The alleged mastermind behind the July 15 hack of Twitter accounts of business titans, celebrities and a former president didn’t need sophisticated hacking tools to pierce the company’s security system. Rather, he convinced an information technology employee at Twitter that he was a colleague who needed login credentials to access the company’s customer support platform, according to law enforcement officials.
It worked, in spectacular fashion.
Graham Ivan Clark, 17, allegedly hijacked 130 Twitter accounts as part of a cryptocurrency scam, according to a criminal affidavit filed in Tampa, Florida. The accounts that were hacked included those of former President Barack Obama, Amazon.com Inc. Chief Executive Officer Jeff Bezos and Tesla Inc. CEO Elon Musk.
Clark, who authorities said had just graduated from high school, now faces 30 felony charges for hacking those accounts, posting messages on their behalf and luring additional victims into sending him Bitcoin donations worth more than $100,000, according to law enforcement. Two others were charged by federal authorities for allegedly aiding in the scheme by serving as brokers on the sale of compromised Twitter accounts: Mason Sheppard, 19, of the U.K., and Nima Fazeli, 22, of Orlando.
Lawyers or family members for the defendants couldn’t be located for comment. Clark’s mother, Emiliya Clark, told NBC News that her son was innocent. “I believe he didn’t do it. I’ve spoken to him every day,” she said. “I’m devastated.”
Twitter thanked law enforcement for swiftly making arrests. In its most recent update on the hack, on July 30, the company acknowledged that employees were duped into sharing sensitive information over the phone and that it has decided to temporarily limit access to its internal tools as it seeks to understand the scope of the breach, while improving its security protocols to “make them even more sophisticated.”