the game to cheat them out of their money.
RELATED: ‘Critical’: Concern over data access
RELATED: Musk sued over ‘erratic’ tweets
By 15 he was joining online hacking forums and a year later appeared to be involved in another cryptocurrency scam that he wasn’t charged for, according to the Times’ review of his social media posts and a purported extortion note sent to a victim of the scam.
It’s understood the Twitter hack exploited a technique known as “SIM swapping”, where fraudsters convince a telco to assign someone’s phone number to their SIM card by pretending to be the legitimate owner.
Taking over the phone number allows you to receive SMS messages and calls for multi-factor authentication protocols, like when you lose your password to an online account and get texted a code to get back into your account.
Mr Clark was also reportedly able to get access to Twitter’s internal communications on the Slack workplace messaging service, where he found credentials that would allow him to take control of Twitter’s internal systems that managed user accounts.