Graham Ivan Clark | |
|---|---|
 Booking photo from July 2020 | |
| Born | Graham Ivan Clark January 9, 2003 Tampa, Florida, U.S. |
| Other names | Kirk, OpenHCF, Open, Scrim, Feed, Graham$ |
| Known for | 2020 Twitter bitcoin scam |
| Criminal status | Released |
Graham Ivan Clark (born January 9, 2003) is an American computer hacker, cybercriminal and a convicted felon regarded as the mastermind behind the 2020 Twitter account hijacking.
Graham Ivan Clark grew up in Hillsborough County, Florida, with his mother, father, and older sister. [1] His parents divorced when he was 7; as of 2020, his father lives in Indiana. [2] During his teenage years, Clark used various aliases while participating in online communities, gaining notoriety as a scammer in the "hardcore factions" Minecraft community. [2] In 2018, Graham joined OGUsers, a forum dedicated to selling, buying, and trading online accounts, and was banned after four days.
In 2019, at the age of 16, Clark was involved in stealing 164 bitcoins from Gregg Bennett, a Seattle-based angel investor, through a SIM swap attack. Clark sent two extortion notes under the alias "Scrim", stating, "We just want the remainder of the funds in the Bittrex", referring to the cryptocurrency exchange "Bittrex" that Bennett had used, and "We are always one step ahead and this is your easiest option." The United States Secret Service managed to recover only 100 bitcoins from the heist. [3] In an interview, Bennett said he was told by a Secret Service agent that the person with the stolen bitcoins was not arrested because he was a minor. [2]
Clark is widely regarded as the "mastermind" of the 2020 Twitter account hijacking, [4] [5] an event in which Clark worked with Mason Sheppard and Nima Fazeli to compromise 130 high-profile Twitter accounts to push a cryptocurrency scam involving bitcoin along with seizing "OG" (short for original) usernames to sell on OGUsers. At the time, Sheppard was 19, Fazeli was 22, and Clark was 17. Sheppard and Fazeli specialized in playing the role of brokers in selling the Twitter handles on OGUsers.
The Twitter hack began on June 14 when Sheppard and Fazeli assisted Clark in manipulating employees through social engineering. [6] This involved calling multiple Twitter employees and posing as the help desk in Twitter's IT department responding to a reported problem with Twitter's internal VPN. From there, Clark directed the employee to a phishing site that was identical in appearance to Twitter's VPN log-in portal. When the employee entered their information into the phishing portal, the credentials were simultaneously entered onto the real log-in page. After one employee account was compromised, it was used to review instructions on Twitter's intranet on how to take over Twitter accounts. [7]
On July 31, 2020, Clark was arrested at his home in Northdale, Florida. He faced 30 criminal charges, including 17 counts of communication fraud, 11 counts of fraudulent use of personal information, one count of organized fraud for more than $5,000, and one count of accessing a computer or electronic device without authority. His bail was set at $725,000 and he pleaded not guilty. His hearing was held on March 16, 2021, via Zoom at Hillsborough County Jail. He was sentenced to three years in prison followed by three years of probation as part of a plea deal under Florida's Youthful Offender Act, which limits the penalties for convicted felons under the age of 21. [8] According to the Tampa Bay Times , he was able to serve part of his time in a military-style boot camp. [9]
The plea agreement [10] stipulated that Clark could not "direct[ly] or indirect[ly] access" any electronic device without both the express permission of his probation officer and the notification of the Florida Department of Law Enforcement. He was also required to provide a list of "any and all electronic mail addresses, Interactive computer services, Internet domain names, commercial social networking websites, online or remote storage and computing devices, Internet identifiers and each Internet identifier's corresponding website [sic] homepage or application software name; home telephone numbers and cellular telephone numbers in his care custody or control." Additionally, he was ordered to disclose passwords, security codes, tokens, and key fobs. [11]
Clark was released from Saint Petersburg Community Release Center on February 16, 2023. He is currently under probation until February 15, 2026. [12]
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Jonathan Joseph James was an American hacker who was the first juvenile incarcerated for cybercrime in the United States. The South Florida native was 15 years old at the time of the first offense and 16 years old on the date of his sentencing. He died at his Pinecrest, Florida home on May 18, 2008, of a self-inflicted gunshot wound.
