A Florida teenager who hijacked more than 100 Twitter accounts belonging to top public figures, including Joe Biden, Barack Obama and Bill Gates, as part of a Bitcoin scam last year, has agreed to plead guilty to dozens of charges in exchange for a three-year prison term.
Documents filed in Hillsborough Circuit Court on Monday indicate that 18-year-old Graham Ivan Clark has agreed to enter guilty pleas to 30 criminal counts, including organized fraud, communications fraud, fraudulent use of personal information and accessing a computer without authority.
Under the conditions of the plea agreement, Clark will be sentenced as a youthful offender to three years behind bars on each count, to run concurrently, followed by three years of probation.
Scroll down for video
Florida hacking ‘mastermind’ Graham Ivan Clark (left and right), 18, has pleaded guilty to 30 counts in exchange for a three-year prison term, followed by three years of probation
Clark breached former President Barack Obama’s Twitter account to solicit donations
Tweets from public figures, among them Bill Gates, offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address
Clark agreed to plead guilty Monday in a remote court appearance conducted via Zoom
He will receive credit for time served in jail since his arrest in July 2020, and he may qualify to serve a portion of his prison term at a military-style boot camp.
While on probation, Clark will be prohibited from using any electronic devices without consent and supervision of the Florida Department of Law Enforcement.
He also will be required to provide access to all of his passwords, emails, domain names and apps.
According to the court filing, if Clark violates his probation, he will be sent back to prison to serve the mandatory minimum term of incarceration, which is 10 years, reported WFLA.
During a pre-trial hearing last month, Clark’s defense attorney signaled to the court that his client was considering accepting a plea deal with a ‘youthful offender’ sentencing consideration.
In Florida, defendants under the age of 21 may qualify for youthful offender status. Clark was charged in state court because the state law also allows minors to be prosecuted for financial crimes more easily than in the federal system.
During a pre-trial hearing, Clark’s attorney signaled that his client (pictured in court in August) was considering accepting a plea deal with a ‘youthful offender’ sentencing consideration
Clark was accused of conspiring with Nima Fazeli, 22, of Orlando, Florida, and Mason Sheppard, 19, of Bognor Regis, UK, who were also charged for their alleged roles in the hack in California federal court.
The July 15, 2020, breach, the biggest in Twitter history, compromised the accounts of celebrities including Elon Musk, Kanye West, Amazon CEO Jeff Bezos, Mike Bloomberg, Warren Buffett, Floyd Mayweather and Kim Kardashian.
Messages were posted from the famous accounts telling followers to send Bitcoin payments to email addresses, swindling more than $180,000 out of unsuspecting victims in the process.
Prosecutors say that Clark gained access to Twitter accounts and to the internal controls of Twitter by compromising a Twitter employee, and then used Fazeli and Sheppard as his minions to sell access to accounts.
Mason Sheppard, 19, of Bognor Regis, UK, (pictured) and Nima Fazeli, 22, of Orlando, Florida, were also charged in relation to the hack in California federal court in February
A hacker who identified himself as ‘Kirk’, believed to be Clark, claimed to be a Twitter employee and said he could ‘reset, swap and control any Twitter account at will’ in exchange for cybercurrency payments, according to the papers.
The documents do not specify Kirk’s real identity but say he is a teen being prosecuted in the Tampa area.
Twitter has said the hacker gained access to a company dashboard that manages user accounts by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees ‘to gain access to our internal systems.’
Spear-phishing uses email or other messaging to deceive people into sharing access credentials.
The hack is said to have begun with a message on Discord, a chat platform used by gamers, from user Kirk#5270, who wrote: ‘I work for Twitter. I can claim any name, let me know if you’re trying to work.’
Another user, who went by the names of Ever so anxious#0001 and Chaewon, then lined up buyers for Twitter handles including an offer of $5,000 for the handle @xx.
A third, Rolex#0373, then joined in, offering sought-after account names for $2,500 upwards.
Fazeli is thought to be Rolex, Sheppard is Chaewon.
A total of 130 accounts were targeted in what marked one of the most high-profile security breaches in recent years.
The tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
The fraudulent posts managed to draw in more than $180,000 worth of Bitcoin before Twitter shut it down by deleting the posts and shutting off access for broad swaths of users.
Twitter confirmed that 130 accounts were breached, including 45 where passwords and logins were reset and tweets sent.
Personal data was also downloaded from eight unverified accounts.
A report in October from the New York Department of Financial Services slammed Twitter for security lapses that allowed teenagers to breach the service in a relatively ‘simple’ attack.
‘That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,’ said Linda Lacewell, the financial services superintendent.
Twitter has acknowledged that some employees were duped into sharing account credentials prior to the hack.