Graham Ivan Clark | |
|---|---|
 Booking photo from July 2020 | |
| Born | Graham Ivan Clark January 9, 2003 Tampa, Florida, U.S. |
| Other names | Kirk, OpenHCF, Open, Scrim, Feed, Graham$ |
| Known for | 2020 Twitter bitcoin scam |
| Criminal status | Released |
Graham Ivan Clark (born January 9, 2003) is an American computer hacker, cybercriminal and a convicted felon regarded as the main perpetrator behind the 2020 Twitter account hijacking.
Early life
Graham Ivan Clark grew up in Hillsborough County, Florida, with his mother, father, and older sister.[1] His parents divorced when he was 7; as of 2020, his father lives in Indiana.[2] During his teenage years, Clark used various aliases while participating in online communities, gaining notoriety as a scammer in the "hardcore factions" Minecraft community.[2] In 2018, Graham joined OGUsers, a forum dedicated to selling, buying, and trading online accounts, and was banned after four days.
In 2019, at the age of 16, Clark was involved in stealing 164 bitcoins from Gregg Bennett, a Seattle-based angel investor, through a SIM swap attack. Clark sent two extortion notes under the alias "Scrim", stating, "We just want the remainder of the funds in the Bittrex", referring to the cryptocurrency exchange "Bittrex" that Bennett had used, and "We are always one step ahead and this is your easiest option." The United States Secret Service managed to recover only 100 bitcoins from the heist.[3] In an interview, Bennett said he was told by a Secret Service agent that the person with the stolen bitcoins was not arrested because he was a minor.[2]
Role in the 2020 Twitter account hijacking
Clark is widely regarded as the "mastermind" of the 2020 Twitter account hijacking,[4][5] an event in which Clark worked with Mason Sheppard and Nima Fazeli to compromise 130 high-profile Twitter accounts to push a cryptocurrency scam involving bitcoin along with seizing "OG" (short for original) usernames to sell on OGUsers. At the time, Sheppard was 19, Fazeli was 22, and Clark was 17. Sheppard and Fazeli specialized in playing the role of brokers in selling the Twitter handles on OGUsers.
The Twitter hack began on June 14 when Sheppard and Fazeli assisted Clark in manipulating employees through social engineering.[6] This involved calling multiple Twitter employees and posing as the help desk in Twitter's IT department responding to a reported problem with Twitter's internal VPN. From there, Clark directed the employee to a phishing site that was identical in appearance to Twitter's VPN log-in portal. When the employee entered their information into the phishing portal, the credentials were simultaneously entered onto the real log-in page. After one employee account was compromised, it was used to review instructions on Twitter's intranet on how to take over Twitter accounts.[7]
Arrest
On July 31, 2020, Clark was arrested at his home in Northdale, Florida. He faced 30 criminal charges, including 17 counts of communication fraud, 11 counts of fraudulent use of personal information, one count of organized fraud for more than $5,000, and one count of accessing a computer or electronic device without authority. His bail was set at $725,000 and he pleaded not guilty. His hearing was held on March 16, 2021, via Zoom at Hillsborough County Jail. He was sentenced to three years in prison followed by three years of probation as part of a plea deal under Florida's Youthful Offender Act, which limits the penalties for convicted felons under the age of 21.[8] According to the Tampa Bay Times, he was able to serve part of his time in a military-style boot camp.[9]
The plea agreement[10] stipulated that Clark could not "direct[ly] or indirect[ly] access" any electronic device without both the express permission of his probation officer and the notification of the Florida Department of Law Enforcement. He was also required to provide a list of "any and all electronic mail addresses, Interactive computer services, Internet domain names, commercial social networking websites, online or remote storage and computing devices, Internet identifiers and each Internet identifier's corresponding website [sic] homepage or application software name; home telephone numbers and cellular telephone numbers in his care custody or control." Additionally, he was ordered to disclose passwords, security codes, tokens, and key fobs.[11]
Clark was released from Saint Petersburg Community Release Center on February 16, 2023. He was under probation until February 15, 2026. [12]
References
- ^ Michael, Melanie (August 2, 2020). "Twitter hack 'mastermind': Who is the Tampa teen accused of targeting high-profile accounts?". WFLA. Retrieved April 7, 2021.
- ^ a b c Popper, Nathaniel; Conger, Kate; Browning, Kellen (August 2, 2020). "From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled Online Path". The New York Times. ISSN 0362-4331. Retrieved April 15, 2021.
- ^ Fisher, Christine (August 3, 2020). "Alleged Twitter hacker was previously caught stealing a fortune in Bitcoin". Engadget. Retrieved September 29, 2021.
- ^ Goodin, Dan (March 17, 2021). "I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence". Ars Technica. Retrieved April 7, 2021.
- ^ Popper, Nathaniel; Conger, Kate (July 17, 2020). "Hackers Tell the Story of the Twitter Attack From the Inside". The New York Times. ISSN 0362-4331. Retrieved April 15, 2021.
- ^ Solomon, Josh. "Bail in Twitter hack: $725,000. Tampa teen's assets: $3 million in Bitcoin". Tampa Bay Times. Retrieved May 10, 2021.
- ^ "Twitter Investigation Report". Department of Financial Services. Retrieved June 12, 2022.
- ^ Kan, Michael. "Teen Who Hacked Musk, Obama Twitter Accounts Gets 3 Years in Jail". PCMag. Retrieved January 9, 2023.
- ^ Sullivan, Dan. "Tampa Twitter hacker agrees to three years in prison". Tampa Bay Times. Retrieved May 16, 2021.
- ^ Statt, Nick (March 16, 2021). "Teen 'mastermind' behind the great Twitter hack sentenced to three years in prison". The Verge. Retrieved June 12, 2022.
- ^ "2019 Florida Statutes :: Title XXXIX - Commercial Relations :: Chapter 668 - Electronic Commerce :: Part V - Computer Abuse and Data Recovery Act (Ss. 668.801-668.805) :: 668.802 - Definitions". Justia Law. Retrieved June 12, 2022.
- ^ "VINELink".
