Suspected Twitter Hacker Arrested In Florida

Florida resident Graham Clark was arrested Friday morning, according to Florida news channel WFLA. State Attorney Andrew Warren filed 30 felony charges, including organized fraud, communications fraud, fraudulent use of personal information and access to computer or electronic devices without authority, WFLA reported.

Warren intends to try Clark as an adult; Florida law allows minors to be charged as adults in some financial fraud cases.

The Twitter hack compromised the accounts of top cryptocurrency exchanges, and prominent crypto twitter accounts (including CoinDesk), before moving onto mainstream accounts such as Elon Musk, Warren Buffet, Kanye West, Joe Biden, and former President Barack Obama. 

Overall 130 accounts were compromised according to Twitter. 

The accounts all tweeted a bitcoin scam, promising to double senders bitcoin if they sent them to a specific address. It only netted the hackers about $120,000. The hack went on for hours, highlighted extensive security breaches, and led to Twitter CEO Jack Dorsey being called to testify in front of Congress. 

In a tweet Friday, Twitter said, “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses.”

The FBI, IRS, Secret Service, Florida law enforcement and the U.S. Attorney’s Office for the Northern District of California assisted in the investigation, according to Warren’s press release.

‘Breathtaking impact’

In an effort to stop the hackers, Twitter locked some verified accounts out, stopping them from changing their password, or being able to tweet. CoinDesk was one such account, and we did not regain our ability to tweet again until Thursday, over a week after the hack. With as much access as the hackers seemingly had, security experts were particularly concerned about the security of accounts direct messages. 

The day after the hack, Sen. Ron Wyden (D-Ore.) said he met with Dorsey privately in 2018 and discussed implementing end-to-end encryption of users’ direct messages. Wyden says Dorsey told him at the time that Twitter was working on encrypted DMs, but by 2020, it was clear the company hadn’t delivered. 

“This is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms. If hackers gained access to users’ DMs, this breach could have a breathtaking impact for years to come,” Wyden said in a statement. 

Twitter has previously said that the attackers downloaded account information from eight victims, though none of those victims were verified. 

Reuters also reported that over 1,000 employees and contractors, or nearly a fifth of the company, had access to the tools that were used to access the accounts. 

“We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” Dorsey told investors on a Twitter earnings call in July. 

In a tweet Thursday, Twitter gave further details about how the attack occurred. 

“The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” the company tweeted. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

In the days following the hack, reporting from numerous outlets not only followed the flow of where the money was going, by tracking the bitcoin wallet the funds were sent to, but also started to unwind the story behind the hack. 

Numerous hackers flipped on “Kirk”, as identified by the New York Times, who was selling access to a Twitter admin panel. They allegedly bailed after larger account takeovers spooked them, given the likelihood that compromising such accounts would attract law enforcement attention. 

Given that the FBI was on the case from the start, as CoinDesk reported, those concerns seem to have played out.