Florida teen Graham Ivan Clark, 18, is weighing a plea deal in the Twitter hack case
Graham Ivan Clark has been held in a Tampa jail in lieu of a $750,000 bail since his arrest in July, and turned 18 behind bars. He faces 30 felony charges that are being prosecuted in state court.
At a hearing on Wednesday, Clark’s attorney David Weisbrod said he would need time to determine whether to accept a plea deal offered by prosecutors, but did not reveal the terms of the proposed deal, according to the Tampa Bay Times.
In Florida, defendants under the age of 21 may qualify for youthful offender status. Clark was charged in state court because the state law also allows minors to be prosecuted for financial crimes more easily than in the federal system.
Clark was not present for the pre-trial hearing this week, which took place by video conference. The next hearing in his case is set for March 16.
The scheme commandeered Twitter accounts of prominent politicians, celebrities and technology moguls and scammed people around the globe out of more than $180,000
The Florida teen is accused of conspiring with Nima Fazeli, 22, of Orlando, Florida, and Mason Sheppard, 19, of Bognor Regis, UK, were also charged for their alleged roles in the hack in California federal court.
The July 15 breach, the biggest in Twitter history, compromised the accounts of celebrities including President Joe Biden, former President Barack Obama, Elon Musk, Kanye West, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Floyd Mayweather and Kim Kardashian.
Messages were posted from the famous accounts telling followers to send Bitcoin payments to email addresses, swindling more than $180,000 out of unsuspecting victims in the process.
Prosecutors say that Clark gained access to Twitter accounts and to the internal controls of Twitter by compromising a Twitter employee, and then used Fazeli and Sheppard as his minions to sell access to accounts.
Court papers suggest Fazeli and Sheppard only got involved in the scheme on a hacking chatroom after Clark dangled the possibility of taking over Twitter handles of short names such as @anxious and @foreign.
From there, that scam appears to have evolved into the full-scale hijacking of high-profile accounts.
Mason Sheppard, 19, of Bognor Regis, UK, (pictured) and Nima Fazeli, 22, of Orlando, Florida, were also charged in relation to the hack in California federal court last week
Chat logs obtained by investigators show ‘Kirk’ and ‘Rolex’ discussing the plan
How the hacker’s ‘sloppy’ work covering their tracks made them easy to track
The FBI were able to track down three hackers who pulled off the largest Twitter breach in history because they were ‘extremely sloppy’ with how they moved their Bitcoin transactions around.
Authorities were able to obtain data about the Bitcoin addresses involved in the hack by analyzing blockchain – a ledger that records cryptocurrency transactions.
They then traced the addresses to Coinbase – a digital currency exchange that stores Bitcoin.
Both Fazeli and Sheppard had registered and verified their Coinbase accounts with their real driver’s licences, according to ZNET.
Fazeli also used his home IP address, meaning investigators were able to easily trace his location.
Furthermore, the alleged hackers did not move around the Bitcoin funds they received in a bid to throw detectives off the trail. Such an act is known as ‘tumbling’, and is the digital equivalent of money laundering.
Cybersecurity expert Jake Williams told The Associated Press that their efforts were ‘sloppy’.
Twitter has officially stated that the hacker – purported to be Clark- gained access to a company dashboard that manages accounts on July 15.
He did this by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees to break in to the internal systems.
From there, the hackers targeted 130 accounts. They managed to tweet their bogus tweet from 45 prolific accounts.
They also accessed the direct message inboxes of 36 others, and download the Twitter data from seven separate accounts.
A hacker who identified himself as ‘Kirk’, believed to be Clark, claimed to be a Twitter employee and said he could ‘reset, swap and control any Twitter account at will’ in exchange for cybercurrency payments, according to the papers.
The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.
Twitter has said the hacker gained access to a company dashboard that manages user accounts by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees ‘to gain access to our internal systems.’
Spear-phishing uses email or other messaging to deceive people into sharing access credentials.
The hack is said to have begun with a message on Discord, a chat platform used by gamers, from user Kirk#5270, who wrote: ‘I work for Twitter. I can claim any name, let me know if you’re trying to work.’
Another user, who went by the names of Ever so anxious#0001 and Chaewon, then lined up buyers for Twitter handles including an offer of $5,000 for the handle @xx.
A third, Rolex#0373, then joined in, offering sought-after account names for $2,500 upwards.
Fazeli is thought to be Rolex, Sheppard is Chaewon.
A total of 130 accounts were targeted in what marked one of the most high-profile security breaches in recent years.
Bogus tweets were sent from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.
Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
The fraudulent posts managed to draw in more than $180,000 worth of Bitcoin before Twitter shut it down by deleting the posts and shutting off access for broad swaths of users.
Twitter confirmed that 130 accounts were breached, including 45 where passwords and logins were reset and tweets sent.
Personal data was also downloaded from eight unverified accounts.
A report in October from the New York Department of Financial Services slammed Twitter for security lapses that allowed teenagers to breach the service in a relatively ‘simple’ attack.
‘That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,’ said Linda Lacewell, the financial services superintendent.
Twitter has acknowledged that some employees were duped into sharing account credentials prior to the hack.