Teen charged in July's Twitter hack started out scamming Minecraft players

Cal Jeffrey

Posts: 2,525   +575
Staff member
Recap: Several high-profile Twitter accounts, including Barrack Obama, Bill Gates, Joe Biden, Apple, and others, were hacked to facilitate a Bitcoin scam. The fake tweets claimed that donations deposited into a Bitcoin account would be matched dollar-for-dollar and would go to charities supporting Covid-19 efforts.

Last month, 17-year-old Graham Ivan Clark was arrested in connection with highjacking over 100 Twitter accounts. Additional details have emerged, showing that the teen has a history and reputation of scamming others online. Some of Clark's friends told the New York Times that he would frequently "sell" Minecraft items to other players, collecting their money but never relinquishing the goods.

In a similar 2019 investigation, authorities seized $15,000 in cash and more than $3 million in Bitcoin from the teen. Even though Clark bragged on his now-deleted Instagram account, posing with Rolex watches and designer sneakers, the funds were returned, and he was never charged.

This time authorities are not holding back. The teen now faces 30 felony charges for his involvement in highjacking more than 100 verified Twitter accounts from well-known celebrities and organizations. He and others posted tweets claiming to be these people and companies saying they would "double" deposited Bitcoin donations and send the money to COVID-19 charities.

The US Department of Justice released the names of two others involved in the scam. Mason Sheppard, 19, of the UK, is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. Nima Fazeli,22, of Orlando Florida, is accused of aiding and abetting the intentional access of a protected computer. Both were charged in the Northern District of California. Since Clark is a minor, he will face federal juvenile proceedings in the 13th Judicial District in Tampa.

The group reportedly used social engineering to get Twitter employees to grant access to "internal systems."

"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," the company said in a statement.

They pulled the con off by somehow gaining access to Twitter's Slack messaging board. From there, they were able to convince others they had legitimate access privileges to tools that can take over any account.

Image credit: Budrul Chukrut

Permalink to story.

 

psycros

Posts: 3,187   +3,373
They should do a Suicide Squad on scumbags like this and make them use their talents to infiltrate other cyber-criminal groups.
 
  • Like
Reactions: Cal Jeffrey

candle_86

Posts: 515   +383
So Twitter was brought down by some mature kids? I say the best solution is a career with the FBI cyber crimes unit.
 

Uncle Al

Posts: 7,402   +5,848
Sounds to me like a simple case of Felony theft and since he's now a two time loser the judge better make the penalty substantial or turn in his robe ....
 

nnguy2

Posts: 119   +193
So Twitter was brought down by some mature kids? I say the best solution is a career with the FBI cyber crimes unit.
What he did was just called customer service until someone gave his the info he needed.

Wasnt like he infiltrated the network through an unsecured connection using a printer.
 
  • Like
Reactions: Cal Jeffrey

candle_86

Posts: 515   +383
What he did was just called customer service until someone gave his the info he needed.

Wasnt like he infiltrated the network through an unsecured connection using a printer.
the biggest threat in cyber crime is social engineering, hince someone that can fool what's supposed to be well trained people might be able to teach how they did it and help train.
 

Cal Jeffrey

Posts: 2,525   +575
Staff member
  • Thread Starter Thread Starter
  • #7
What he did was just called customer service until someone gave his the info he needed.

Wasnt like he infiltrated the network through an unsecured connection using a printer.
He infiltrated through Twitter's Slack chatroom.
 

Cal Jeffrey

Posts: 2,525   +575
Staff member
  • Thread Starter Thread Starter
  • #9
I think he is suggesting that he got onto the Slack via an additional 'help, I have lost access to my WFH tools and my boss is not answering his phone' call to Twitter customer service.
Ah. Yeah, that makes sense.

EDIT: That was something I was wondering when I was writing was how he got access to Twitter's Slack account.
 

Xallisto

Posts: 79   +88
Who cares if he is a minor for gods sake, if he has done this **** before he should receive no protection whatsoever from the consequences.
 
  • Like
Reactions: nnguy2