Graham Ivan Clark, 17, was arrested on Friday morning in Tampa
A teenager in Florida has been arrested and accused of orchestrating a massive Twitter breach earlier this month that affected dozens of high-profile users.
Graham Ivan Clark, 17, was arrested on Friday morning in Tampa after a federal investigation zeroed in on him, and faces 30 felony charges that will be prosecuted in state court.
The Hillsborough State Attorney’s Office called Clark the ‘mastermind’ of the July 15 breach, which saw famous Twitter accounts hijacked and used to plead for donations of bitcoin to a wallet controlled by the attacker.
Authorities say that the hacker behind the attack netted more than $100,000 in bitcoin through the illegal scheme.
‘This ‘Bit-Con’ was designed to steal money from regular Americans all over the country, including right here in Florida,’ said Hillsborough State Attorney Andrew Warren. ‘This massive fraud was orchestrated right here in our backyard, and we will not stand for that.’
Former US president Barack Obama, the most followed account on Twitter, was among the high-profile targets used to carry out the bitcoin scam
Although the investigation was led by the FBI and involves federal crimes, Graham will be prosecuted locally because Florida law allows minors to be charged as adults in financial fraud cases, when appropriate.
‘This defendant lives here in Tampa, he committed the crime here, and he’ll be prosecuted here,’ Warren said.
Hillsborough County Jail records show the teen was booked into jail shortly after 6.30am on Friday.
His home address is in a quiet suburb on the edge of the Northdale Golf & Tennis Club in northwest Tampa, within the school district of Gaither High School, though it was not immediately clear if Graham was a student there.
Twitter says hackers ‘manipulated’ employees to access 130 accounts
Twitter said last week that hackers ‘manipulated’ some of its employees to access accounts.
More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.
For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.
Twitter locked down affected accounts and removed the fraudulent tweets. It also shut off accounts not affected by the hack as a precaution.
Twitter says the hackers responsible for the breach fooled the social media company’s employees into giving them high-level administrative credentials using a phone scam.
The company has revealed a few more details about the hack earlier this month, which it said targeted ‘a small number of employees through a phone spear-phishing attack’.
‘This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,’ the company tweeted.
The embarrassing July 15 attack compromised the accounts of some of its most high profile users, including Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an apparent attempt to lure their followers into sending money to an anonymous bitcoin account.
After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. Dutch anti-Islam MP Geert Wilders has said his inbox was among those accessed.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
Twitter said it would provide a more detailed report later ‘given the ongoing law enforcement investigation.’
The company has previously said the incident was a ‘co-ordinated social engineering attack’ that targeted some of its employees with access to internal systems and tools.
It did not provide any more information about how the attack was carried out, but the details released so far suggest the hackers started by using the old-fashioned method of talking their way past security.
British cybersecurity analyst Graham Cluley said his guess was that a targeted Twitter employee or contractor received a message by phone asking them to call a number.
‘When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,’ Mr Clulely wrote on his blog on Friday.
It is also possible the hackers pretended to call from the company’s legitimate help line by spoofing the number, he said.
Developing story, more to come.