Markus Alexej Persson, also known as Notch, is a Swedish video game programmer and designer. He is the creator of Minecraft, which is the best-selling video game in history. He founded the video game development company Mojang Studios in 2009.
Satoshi Nakamoto is the name used by the presumed pseudonymous person or persons who developed bitcoin, authored the bitcoin white paper, and created and deployed bitcoin's original reference implementation. As part of the implementation, Nakamoto also devised the first blockchain database. Nakamoto was active in the development of bitcoin until December 2010.
Silk Road was an online black market and the first modern darknet market. It was launched in 2011 by its American founder Ross Ulbricht under the pseudonym "Dread Pirate Roberts." As part of the dark web, Silk Road operated as a hidden service on the Tor network, allowing users to buy and sell products and services between each other anonymously. All transactions were conducted with bitcoin, a cryptocurrency which aided in protecting user identities. The website was known for its illegal drug marketplace, among other illegal and legal product listings. Between February 2011 and July 2013, the site facilitated sales amounting to 9,519,664 Bitcoins.
Michael Jude Gogulski is a political activist and freelance translator. He is one of a small number of former Americans known to have voluntarily become stateless.
UGNazi is a hacker group. The group conducted a series of cyberattacks, including social engineering, data breach, and denial-of-service attacks, on the websites of various organizations in 2012. Two members of UGNazi were arrested in June 2012; one was incarcerated. In December 2018, two members of UGNazi were arrested in connection with a murder in Manila.
The Syrian Electronic Army was a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial-of-service attacks, it has targeted terrorist organizations, political opposition groups, western news outlets, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. As of 2011, the SEA has been "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".
Bitcoin is a cryptocurrency, a digital asset that uses cryptography to control its creation and management rather than relying on central authorities. Originally designed as a medium of exchange, Bitcoin is now primarily regarded as a store of value. The history of bitcoin started with its invention and implementation by Satoshi Nakamoto, who integrated many existing ideas from the cryptography community. Over the course of bitcoin's history, it has undergone rapid growth to become a significant store of value both on- and offline. From the mid-2010s, some businesses began accepting bitcoin in addition to traditional currencies.
Ross William Ulbricht is an American serving life imprisonment for creating and operating the darknet market website Silk Road from 2011 until his arrest in 2013. The site operated as a hidden service on the Tor network and facilitated the sale of narcotics and other illegal products and services. Ulbricht ran the site under the pseudonym "Dread Pirate Roberts", after the fictional character from The Princess Bride.
Cryptocurrency and crime describe notable examples of cybercrime related to theft of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.
No Postage Necessary is a 2017 American romantic comedy independent film written and directed by Jeremy Culver as his second narrative feature and starring George Blagden, Charleene Closshey, Robbie Kay, Stelio Savante, with Michael Beach and Raymond J. Barry. The film integrates current political happenings — including the Silk Road, hacktivism, and cyberterrorism — into a dramedy set in Plant City, Florida.
The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.
On July 15, 2020, between 20:00 and 22:00 UTC, 130 high-profile Twitter accounts were reportedly compromised by outside parties to promote a bitcoin scam. Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees. Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.
Cryptojacking is the act of exploiting a computer to mine cryptocurrencies, often through websites, against the user's will or while the user is unaware. One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown. The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.
On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that afflicted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.
Arthur Hayes is an American entrepreneur, and a co-founder and former CEO of cryptocurrency exchange BitMEX. He graduated from the Wharton School of Business in 2008. Hayes was reported as being the youngest African American crypto billionaire in history. In 2022, Hayes pled guilty to United States Bank Secrecy Act violations and was sentenced to six months of home detention, two years of probation, and a $10 million fine.
Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.
OGUsers (OGU) is an Internet forum that facilitates the discussion and buying of social media accounts and online usernames. Established in 2017, the website is dedicated to the buying and selling of "rare" or "OG" online accounts that are considered valuable due to their name or age. The website acts as a platform for cybercrime and the harassment of individuals for access to their online accounts. Several high-profile incidents have been linked to the forum, most notably the 2020 Twitter account hijacking.