On July 15, 2020, Elon Musk tweeted: “Send me $1,000 worth of Bitcoin and I’ll give you $2,000 back. This offer is only valid for 30 minutes".
The tweet included a Bitcoin wallet number. The tweet looked like a scam, but it was published on Elon Musk's official verified account. Similar tweets appeared on other popular accounts such as Apple, Uber, Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Kanye West, and other famous people with millions of followers. When
it became clear that this was the largest hack in Twitter history, the company suspended all known verified accounts until they figured out what happened. No one expected that a 17-year-old teenager would be responsible for the hack. After looking into his background, it turned out that he was a fraudster and an experienced hacker who had been working in this field since he was 13, and had stolen millions of dollars. In addition, he was involved in drug trafficking and murder. How did a teenager manage to do all this and how did he manage to hack one of the largest platforms?
We are talking about a teenager named Graham Ivan Clark, who lived in Tampa, Florida. He attended Gaither High School. At that time, Graham attracted the attention of his classmates with his appearance, he wore expensive clothes, watches and accessories. Where did the teenager get so much money? If he was from a rich family, then why did he study at a public school? His wealth contributed to the fact that many of his peers wanted to be friends with him, which he took advantage of by asking them to do his homework, help him cheat on exams and the like. In return, he invited them to dinner and bought them everything they needed. It was a mutually beneficial relationship, and therefore no one asked where he got the money from, and he himself did not like to talk about it. Even if someone tried to talk about this topic, he immediately dodged the question. Many knew that his family was ordinary or below average, so where did the teenager get so much money?
It all started when he was 13 years old. His parents divorced, his father left them and moved to another place. Graham lived with his mother, who could barely support him. She was always busy at work, so he became interested in the world of the Internet, online games. Graham spent a lot of time in Minecraft. As you know, Minecraft is a game with many servers, where each group of people can create their own server. In parallel, they can meet and make friends. As in any other place, there is a chance to meet bad people who are trying to take advantage of others and rob them. And it was in Minecraft that Graham got into the world of Internet fraud.
Graham operated under the nickname "Open". He had a Twitter account and a YouTube channel of the same name. He had subscribers who loved him. Using his apparent cuteness, Graham attracted subscribers, deceived them by selling things in the game, and after transferring money, did not give the buyer what he bought. He also sold capes for Minecraft characters, which cost hundreds of dollars, and disappeared immediately after receiving the money. Taking advantage of the trust of his subscribers, Graham made a lot of money from this scam as a teenager.
Graham proudly talked about what he was doing, and as a result, his bad reputation began to spread widely among his subscribers and the gaming community. As a result, some YouTubers began uploading expose videos to warn people about the scam. For example, this YouTuber uploaded a video exposing “Open” by saying that he was a scammer and mentioned stories of subscribers who were scammed. Because of this video and many other videos, Graham was banned from many Minecraft servers, but “Open” got his revenge on this YouTuber.
Graham hacked a YouTuber. He hacked his email, his YouTube channel, and all of his accounts. We don’t know if Graham hacked the YouTuber himself or hired a hacker, but he most likely hired a hacker because the young talent didn’t have the skills to hack at the time. But he had money from scamming. He used accounts to scam his subscribers by impersonating him on social media. He literally tarnished his reputation. Graham didn’t just scam his subscribers or Minecraft users, he also scammed designers, video editors, and programmers. He hired them, but after the job was done, he didn’t pay them. The guy had been living the life of a scammer since he was a teenager. And that was just the beginning.
His real start in the hacking world was on forums and a website called OG Users. This online forum was for buying and selling “rare” online accounts that were considered valuable because of their name, similar to a marketplace where people sold accounts for various sites. For example, if someone searched for a specific name on Twitter, they could find it there. Although the site advertised itself as a legitimate place, all the people offering usernames for sale on it were actually hackers. They hacked accounts and sold them. Usernames on the site were worth thousands of dollars. During this time, Graham transitioned from a scammer to a hacker.
The most common method he used to hack accounts is a method called SIM swapping, which basically means that the hacker takes over the SIM card of his victim. As you know, most accounts are linked to a phone number for security purposes, as the user can only access their account after entering a confirmation code that they receive in a message. This is called two-step verification. The hacker somehow contacts the telecommunications company, poses as their customer, and gains access to the number. In this way, the hacker takes over the number and becomes its owner, and they gain access to all of their victim’s accounts, including email, bank accounts, and even cryptocurrency wallets.
