Graham Ivan Clark | |
---|---|
Born | Graham Ivan Clark January 9, 2003 Tampa, Florida, U.S. |
Nationality | American |
Other names | Kirk, OpenHCF, Open, Scrim, Feed, Graham$ |
Education | Gaither High School |
Known for | 2020 Twitter bitcoin scam |
Criminal status | Released |
Parent |
|
Graham Ivan Clark (born January 9, 2003) is an American computer hacker, cybercriminal and a convicted felon regarded as the mastermind behind the 2020 Twitter account hijacking.
Graham Ivan Clark grew up in Hillsborough County, Florida, with his mother, father, and older sister. [1] His parents divorced when he was 7; as of 2020, his father lives in Indiana. [2] During his teenage years, Clark used various aliases while participating in online communities, gaining notoriety as a scammer in the "hardcore factions" Minecraft community. [3] In 2018, Graham joined OGUsers, a forum dedicated to selling, buying, and trading online accounts, and was banned after four days.
In 2019, at the age of 16, Clark was involved in stealing 164 bitcoins from Gregg Bennett, a Seattle-based angel investor, through a SIM swap attack. Clark sent two extortion notes under the alias "Scrim", stating, "We just want the remainder of the funds in the Bittrex", referring to the cryptocurrency exchange "Bittrex" that Bennett had used, and "We are always one step ahead and this is your easiest option." The United States Secret Service managed to recover only 100 bitcoins from the heist. [4] In an interview, Bennett said he was told by a Secret Service agent that the person with the stolen bitcoins was not arrested because he was a minor. [2]
Clark is widely regarded as the "mastermind" of the 2020 Twitter account hijacking, [5] [6] an event in which Clark worked with Mason Sheppard and Nima Fazeli to compromise 130 high-profile Twitter accounts to push a cryptocurrency scam involving bitcoin along with seizing "OG" (short for original) usernames to sell on OGUsers. At the time, Sheppard was 19, Fazeli was 22, and Clark was 17. Sheppard and Fazeli specialized in playing the role of brokers in selling the Twitter handles on OGUsers.
The Twitter hack began on June 14 when Sheppard and Fazeli assisted Clark in manipulating employees through social engineering. [7] This involved calling multiple Twitter employees and posing as the help desk in Twitter's IT department responding to a reported problem with Twitter's internal VPN. From there, Clark directed the employee to a phishing site that was identical in appearance to Twitter's VPN log-in portal. When the employee entered their information into the phishing portal, the credentials were simultaneously entered onto the real log-in page. After one employee account was compromised, it was used to review instructions on Twitter's intranet on how to take over Twitter accounts. [8]
On July 31, 2020, Clark was arrested at his home in Northdale, Florida. He faced 30 criminal charges, including 17 counts of communication fraud, 11 counts of fraudulent use of personal information, one count of organized fraud for more than $5,000, and one count of accessing a computer or electronic device without authority. His bail was set at $725,000 and he pleaded not guilty. His hearing was held on March 16, 2021, via Zoom at Hillsborough County Jail. He was sentenced to three years in prison followed by three years of probation as part of a plea deal under Florida's Youthful Offender Act, which limits the penalties for convicted felons under the age of 21. [9] According to the Tampa Bay Times , he was able to serve part of his time in a military-style boot camp. [10]
The plea agreement [11] stipulated that Clark could not "direct[ly] or indirect[ly] access" any electronic device without both the express permission of his prohibition officer and the notification of the Florida Department of Law Enforcement. He was also required to provide a list of "any and all electronic mail addresses, Interactive computer services, Internet domain names, commercial social networking websites, online or remote storage and computing devices, Internet identifiers and each Internet identifier's corresponding website [sic] homepage or application software name; home telephone numbers and cellular telephone numbers in his care custody or control." Additionally, he was ordered to disclose passwords, security codes, tokens, and key fobs. [12]
Clark was released from Saint Petersburg Community Release Center on February 16, 2023.[ citation needed ]
Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.
Cameron LaCroix, aka camo, cam0, camZero, cmuNNY, is an American computer hacker best known for the hacking of Paris Hilton's cellular phone, accessing LexisNexis, and defacing Burger King's Twitter account. He has also been convicted of intentionally causing damage to a protected computer system, obtaining information from a protected computer system, wire fraud, and aggravated identity fraud. Prosecutors said victims of the teen's actions have suffered about $1 million in damages. Pursuant to a plea agreement signed by the juvenile in August 2005, he received 11 months in a federal juvenile detention facility. In January 2007 his supervised release was revoked due to possession of a cell phone.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
Markus Alexej Persson, also known as "Notch", is a Swedish video game programmer and designer. He is best known for creating the sandbox video game Minecraft, which has since become the best-selling video game in history; and for founding the video game development company Mojang Studios in 2009.
Satoshi Nakamoto is the name used by the presumed pseudonymous person or persons who developed Bitcoin, authored the bitcoin white paper, and created and deployed bitcoin's original reference implementation. As part of the implementation, Nakamoto also devised the first blockchain database. Nakamoto was active in the development of bitcoin up until December 2010.
Silk Road was an online black market and the first modern darknet market. It was launched in 2011 by its American founder Ross Ulbricht under the pseudonym "Dread Pirate Roberts". As part of the dark web, Silk Road operated as a hidden service on the Tor network, allowing users to buy and sell products and services between each other anonymously. All transactions were conducted with bitcoin, a cryptocurrency which aided in protecting user identities. The website was known for its illegal drug marketplace, among other illegal and legal product listings. Between February 2011 and July 2013, the site facilitated sales amounting to 9,519,664 Bitcoins.
The Syrian Electronic Army is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial-of-service attacks, it has targeted terrorist organizations, political opposition groups, western news outlets, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. As of 2011, the SEA has been "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".
HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.
Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
Cryptocurrency and crime describe notable examples of cybercrime related to theft of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies that have been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.
A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.
The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.
Jim Browning is the Internet alias of a software engineer and YouTuber from Northern Ireland whose content focuses on scam baiting and investigating call centres engaging in fraudulent activities.
On July 15, 2020, between 20:00 and 22:00 UTC, 130 high-profile Twitter accounts were reportedly compromised by outside parties to promote a bitcoin scam. Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees. Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.
Cryptojacking is the act of exploiting a computer to mine cryptocurrencies, often through websites, against the user's will or while the user is unaware. One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown. The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.
Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.
OGUsers (OGU) is an internet forum that facilitates the discussion and buying of social media accounts and online usernames. Established in 2017, the website is dedicated to the buying and selling of "rare" from or "OG" online accounts that are considered valuable due to their name or age. The website acts as a platform for cybercrime and the harassment of individuals for access to their online accounts. Several high-profile incidents have been linked to the forum, most notably the 2020 Twitter account hijacking.