18-year-old American Graham Ivan Clark pleaded guilty to the largest Twitter hack in history. He was sentenced to three years in prison.
In June 2020, Twitter suffered the largest cyberattack in its history. Many accounts of public people and companies were compromised, including those of Elon Musk, Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Warren Buffett, Kim Kardashian, and Kanye West. Hackers also gained access to Twitter accounts of the largest cryptocurrency exchanges CoinDesk, Binance, and Gemini. In addition, official accounts of Apple and Uber brands were attacked as well. In total, 130 accounts were hacked.
Graham Clark grew up in Tampa, Florida, and used various ways to trick Minecraft players as a child. He sold and traded rare social media nicknames on the OGUsers forum, where he contacted his accomplices. Led by Clark, they initially accessed accounts with unusual usernames, and then sold them on the hacker forum OGUsers for thousands of dollars.
The group later began hacking the accounts of celebrities and large companies. On behalf of famous people and large companies, attackers asked Twitter users to send them bitcoins to the account they indicated, promising to double and return any amount received.
Surprisingly, many people believed that Bill Gates, Elon Musk, and other well-known personalities and companies would ask users for bitcoins. As a result, the fraudulent scheme brought cybercriminals about 13 BTC, that is, over $100,000.
On July 31, 2020, Graham Ivan Clark (known online as Kirk), the main "ideological mastermind" of this attack who was 17 at the time, was arrested on suspicion of a major hacking into Twitter accounts. Clark's partners were also identified – 19-year-old Mason "Chaewon" Sheppard from the UK and 22-year-old Nima "Rolex" Fazeli from Orlando. They were charged with federal crimes, too.
This week, 18-year-old Clark pleaded guilty to multiple charges (including unauthorized computer access, identity fraud, and communication fraud). He made a deal with the prosecutor that would include three years in juvenile prison followed by a three-year probation under supervision. Clark also agreed not to use computers without permission from law enforcement. Six years is the maximum state law allows for juvenile offenders, but if Clark violates the terms of the deal, he could face up to ten years in prison as an adult.
“Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences. In this case, we’ve been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future,” Hillsborough State Attorney Andrew Warren said in a statement.
Clark's lawyers also confirmed that all the cryptocurrency obtained as a result of the Twitter cyberattack has already been transferred to law enforcement agencies.