Florida teen arrested for orchestrating Twitter hack

July 31, 2020

twitter-bans-animated-png-files-from-twe-5e04b6f4ded3a30001347ab7-1-dec-29-2019-13-20-04-poster.jpg

In a press conference on Friday, US authorities announced they arrested the main suspect behind this month’s major Twitter hack.

The suspected hacker was identified as Graham Ivan Clark, a 17-year-old teen from Tampa, Hillsborough County, Florida.

According to Florida news outlet WFLA-TV, which first reported on the arrest, Clark was arrested earlier this morning in Tampa, following a nationwide collaboration between the FBI, the IRS, the DOJ, and the Secret Service.

Hillsborough State Attorney Andrew Warren filed charges against Clark for being the “mastermind” behind the July 15 Twitter incident, when the teen is believed to have gained access to Twitter’s backend, took over several high-profile accounts, and tweeted on their behalf to promote a cryptocurrency scam. The list of hacked accounts includes big names like Barrack Obama, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, and others.

twitter-accounts-of-elon-musk-bill-gates-5f11c4c35129505ee26e5a5a-1-jul-20-2020-14-20-37-poster.jpg

Officials said the hack resulted in more than $100,000 being sent to Bitcoin “accounts associated with Clark” in one single day.

According to a press release from Warren’s office, the teen now faces 30 felony charges, including:

ORGANIZED FRAUD (OVER $50,000) – 1 count
COMMUNICATIONS FRAUD (OVER $300) – 17 counts
FRAUDULENT USE OF PERSONAL INFORMATION (OVER $100,000 OR 30 OR MORE VICTIMS) – 1 count
FRAUDULENT USE OF PERSONAL INFORMATION – 10 counts
ACCESS COMPUTER OR ELECTRONIC DEVICE WITHOUT AUTHORITY (SCHEME TO DEFRAUD) – 1 count

In a press conference today broadcast online, officials didn’t clarify if Clark worked alone or if other arrests would follow.

Just hours before the arrest, Twitter had published its latest update on its investigation into the hack. Below is Twitter’s entire investigation, summarized, for easier reading:

The incident took place on Wednesday, July 15, 2020.
Twitter said hackers used phone-based social-engineering to gain access to Twitter employee accounts.
A New York Times report that has yet to be confirmed by Twitter said that hackers breached employee Slack accounts and found credentials for the Twitter backend pinned inside a Slack channel.
Twitter said hackers got “through” their two-factor protections but did not specify if it referred to the backend accounts or the Slack accounts.
Once hackers accessed the Twitter backend, they Twitter’s own internal tech support tools to interact with accounts.
Hackers interacted with 130 accounts, according to Twitter.
For 45 accounts, hackers initiated a password reset, logged into the account, and sent new tweets to promote their cryptocurrency scam.
Twitter said it believes hackers also tried to sell access to some hijacked Twitter accounts, due to highly-coveted usernames.
For eight accounts, hackers downloaded account data through the “Your Twitter Data” feature.
Twitter said hackers accessed direct messages (DMs) for 36 accounts, including 1 elected official in the Netherlands.
None of these eight accounts were verified.
Twitter is now reaching out to the eight account owners.
Once the hack came to light on Wednesday, Twitter said it blocked all verified accounts from tweeting as it investigated.
It then also blocked some users from resetting their password to hackers from taking over new accounts.
These limitations lasted for a few hours, and functionality was eventually returned.
Twitter said it had no reason to believe the hackers had access to cleartext passwords and will not be resetting user passwords going forward.
However, attackers did view information such as email addresses and phone numbers for the targeted accounts.
A law enforcement investigation is already underway.
Twitter said it restricted the number of employees who can access to its internal tools following the attacks.