A Florida teenager accused of putting together one of last year’s Twitter hacks, the one in which celebrity accounts were used to earn more than $ 100,000 in a scam cryptocurrency, pleaded guilty Tuesday in exchange for a three-year sentence.
Graham Ivan Clark, (now) 18, and two other men used social engineering and other techniques to gain access to internal Twitter systems.
They then used their control to take possession of at least 130 hacked accounts: then-presidential candidate Joe Biden, Tesla founder Elon Musk, pop star Kanye West, and philanthropist and Microsoft founder and former CEO and chairman Bill. Gates, were one of the most relevant figures.
Prosecutors alleged that the defendants caused high-profile accounts, many with millions of followers, to promote scams that promised to double returns if people deposited bitcoins in wallets controlled by attackers.
The scheme generated more than $ 117,000, and cybercriminals also took over accounts with short usernames, which are highly sought after in a circle of forums. criminal hacking calling itself OGusers.
Unauthorized access: this is how they entered someone else’s accounts. IStock photo
According to the Tampa Bay Times, Clark agreed to plead guilty in exchange for a three-year prison sentence followed by three years of probation. The settlement allows Clark to be sentenced as “juvenile delinquent”, a status that allows you to avoid a minimum 10-year sentence that you would have received had you been convicted as an adult.
Clark will serve a sentence in a state prison designated for young adults, and may be a candidate to serve part of his sentence in a military-style training ground. You will also receive the mandatory minimum if you violate the terms of your probation.
The plea agreement prohibits Clark from using computers without the permission and supervision of the police. You will have to submit to property searches and give up the passwords for the accounts you control.
Biden was also hacked. Photo DPA
A specialist who worked with the FBI to investigate the Twitter breach said the attack was the result of a thorough investigation by Clark and the other two attackers on Twitter employees. They started by looking on LinkedIn for Twitter employees who likely had access to account holder tools.
. The cybercriminals then used features made available to job recruiters by the workplace social network to obtain employee cell phone numbers and other private contact information.
The attackers called employees and used information obtained from LinkedIn and other public sources. to convince them that they were authorized Twitter personnel.
Work-at-home arrangements caused by the COVID-19 pandemic also prevented employees from using normal procedures such as face-to-face contact to verify the identities of callers.
Musk, one of the hacked accounts. Twitter photo
Trusted by Twitter employees, the attackers directed them to a phishing page that mimicked a VPN internal Twitter. The attackers then obtained the credentials when employees entered them.
To bypass Twitter’s two-factor authentication protections, attackers entered credentials on the real Twitter VPN portal within seconds after employees entered their information on the fake. Once the employee entered the one-time password, the attackers entered.
Then hackers took over celebrity accounts and used them to power a cryptocurrency scam.
The attack was significant and raised hundreds of thousands. AFP photo
“I’m giving back to the community,” an account of President Joe Biden soon tweeted. “All bitcoins sent to the following address will be returned duplicates! If you send $ 1,000, I will return you $ 2,000. Just doing this for 30 minutes … Enjoy! “Clark attended the courtroom videoconference trial Tuesday from the Hillsborough County Jail, where he has been detained since his arrest.
Mason Sheppard, 19, and Nima Fazeli, 22, face federal charges for their alleged role in the Twitter hack and cryptocurrency scam.
#teenager #hacked #Twitter #raised #pleaded #guilty #give #3year #sentence