Graham Ivan Clark, 17, appeared in court Saturday via a video monitor from jail.
Photo: Tampa Bay Times/Zuma PressThe crucial moment in the worst hack in Twitter Inc.’s TWTR -0.33% history sounded like something millions of Americans would find unremarkable. It was a call from the IT department. Or at least, it seemed to be.
In fact, the call was from a Florida teenager who convinced a Twitter employee that he was a co-worker, according to prosecutors, who revealed their case last week. The persuasion was a key leap forward during months of reconnaissance that ultimately granted the 17-year-old access to a host of Twitter accounts, including Barack Obama, Elon Musk and Kanye West, authorities allege.
Months ago, Graham Ivan Clark escalated his online activity from taking over and selling accounts on platforms across the web to seeking to penetrate Twitter’s internal systems, according to prosecutors, security professionals and people familiar with the matter.
In addition to his telephone persuasion, he seized control of a phone number through a technique called SIM-swapping, whereby a hacker convinces a carrier to assign a number to a new phone, said Hillsborough County, Fla., State Attorney Andrew Warren. He also set up several fake phishing pages, including one that resembled the company’s Okta login portal, a destination used for securely logging into company systems, according to Okta.
“This situation did not involve a compromise of Okta’s services,” Okta said in a statement.
Mr. Clark entered a not-guilty plea in court Monday, according to his attorney, David Weisbrod. He remains in custody, Mr. Weisbrod said.
In March, Twitter ordered all employees to work from home, creating an ideal environment for the kinds of attacks in which Mr. Clark allegedly specialized, according to security researchers.
A Twitter spokeswoman said that the company hadn’t relaxed its security controls during the coronavirus emergency.
Once inside Twitter, Mr. Clark allegedly gained the ability to bypass the company’s security protections, setting the stage for an hourslong hack on July 15 that captivated the world’s attention and held hostage the main communications tool of some of the most powerful people on the planet.
Booking photo for Graham Ivan Clark.
Photo: Hillsborough County Sheriff's Office/ReutersHe was charged with compromising more than 100 social media accounts and scamming both the Twitter account holders, and the approximately 400 people from whom Mr. Clark allegedly received money in a scam. Two others were also charged—Mason Sheppard, of Bognor Regis, U.K., and Nima Fazeli, 22, of Orlando, Fla.—in connection with the hack. Mr. Sheppard was 19 when he was charged Friday.
Mr. Sheppard and Mr. Fazeli’s lawyer didn’t return messages seeking comment.
The tactics that Mr. Clark allegedly used have been honed in recent years with remarkable tenacity by a community of teenagers and young adults. The practitioners cut their teeth in the antics of online gaming, where stealing one another’s Xbox or PlayStation gaming accounts is counted as a harmless prank, according to investigators and security experts.
Over the past five years, the activity has mushroomed into an online threat that has affected thousands of victims and led to tens of millions of dollars in losses, according to security researchers and investigators. And now, it has captured the attention of the Federal Bureau of Investigation, the Secret Service and local law enforcement.
While the bulk of account-takeover activity flies under the radar, it has morphed in recent years into something more sinister, said Allison Nixon, chief research officer at cyber services company Unit 221b. The most aggressive of these hackers take online harassment to extraordinary lengths, such as telling police that a hostage situation is under way at the home of an enemy so a SWAT team will be called in, or hacking phones and blackmailing users with nude photos. “There is no line that these people won’t cross,” she said.
Security professionals and law-enforcement officials believe the hack could have been far more damaging than it was, such as if the perpetrators had used the hacked accounts to release false news claiming to be from corporations. Mr. Clark allowed some associates to sell access to Twitter accounts, including 17 from famous individuals and companies to promote a bitcoin scam that earned about $117,000, prosecutors say.
Twitter has beefed up its security since the hack. Company headquarters in San Francisco.
Photo: David Paul Morris/Bloomberg NewsTwitter says it has now beefed up its internal security. “Since the attack, we’ve significantly limited access to our internal tools and systems,” the company said in a blog post last week.
Mr. Clark spent a lot of time online playing videogames and was accused in online forums of reneging on business deals, said Ms. Nixon, who has tracked the account-takeover hackers since 2013. “He had this pattern where he would not only scam people but also falsely accuse people of scamming,” she said. His lawyer declined to comment on Ms. Nixon’s findings.
