Last month a cryptocurrency scam took place on Twitter, which involved hacked high profile Twitter accounts tweeting about cryptocurrency bonuses. It was very organized and well-executed hence proving very effective as lots of innocent Twitter users fell for the scam.
Twitter did all they could to stop the scam but it was too late, a lot of money was already lost. Investigations kicked off and finally something to grasp on concerning who perpetrated the hack.
Who was behind the Hack?
A federal indictment filed in Tampa, Florida states that Graham Ivan Clark used a phone spearphishing attack to get through Twitter’s security and bypass its two-factor authentication. Thereby gaining access to twitter’s internal admin tool that lets the hacker gain access to verified Twitter accounts to orchestrate the scam.
Clark aka “Kirk” alongside accomplices, Mason Sheppard 19 aka “Chaewon” of Bognor Regis in the UK and Nima Fazeli aka “Rolex” 22 of Orlando, Florida were accused of yet the biggest twitter scam this year.
Graham Ivan Clark, a 17-year-old who is believed to be “Kirk” gained access to the Twitter admin tool as far back as the 3rd of May 2020 according to court documents released by US law enforcement agency. The hack happened on the 15th of July so it’s still unclear what happened in the 73 days between the 3rd of May to the 15th of July.
However, reports speculate that Clark first gained access to Twitter Internal Slack workspaces then found credentials for one of Twitter’s tech support tool pinned to Twitter’s Slack channel. Then he proceeded to organize a successful phone spearphishing attack on Twitter employees so as to bypass Twitter’s two-factor authentication on the tool.
While Clark was the main perpetrator of the hack, Mason and Fazeli just helped in monetizing his plans. According to the messages retrieved from Discord between Clark and his accomplices, Mason and Fazeli brokered the sale of twitter accounts stolen by Clark.
Twitter’s investigation yielded results that Kirk gained access to 130 accounts, initiated a password reset for 45, and accessed the DMs of 36.
What are the Charges?
17 counts of communications fraud, 11 counts of fraudulent use of personal information and one count each of organized fraud of more than $5000 put together with accessing electronic devices without authority are all the counts Clark was charged with on Tuesday.
Arrested on Friday, Clark is in the Hillsborough County jail awaiting a bond hearing with bail set at $725,000. Hillsborough state attorney, Andrew Warren said his office is prosecuting Clark in state court because Florida laws allow minors to be charged as adults in financial fraud cases when needed.
Andrew Warren also tagged Clark as the mastermind behind the entire hack scheme.