03/17/2021 10:12 AM
Clarín.com
Technology
Updated 03/17/2021 10:12 AM
A Florida teenager accused of putting together one of last year's Twitter hacks, the one in which celebrity accounts were used to earn more than
$ 100,000 from a
cryptocurrency
scam
, pleaded guilty Tuesday
in exchange for a sentence of three. years.
Graham Ivan Clark, (now) 18, and two other men used
social engineering
and other techniques to gain access to Twitter's internal systems.
They then used their control to take possession of at least 130 hacked accounts: then-presidential candidate Joe Biden, Tesla founder Elon Musk, pop star Kanye West, and philanthropist and Microsoft founder and former CEO and chairman Bill. Gates, were one of the most relevant figures.
Prosecutors alleged that the defendants caused high-profile accounts, many with millions of followers, to promote
scams that promised to double returns
if people deposited bitcoins into wallets controlled by attackers.
The scheme generated more than $ 117,000 and cybercriminals also took over accounts with short usernames, which are highly sought after in a ring of
criminal hacking
forums
calling themselves OGusers.
Unauthorized access: this is how they entered someone else's accounts.
IStock photo
According to the Tampa Bay Times, Clark agreed to plead guilty in exchange for a three-year prison sentence followed by three years of probation.
The agreement allows Clark to be sentenced as a
"juvenile delinquent,"
a status that allows him to avoid a minimum 10-year sentence that he would have received had he been convicted as an adult.
Clark will serve a sentence in a state prison designated for young adults, and may be a candidate to serve part of his sentence in
a military-style boot camp
.
You will also receive the mandatory minimum if you violate the terms of your probation.
The plea agreement prohibits Clark from using computers without the permission and supervision of the police.
You will have to submit to property searches and give up the passwords for the accounts you control.
The investigation
Biden was also hacked.
Photo DPA
A specialist who worked with the FBI to investigate the Twitter breach said the attack was the result of a thorough investigation by Clark and the other two attackers on Twitter employees.
They started by looking on LinkedIn for Twitter employees who likely had
access to the account holder's tools.
The cybercriminals then used features made available by the work social network to job recruiters to obtain employee cell phone numbers and other private contact information.
The attackers called the employees and used information obtained from LinkedIn and other public sources
to convince them that they were authorized Twitter personnel.
Work-at-home arrangements caused by the COVID-19 pandemic also prevented employees from using normal procedures such as face-to-face contact to verify the identities of callers.
Social engineering
Musk, one of the hacked accounts.
Twitter photo
Trusted by Twitter employees, the attackers directed them to a phishing page that mimicked an
internal Twitter
VPN
.
The attackers then obtained the credentials when employees entered them.
To bypass the two-factor authentication protections that Twitter has, attackers entered credentials into the real Twitter VPN portal within seconds after employees entered their information into the fake one.
Once the employee entered the one-time password,
the attackers entered.
Hackers then took over celebrity accounts and used them to power a cryptocurrency scam.
The attack was significant and raised hundreds of thousands.
AFP photo
"I'm giving back to the community," an account of President Joe Biden soon tweeted.
“All bitcoins sent to the following address will be returned duplicates!
If you send $ 1,000, I will return you $ 2,000.
Just doing this for 30 minutes ... Enjoy!
"Clark attended the courtroom videoconference trial Tuesday from the Hillsborough County Jail, where he has been detained since his arrest.
Mason Sheppard, 19, and Nima Fazeli, 22, are facing federal charges for their alleged role in the Twitter hack and cryptocurrency scam.
Look also
A cybercriminal hacked into the Florida aqueduct and tried to poison the water with caustic soda