So how did teenager Graham get someone else’s number? It can happen in a number of ways. For example, he can call another branch of the company and pretend to be an employee of another branch of the same company. The hacker introduces himself to the employee and says that he received a report from him about a technical problem and gives the report number to seem more credible. Of course, it’s all fake. The employee then says that he didn’t see anything and doesn’t know anything. The hacker then gives him a link to a website that looks just like the real company’s website and asks him to log in with his account to check the report. Once the employee enters his username and password, he gets a page that looks like the real thing, which says that the problem has been solved.
The hacker on the other side thanks him and says that everything is fine now, and the employee hangs up, unaware that the hacker has accessed his accounts. He can then change his target’s number to his SIM card from the company’s own system.
After this, the victim will find out that his SIM card has been blocked. He can no longer access his accounts, all the passwords have been changed, and he will not be able to reset them because he has lost his phone number. This is just one of several methods used by hackers. If this does not work, they try another employee or another department of the company.
This is literally social hacking, not technical. The hacker is trying to trick people more than find vulnerabilities in software. At first, Graham used this trick to get Twitter accounts with special names and sell them to OG Users. His goal was only to get Twitter accounts, but he soon realized that if he could get someone’s phone number, he would also get access to their email. If he could get access to their email, that would mean he could get access to their bank account. The problem was that it is not so easy to withdraw money from a bank without a trace. But there is another type of currency - cryptocurrency. The real treasure is the people who have huge amounts of Bitcoin and cryptocurrency. From that moment on, Graham began to hunt exactly such people.
In reality, he is far from the only one who has done this. There have been and are many such attacks, in which a hacker somehow gets hold of a person’s phone number, goes into their Bitcoin wallet and steals all their money. The owner of the wallet can do nothing about it. For this reason, we often hear about such thefts, which amount to millions – amounts that even bank robbers could not get. It would be easier if the thief could get access to a Bitcoin wallet. Graham started his journey when he was 15 years old. First, he started selling usernames on OG Users, and through this site he met many hackers who had mastered this method, and began to learn from them. They even formed a small community. Most of them bragged about their wealth, posting on social networks all the things they bought – luxury cars, expensive watches, clothes and shoes worth thousands of dollars.
At first, Graham earned thousands of dollars from this work. Then he started making hundreds of thousands and gradually started making millions. Over time, he began to carefully select his targets. First, he went on Twitter, searched for cryptocurrency platforms and looked for followers who seemed to have a huge fortune in bitcoins and cryptocurrencies. Most of these people brag about their wealth on social media and use their real personal information, which makes them easy prey for hackers. Once he has identified a potential target, Graham performs an operation called “doxing” them - revealing identifying information about a person online, such as their real name, home address, place of work, phone number, email and other personal information.
They got all this information from sites that sell personal data that the user submits to several sites. This process does not require experience; many ordinary people can use these resources. Graham used this information to carry out the card swap operation we wrote about earlier. He calls the telecom company, somehow convinces them that he is the owner of the SIM card, and then takes possession of it. This man, Greg Bennett, a venture capitalist, was one of Graham's victims.
On April 15, 2019, Greg was working in his office and his phone was lying on the table. He was holding the phone in his hands when suddenly the network signal disappeared. He was surprised: his office was in an urban area with excellent, constant network coverage. How could the network suddenly disappear? He tried to log in to his email but couldn’t. He entered the password several times but each time it was incorrect. Soon, the phone was disconnected. Greg was horrified. When he tried to check his crypto accounts, he stored his bitcoins on three different platforms but none of the accounts gave him access. Then he realized that he was hacked and the worst thing was that he could do nothing about it.
After that, he remembered that he had an app that directly gets all the data from the crypto accounts and collects it in one place so that he can see the transactions made on his account through this app. He opened the app and saw bitcoin transactions from his account to another account. The hacker was actually transferring bitcoins to his own account. It would later turn out that Graham was the one who hacked Greg’s accounts and stole his bitcoins, which at one point were worth a million dollars. This was not the entire amount in Greg’s accounts; Graham withdrew as much as he could because these platforms set a daily limit on how much you can withdraw from any account.
