While it sometimes seems like hackers live somewhere mysteriously above the law, they can get caught. One of the most noteworthy hackers of 2020 was caught for his sprawling Bitcoin hacking scheme on Twitter.
And now he’s paying the price.
Hacker Breaches Elon Musk, Bill Gates, and Other Celebrities’ Twitter Accounts
Last summer, we saw one of the most visible hacks of all-time. Some of the most famous people in the world were hacked in a comically wide-ranging Bitcoin scam.
People like Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, Joe Biden, Kanye West, and Michael Bloomberg were infiltrated via Twitter. Even companies like Apple, Coinbase, and Uber were attacked.
The hacker, 17-year-old Graham Ivan Clark, breached each of their accounts and tweeted about a Bitcoin scam. The scam basically promised to send back double the Bitcoin amount that a user sends to his address.
How did the hacker pull this off? According to Twitter, he breached a small number of the company’s employee accounts. With that extra level of access, he could bypass extra security features likely present on such high-profile accounts.
Clark accessed the employee accounts through a spear-phishing technique that targeted specific people. By posing as an employee from Twitter’s information technology department, he was able to trick them into handing over their credentials.
Clark made off with over $117,000 in stolen Bitcoin, but it clearly wasn’t worth the price he would eventually pay.
Graham Ivan Clark Is Sentenced to Three Years
Clark was caught less than a month after his attacks by Florida police. Yesterday, he pleaded guilty to state charges.
According to The Tampa Bay Times, the hacker was sentenced to three years in prison and three years of probation. And he was lucky to get that.
That was the maximum sentence he could receive as a ‘youthful offender.’ If he were 18 at the time of the attacks, he would’ve received a minimum sentence of ten years. He will serve his sentence in a state prison for young adults. And if he violates his probation, he will serve the mandatory minimum, which he was able to avoid.
Hillsborough State Attorney Andrew Warren noted that other scammers needed to see the consequences of their actions. He stated that he was able to “deliver those consequences” without “destroying” Clark’s future.
As part of his plea agreement, Clark will be banned from using computers unless given permission and supervision from law enforcement. He’s been forced to give up passwords to all of his accounts, and he must submit to random searches of his property.
Two of his hacker cohorts, Nima Fazeli of Orlando and Mason Sheppard of the United Kingdom, were also charged with federal crimes.
How You Can Protect Yourself
While you might not be able to grant anyone access to Elon Musk’s Twitter account, any of us could fall victim to a phishing scam. They’re one of the most common ways that hackers can infiltrate our accounts.
Just like Clark, hackers will often pose as an official representative from whatever platform they’re looking to hack you in. It’s common for them to tell you that you’ve been hacked, and they need to secure your account. This may get you into a panic, which will inhibit your ability to think critically.
From there, they’ll have you click a link that takes you to an official-looking website. That’s when they ask you to type in your log-in credentials. Once you submit them, they may send you to a thank you page, and you’ll still have no idea that you’ve just been hacked.
Luckily, their ‘official-looking’ emails and websites usually have holes in them.
Take the Instagram copyright infringement scam, for example. Hackers sent out emails that looked like they were from Instagram officials saying that a user had violated copyright and their account would be shut down–unless, of course, is they logged in to their account.
The emails look legit at first glance, but upon closer examination, you can see the flaws.
As you see in the screenshot above, this email was sent from someone at “instagram.team.” That seems fishy, no? You’d think that anyone who actually worked for Instagram would have an official “Instagram.com” email address. Once you click ‘verify account,’ you’re sent to a page that lets you appeal the copyright infringement.
But to appeal, you have to log-in to your account. That’s red flag number two. Official platforms almost never ask for your login credentials, but hackers always do. If they do, make sure you double and triple-check the authenticity of the sender.
Also, make sure you enable two-factor authentication. That way, even if someone steals your password, they’ll still need your authentication codes which are usually sent to your phone.
And if you think that you’ve been hacked, reach out to us immediately.
Featured image by Sergey Nivens via Shutterstock.com