A Florida teen responsible for the hacks of several high-profile Twitter accounts as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence.
The 18-year-old hacker, Graham Ivan Clark, will also serve an additional three years on probation.
The development came after the U.S. Department of Justice (DoJ) charged Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex), and Clark (then a juvenile) with conspiracy to commit wire fraud and money laundering.
30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority.
Twitter suffered one of the biggest security lapses in its history last July, when the hackers managed to hijack about 130 high-profile Twitter accounts belonging to politicians, celebrities, and musicians, including that of Barack Obama, Kanye West, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Uber, and Apple.
The hack posted worded messages urging millions of followers of each profile to send money to a specific bitcoin wallet address in return for larger payback. The scheme netted about $117,000 in bitcoin before it was shut down.
On further investigation about the incident, it was revealed that Clark and the other attackers seized the accounts after stealing Twitter employees’ credentials through a successful phone spear-phishing attack, and using them to gain access to the company’s internal network and account support tools, change user account settings, and take over control.
By getting the credentials of the employees, the attackers targeted specific employees who had access to the company’s account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
Besides, the three individuals also tried to monetize this established access by selling the hijacked accounts on OGUsers, a forum infamous for peddling access to social media and other online accounts.
Hillsborough State Attorney Andrew Warren stated that even though the hacker took over the accounts of famous people, the money he stole came from regular, hard-working people.
He also added that they were able to deliver those consequences while recognizing that their goal with any child is to have them learn their lesson without destroying their future.