That same day, Greg contacted the phone company and managed to recover his phone number, which he used to immediately freeze all of his crypto accounts. Of course, Greg would not be able to return the amounts that Graham withdrew, since the funds had already been withdrawn to other accounts.
Graham was a little greedy. He wanted to take back the bitcoins left in Greg’s wallet that he could not get because of the daily withdrawal limit. Graham got into one of Greg’s emails again and contacted him through the same email. He sent him a threatening message, writing in the text: “If you want to restore all of your accounts and avoid any persecution, transfer us 50 bitcoins.” At that time, 50 bitcoins were worth $250,000. They even threatened to harm his friends and family, saying that if he wanted everything to end well, he had to give them the rest of the bitcoins. There was no limit to their impudence, they stole a million dollars from him and they still wanted more.
The funniest thing is that Greg’s email was used by the hackers to communicate with each other. Apparently, Graham carried out this operation together with two other accomplices and, as usual, cheated them by not giving them his share of the loot. They were unable to contact him directly, so the hackers were forced to contact him through Greg’s email. In one of the letters, they wrote: “Either you give us our share, which is 66%, or you go to jail.” They threatened to expose him and report him to the police.
This was nothing new for Graham, he had been scamming people since he was a kid playing Minecraft. But this time he was scamming people who were just as dishonest as he was, which created a big problem for him. These people held a grudge against him and sometimes tried to harm him. This is the testimony of one of Graham’s friends and acquaintances who were around him at the time, whose identities are not revealed, but they were very close. After finding out his family’s personal details, they constantly harassed him. Someone sent people to Graham’s house to scare him or even rob him at one point.
Graham got into not only the world of fraud and hacking, but also the world of drugs. He sold weed and drug pills. He also made some bad friends in the world of illegal substances. One day in late 2019, Graham was involved in a shootout that ended with the murder of one of his friends. In fact, it all happened like this: Graham and two of his friends, who were the same age, went to the house of a drug dealer with a gun. The reason for the visit is not specified, but apparently, there was a conflict between them over a debt, money, or something similar. Graham
stayed in the car, and his two friends broke into the house of the drug dealer, who also had a gun. As soon as he saw Graham's two friends in his house, he shot them. One of them died instantly, and the second was seriously injured. As for Graham, he immediately left the area in a car after hearing the sounds of gunshots. Then the police arrived and began investigating the incident. They questioned the wounded boy, who told them about Graham. The police brought Graham in for questioning, and he admitted that he was indeed with them, but he stayed in the car and had no idea what they were going to do. All he knew was that his friends had asked him to give them a ride to the house, and when he heard the gunshots, he got scared and ran away. He completely denied any involvement in the incident. Investigators saw inconsistencies between Graham's words and the evidence they had, but in the end, all they could prove was that he was in the car during the incident, which was not enough to convict him.
After the incident, the principal of Graham's school said that the students involved in the shooting would no longer be allowed to attend school. That was the end of Graham's schooling. After that, he moved out of his mother's house and bought his own apartment. However, the authorities kept an eye on him and continued to investigate.
Graham was one of those teenagers who would brag about their money on social media. Hackers and scammers competed with each other to see who was richer. They bragged about their cars, watches, travels, and parties.
When investigators were investigating Graham, they realized that something was not right, so the prosecutors took over the investigation. Having collected enough evidence against him, they issued a search warrant for his home, broke into it, and arrested him. Detectives managed to confiscate 400 bitcoins, which were worth almost $4 million at the time. Graham was making a lot more money from hacking than anyone could have guessed. They confiscated four million dollars, but during the investigation, they could prove that he had stolen only $1 million. Detectives concluded that the remaining $3 million was also stolen, but they could not prove it. The case remained confusing and lasted for eight months.
Eventually, prosecutors cut a deal with Graham. They offered him to give the authorities $1 million of the confiscated money, and they would return the remaining $3 million to him, and he would not be prosecuted. Graham immediately took the deal and walked away with $3 million that everyone knew was stolen. The difficulty with the case was that Graham was a minor. He was under 18 years old. Under American law, hacking and fraud are federal crimes. Minors are not prosecuted for federal crimes. The law may have to change so that the federal system can accommodate the fact that younger children are getting involved in Internet fraud and crypto scams that actually deserve more serious prosecution and punishment, which federal law does not currently allow.
