According to prosecutors a seventeen- year old teenager from Florida convinced a Twitter employee that he was a co-worker. That was the key step in the teen getting access to a host of Twitter users including Barack Obama, Donald Trump Jr., Kanye West, and Elon Musk.
Several months ago, Graham Ivan Clark escalated his online activity from taking over and selling accounts to penetrating Twitter’s internal systems.
“This is not quite Matthew Broderick in ‘War Games’ but there’s an element of hacking combined with social engineering,” said Andrew Warren the state attorney in Hillsborough County, Florida.
Clark then seized control of a phone number through a technique called SIM-swapping and set up fake phishing pages, including a page that resembled the company’s Okta login portal Warren shares.
“This situation did not involve a compromise of Okta’s services,” Okta said in a statement.
On Monday, Clark pleaded not guilty according to his attorney David Weisbrod.
Back in March, Twitter ordered all of its employees to work from home, which created the ideal environment for the type of hacking attacks Clark specialized in.
A spokesperson for Twitter said that the company “hadn’t relaxed its security controls during the coronavirus emergency.”
Once Clark was inside Twitter, he allegedly gained the ability to bypass the company’s security protections. Getting past security set the stage for his hours-long hack back on July 15. For hours Clark held hostage the main communication tool for some of the world’s most powerful people.
Clark has been charged with compromising more than 100 social media accounts as well as scamming both the Twitter account holders and the approximately 400 people from whom he allegedly received the money in a scam.
Two other individuals have also been charged in connection to the hacking-Mason Sheppard, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, Florida. Sheppard was 19 when he was officially charged.
Clark allowed some of his associates to sell access to Twitter accounts, including 17 from famous individuals as well as companies in order to promote a bitcoin scam that earned about $117,000.
“Since the attack, we’ve significantly limited access to our internal tools and systems,” Twitter said in a blog post last week.
In an unrelated investigation, Clark’s home was searched by authorities last August. Officials seized his computers and froze approximately 300 bitcoin or $3.4 million in digital currency. Clark paid 100 bitcoin to authorities to resolve the issue and did not make an admission of guilt.
Sheppard faces up to 45 years in federal prison if convicted on fraud and hacking charges. Fazeli faces up to five years in prison if convicted. Clark faces 30 felony counts and if found guilty could spend his entire adult life behind bars.