A user linked to Mr. Clark’s online accounts once described himself as “a full time crypto trader dropout” and said cryptocurrency was “pretty much my entire life.”
In an unrelated investigation, authorities searched Mr. Clark’s residence last August, seizing his computers and freezing approximately 300 bitcoin, or $3.4 million at Monday’s rates, in digital currency, according to Mr. Weisbrod, who declined to comment on the nature of the investigation. Mr. Clark paid 100 bitcoin to authorities to resolve the matter with no admission of wrongdoing, Mr. Weisbrod said.
At the center of the Twitter hack was an online forum known as OGUsers.com. Since its launch in 2017, OGUsers has emerged as a marketplace where members buy and sell software, cheat codes for videogames and an unusual but highly coveted online asset—cool-sounding and hard-to-obtain usernames on gaming and social-media services.
An example would be a one-letter account, or an account such as @6, the kind of account that could only have been registered by an early user of the service—an “OG,” a slang term for “original gangster.” Some of these OG accounts are inactive, but others are stolen from active users.
Barack Obama's Twitter page after it was hacked on July 15.
Photo: Twitter/Associated PressThe site describes itself as “a community driven digital marketplace that connects buyers and sellers from all around.” OGUsers didn’t immediately respond to a request for comment.
In mid-July, a longtime middleman on the site for buying and selling who used the handle “lol” reached out to Mr. Sheppard, who lives with his mother in the British coastal town of Bognor Regis, according to an interview Mr. Sheppard conducted with The Wall Street Journal just days after the hack. He didn’t respond to messages seeking comment in recent days.
Both were trusted brokers on the site for buying and selling user accounts on various platforms, according to charging documents and Mr. Sheppard’s account of the incident.
Someone named “Kirk” on OGUsers was claiming to work for Twitter and said he could help sell control of Twitter accounts to buyers, “lol” told Mr. Sheppard.
Investigators say that “Kirk” was Mr. Clark.
After “Kirk” gave a demonstration of his ability to gain control over Twitter accounts, Mr. Sheppard and “lol” agreed to act as brokers, Mr. Sheppard said. The group communicated over Discord, a communication platform popular in the gaming community, to connect and discuss plans.
Mr. Sheppard said in the interview with the Journal that he spent the morning of July 15 brokering as many as eight deals between buyers and “Kirk,” with some going for as high as $10,000.
Initially, the account-takeover efforts didn’t revolve around high-profile “verified” usernames or celebrity accounts. They were “rare and original usernames such as @L, @bitch, and @w,” according to court filings.
The first account takeover that Mr. Sheppard brokered was for the Twitter account @anxious, an account that “hadn’t been used in a decade,” he said. @anxious has since been suspended by Twitter.
As the day progressed on July 15, Mr. Clark allegedly escalated the nature of the scam, according to investigators, taking over accounts of people such as Bill Gates and Amazon.com Inc. Chief Executive Jeff Bezos and offering to send people double the funds they sent to a bitcoin account.
When Mr. Sheppard and “lol” realized the gravity of the Twitter hack, they sought out help connecting with reporters to clear their names, Mr. Sheppard said.
Mr. Sheppard now faces up to 45 years in federal prison if convicted on fraud and hacking charges. Mr. Fazeli faces up to five years in prison if convicted, according to the criminal complaint. Mr. Clark faces 30 felony counts.
On OGUsers this week, many commenters poked fun at those involved in the scam, questioning why they used Discord to send text messages that are visible to Discord administrators, as they aren’t fully encrypted.
Many also made jokes questioning how many new OGUsers members were actually FBI agents hunting for evidence.
“Just wondering how many feds are actually here now,” one user wrote on a thread with the subject line “RATIO OF FEDS TO SELLERS?”
—Jenny Strasburg and Jim Oberman contributed to this article.
Write to Robert McMillan at robert.mcmillan@wsj.com and Euirim Choi at euirim.choi@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
"behind" - Google News
August 05, 2020 at 12:50AM
https://ift.tt/3kjdENh
The Teenager Allegedly Behind the Twitter Hack and How He Did It - The Wall Street Journal
"behind" - Google News
https://ift.tt/2YqUhZP
https://ift.tt/2yko4c8
Bagikan Berita Ini
0 Response to "The Teenager Allegedly Behind the Twitter Hack and How He Did It - The Wall Street Journal"
Post a Comment