There were many problems and obstacles that prevented him from being sued as a minor, and this is what allowed Graham to ultimately avoid jail time with $3 million. Do you expect that after all this, Graham would repent and stop hacking and fraudulent activities because he was close to jail time? Of course not. On the contrary, while he was a minor and not prosecuted, Graham thought about committing more and more crimes. The only problem was that he was 17 years old and only eight months away from becoming an adult. He decided that he should use this time as best as possible to commit crimes that were superior to the previous ones before he turned 18 and then would not be prosecuted.
What happened on July 15, 2020, was literally insane. Graham had carried out the largest hack on the internet. He hadn’t hacked any website, but Twitter, one of the largest social media platforms in the world. Suddenly, tweets started pouring in from the biggest Twitter accounts: 130 accounts with millions of followers, including Elon Musk, Bill Gates, Jeff Bezos, Apple, Barack Obama, Joe Biden, Floyd Mayweather, and many more. All of these accounts posted a tweet that basically said that the account owner was giving away money to their followers. Whoever sent Bitcoin would get double the amount. The offer was valid for 30 minutes, and at the end of the tweet was a wallet address that followers could send Bitcoin to.
As soon as you read the tweet, you immediately know it’s a scam, but the problem is that it was posted on accounts belonging to famous people and companies, and all the accounts were verified. This lasted for only a few minutes, and Twitter immediately started banning popular users with verified accounts from posting tweets until they figured out what exactly was going on.
There was a guy named Haseeb Awan, who runs a tech company that specializes in protecting people from hacking, especially SIM swapping. So, there was a connection between him and some hackers. One of them sent him the following message: “Today is going to be fun on Twitter.” Haseeb asked for clarification, and the hacker told him that there was a community that could take over any Twitter account. The hacker belonged to the OGUsers community, a site where social media accounts are put up for sale. Haseeb asked him where he got this information from, and the hacker sent him a message posted on a forum that read, “Buy any Twitter account? For just $2,000 to $3,000, you can get the password for the account.”
The message was posted on a forum by a person named Chaewon. Haseeb tweeted a screenshot of the message to warn people that this was the source of the hack. Ten minutes after the tweet, Haseeb received a private message that said, “Can you please delete your tweet? I don’t want people to think I’m the bad guy here.” Haseeb asked who he was, and he replied, “I’m Chaewon, the one who put the accounts up for sale.”
Chaewon tried to convince Haseeb that he had nothing to do with the hacking operation, that he was just a middleman and didn’t want to be implicated in this crime. Haseeb gave him the journalist’s phone number and told him that he had to tell the journalist the whole story if he wanted to clear his name. Otherwise, he would be arrested.
Sooner or later, Chivon felt he had no choice but to contact the journalist. So he nervously extended his hand to the journalist and told him the whole shocking story. He even revealed his true identity, admitting that he was a young guy, just 19 years old, named Mason, who lived in England.
During the conversation with the journalist, the guy was extremely tense. Mason excitedly told the journalist that he had absolutely nothing to do with the notorious hackers and was just innocently selling accounts. The journalist, surprised and curious, asked where he got these accounts. Mason replied that someone named Kirk had contacted him on Discord. Kirk, he explained, was a Twitter employee and it was he who provided Mason with the accounts.
The journalist asked in confusion: “A Twitter employee?” Mason said that he had not actually asked Kirk directly, but simply assumed that who else could have access to all these accounts if not a Twitter employee. Mason said that Kirk contacted him and asked if he could help sell some accounts. Mason was skeptical that this guy could have access to any Twitter account. In an attempt to reassure Mason, Kirk asked him to give him any username he wanted. Mason was wary and gave him a random name. To his surprise, Kirk handed Mason the account and password a few seconds later. Mason logged in and realized that this guy could actually do what he claimed. Mason agreed to help sell the accounts and posted the ad.
At the time, Mason probably didn’t realize what he was getting himself into, but he definitely realized that the game was bigger than he thought after seeing all the major Twitter accounts post the same tweet. Now the question was: who is Kirk? Of course, we all know the answer now, but at the time, how could they know his true identity and how was he able to carry out such a massive hacking operation?
