TAMPA, Fla. — A plea agreement was reached in the case investigators termed the "Bit-con worldwide hack of Twitter."
On Tuesday, the teen they called the mastermind behind it, Graham Clark, pled guilty to 30 charges. A judge sentenced him to three years in a juvenile facility and three years probation, during which he has restrictions and supervision of electronic devices. He was sentenced as a youthful offender.
Prosecutors said the status is one the state offers once in someone’s life. Clark will serve his time incarcerated at a juvenile facility, and if he qualifies to the "boot camp" provision of the law. He will also receive education and transition services.
State Attorney Andrew Warren released a video statement following the hearing.
“In this case we’ve been able to achieve justice, deliver those consequences, while recognizing our goal with any child whenever possible is to hold them accountable and have them learn their lesson without destroying their future,” he said in the video.
Investigators said Clark used hacking and social engineering techniques.
Clark gained access to Twitter’s internal controls when he convinced a Twitter employee he was a coworker in the IT department and gained access to the employee’s credentials, according to investigators.
Then profiles of prominent politicians, celebrities and tech leaders were used to post messages. It included people like Barack Obama, Elon Musk and Bill Gates. The messages directed people to send Bitcoin, promising a return on investment. It garnered more than $100,000 worth of cryptocurrency in a day.
Two others were also charged in federal court.
Since then, Twitter has outlined security steps including improvements to how it detects suspicious behavior.
“There’s nothing magic about it. It’s just psychology applied with criminal intent. But that’s become cybersecurity. That’s become the favorite playpen for cybercriminals, particularly during COVID-19 as we’ve had to learn to live life online. So it’s broadened the definition of cybersecurity,” said Ron Sanders, the staff director of the Florida Center for Cybersecurity.
Sanders said hackers prey on people’s fears and hopes, noting they only need one person to fall for a scam. He said the impacts includes the need for local governments to make sure online transparency is cyber secure, and for individuals to stay vigilant, especially when a message seems to good to be true.
“We’re going to have to teach our citizens how to be good citizens in our cyber democracy. It’s not something that comes natural,” he said.
Cyber Florida is partnering with a think tank out of Washington, D.C. to figure out how to teach students and first-time voters how to discern between real information and disinformation or misinformation, Sanders said.
In this case, prosecutors said Clark will face a ten-year minimum in prison if he violates his probation.
Additionally, law enforcement seized all Bitcoin Clark received, which is expected to be returned to its owners.