Teen Who Hacked Twitter to Within an Inch of Its Life Sentenced to Three Years in Prison

Image for article titled Teen Who Hacked Twitter to Within an Inch of Its Life Sentenced to Three Years in Prison
Photo: Dan Kitwood / Staff (Getty Images)

Graham Ivan Clark — the teenager who masterminded a sprawling Twitter attack last summer that involved hacking the accounts of dozens of high profile users to promote a bitcoin scam — plead guilty in a Florida court on Tuesday.

Advertisement

According to the Tampa Bay Times, Clark, who was just 17 years old when he pulled off the hack, was sentenced to three years in prison as part of a plea deal, which will be followed by an additional three years of probation. As part of his punishment, Clark will also be banned from using computers without express permission and the direct supervision of law enforcement.

Since his arrest in July 2020, Clark has been credited with 229 days of time served, and his plea deal also included a stipulation that he be sentenced as a “youthful offender,” which is likely to lessen his prison time and increase the odds that he will be permitted to serve at least some of his sentence at a military-style bootcamp.

“Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences,” Andrew Warren, State Attorney of Florida’s 13th Judicial Circuit, said in a statement. “In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future.”

On July 15, 2020, a number of high-profile Twitter accounts belonging to the likes of former President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple were suddenly hijacked in quick succession. In each case, the hacked account advertised a special giveaway in which any Twitter users who forked over a given amount of the popular cryptocurrency bitcoin would receive double that amount back.

Authorities say the scam garnered about $117,000 in bitcoin before it was eventually shut down.

In executing the hack, Clark had worked alongside two co-conspirators that he had reportedly met on an online forum called OGusers that trades in the acquisition and sale of old usernames. Those partners — Nima Fazeli of Orlando and Mason Sheppard of the UK — were also charged with federal crimes.

Advertisement

According to multiple reports, the trio pulled off the hack by exploiting a vulnerability in Twitter’s systems wherein certain mid-level employees had access to powerful site-wide admin tools that could be used to reset account email addresses.

The hack — which prompted several investigations, including one by the FBI — exposed grave national and international security threats, and prompted Twitter to take the unprecedented step of disabling tweets from verified accounts as programmers scrambled to come up with a fix.

Advertisement

“Tough day for us at Twitter,” CEO Jack Dorsey tweeted at the time. “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

DISCUSSION

By
sulfolobus

You made us read pretty far down to find out that this was only a quasi-hack. This reminds me of the time journalists called it a “hack” when someone guessed that Donald Trump’s password was “maga2020!”.  So I’m worried that the word “hack” no longer has a useful meaning.