A few days after Graham was unexpectedly released by the authorities, the deal was done and he received $3 million. The young prodigy, along with another teenager who was two years younger than him, set about his daring plan to carry out this massive operation. This boy was much more skilled in hacking than Graham. The identity and name of the boy are not revealed because he remains a minor to this day. So, Graham worked with this young guy to carry out the largest Twitter hacking operation. It was 2020 and we all remember what happened in the world that year – a devastating pandemic. As a precaution, many large companies switched to a remote work system. Twitter, like other large corporations, made its employees work from home. All Twitter employees were required to log in to their accounts and the company’s system from their personal devices at home. Graham and his friend carefully checked the employee accounts and made a detailed list of each one so they knew their identity.
Then, using the data they had collected, including phone numbers, they began calling the employees and pretending to be from Twitter tech support, claiming that there was a problem with the employee’s account that needed to be fixed. The two guys looked confident and convincingly professional. Eventually, they asked the employee to log into a fake page that looked just like the company’s real website. Unsuspectingly, the employee went to the page and entered their username and password, not realizing that they were actually handing them over to the hackers. Graham and his friend then took the login information, logged into the employee’s account, and checked what permissions the employee had.
Not all Twitter employees have the same level of access. The ability to log into any account and change their email or password are high-level privileges given to specific employees. Graham and his friend logged into Twitter employee accounts one by one, trying to find an employee with the authority to change passwords and emails. The more accounts they logged into, the more authority they found.
Finally, they reached the account of one of Twitter's managers. This person could access any account and change its password and email. Finally, they found a tool that would allow them to take over any Twitter account.
What was truly insane was that the operation was not run by any other organization or group of professional hackers, but by two cheeky teenagers. While the operation was brilliant, the material gain from it was very small. All these guys cared about was getting unique accounts to sell and then scamming bitcoins. While they could have made much more financial gain by using the accounts of large companies that were at their disposal, for example, they could have manipulated the world economy. They could have tweeted that most of Apple’s managers had resigned, which would have caused the company’s stock to immediately fall, and the two guys would have made millions if they had shorted those shares. Moreover, they had access to the private conversations of celebrities. They could have exposed their secrets, blackmailed them, or even sold the information.
The platform was literally in their hands. They could have done some serious damage to the economy and politics, but fortunately they were still kids.
It didn’t last long. Two weeks after the hack, on July 31, 2020, the FBI arrested Graham and his friend. Details of the case were not released. To this day, we do not know how the FBI was able to arrest them. Details of the case, which involves a minor, are not released to protect the teenagers. However, Graham and his friend most likely left a clue - a phone number, an email, an IP address, or maybe someone else reported them.
A few days after Graham's arrest, a meeting was held between his lawyer, the judge, and a group of other secondary lawyers who specialize in such cases. This was the first meeting in which they determined the details of the case. Due to the quarantine, the meeting was held online on the website Zoom. A group of Graham's friends who were with him on this forum introduced themselves as media outlets, newspapers, and TV stations and entered the conversation as journalists, and then began to make fun of the judge and perform songs.
Graham faces a tough trial and the prosecution is planning to try him as an adult because he is just a few months away from turning 18. In court, the prosecution brought 30 felonies against him and he faces up to 210 years in prison.
Graham initially pleaded not guilty to the charges, but after seven months of trial, he agreed to a deal called a plea bargain. The main condition of the deal is that he admits guilt and in exchange, he will be tried as a juvenile, despite the original intent to try him as an adult. In Florida, there is a program called the Young Offenders Program. Under this program, the maximum sentence a judge can impose is six years. Graham was sentenced to six years in exchange for his guilty plea, and most importantly, he will be incarcerated in a juvenile facility. As a result, Graham avoided a very harsh sentence. If he had been an adult, his sentence would have been much harsher.
Source
The tweet included a Bitcoin wallet number. The tweet looked like a scam, but it was published on Elon Musk's official verified account. Similar tweets appeared on other popular accounts such as Apple, Uber, Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Kanye West, and other famous people with millions of followers. When
it became clear that this was the largest hack in Twitter history, the company suspended all known verified accounts until they figured out what happened. No one expected that a 17-year-old teenager would be responsible for the hack. After looking into his background, it turned out that he was a fraudster and an experienced hacker who had been working in this field since he was 13, and had stolen millions of dollars. In addition, he was involved in drug trafficking and murder. How did a teenager manage to do all this and how did he manage to hack one of the largest platforms?
Childhood of a young hacker
We are talking about a teenager named Graham Ivan Clark, who lived in Tampa, Florida. He attended Gaither High School. At that time, Graham attracted the attention of his classmates with his appearance, he wore expensive clothes, watches and accessories. Where did the teenager get so much money? If he was from a rich family, then why did he study at a public school? His wealth contributed to the fact that many of his peers wanted to be friends with him, which he took advantage of by asking them to do his homework, help him cheat on exams and the like. In return, he invited them to dinner and bought them everything they needed. It was a mutually beneficial relationship, and therefore no one asked where he got the money from, and he himself did not like to talk about it. Even if someone tried to talk about this topic, he immediately dodged the question. Many knew that his family was ordinary or below average, so where did the teenager get so much money?
It all started when he was 13 years old. His parents divorced, his father left them and moved to another place. Graham lived with his mother, who could barely support him. She was always busy at work, so he became interested in the world of the Internet, online games. Graham spent a lot of time in Minecraft. As you know, Minecraft is a game with many servers, where each group of people can create their own server. In parallel, they can meet and make friends. As in any other place, there is a chance to meet bad people who are trying to take advantage of others and rob them. And it was in Minecraft that Graham got into the world of Internet fraud.
Graham operated under the nickname "Open". He had a Twitter account and a YouTube channel of the same name. He had subscribers who loved him. Using his apparent cuteness, Graham attracted subscribers, deceived them by selling things in the game, and after transferring money, did not give the buyer what he bought. He also sold capes for Minecraft characters, which cost hundreds of dollars, and disappeared immediately after receiving the money. Taking advantage of the trust of his subscribers, Graham made a lot of money from this scam as a teenager.
Graham proudly talked about what he was doing, and as a result, his bad reputation began to spread widely among his subscribers and the gaming community. As a result, some YouTubers began uploading expose videos to warn people about the scam. For example, this YouTuber uploaded a video exposing “Open” by saying that he was a scammer and mentioned stories of subscribers who were scammed. Because of this video and many other videos, Graham was banned from many Minecraft servers, but “Open” got his revenge on this YouTuber.
Graham hacked a YouTuber. He hacked his email, his YouTube channel, and all of his accounts. We don’t know if Graham hacked the YouTuber himself or hired a hacker, but he most likely hired a hacker because the young talent didn’t have the skills to hack at the time. But he had money from scamming. He used accounts to scam his subscribers by impersonating him on social media. He literally tarnished his reputation. Graham didn’t just scam his subscribers or Minecraft users, he also scammed designers, video editors, and programmers. He hired them, but after the job was done, he didn’t pay them. The guy had been living the life of a scammer since he was a teenager. And that was just the beginning.
OG Users
His real start in the hacking world was on forums and a website called OG Users. This online forum was for buying and selling “rare” online accounts that were considered valuable because of their name, similar to a marketplace where people sold accounts for various sites. For example, if someone searched for a specific name on Twitter, they could find it there. Although the site advertised itself as a legitimate place, all the people offering usernames for sale on it were actually hackers. They hacked accounts and sold them. Usernames on the site were worth thousands of dollars. During this time, Graham transitioned from a scammer to a hacker.
The most common method he used to hack accounts is a method called SIM swapping, which basically means that the hacker takes over the SIM card of his victim. As you know, most accounts are linked to a phone number for security purposes, as the user can only access their account after entering a confirmation code that they receive in a message. This is called two-step verification. The hacker somehow contacts the telecommunications company, poses as their customer, and gains access to the number. In this way, the hacker takes over the number and becomes its owner, and they gain access to all of their victim’s accounts, including email, bank accounts, and even cryptocurrency wallets.
How does hacking happen?
So how did teenager Graham get someone else’s number? It can happen in a number of ways. For example, he can call another branch of the company and pretend to be an employee of another branch of the same company. The hacker introduces himself to the employee and says that he received a report from him about a technical problem and gives the report number to seem more credible. Of course, it’s all fake. The employee then says that he didn’t see anything and doesn’t know anything. The hacker then gives him a link to a website that looks just like the real company’s website and asks him to log in with his account to check the report. Once the employee enters his username and password, he gets a page that looks like the real thing, which says that the problem has been solved.
The hacker on the other side thanks him and says that everything is fine now, and the employee hangs up, unaware that the hacker has accessed his accounts. He can then change his target’s number to his SIM card from the company’s own system.
After this, the victim will find out that his SIM card has been blocked. He can no longer access his accounts, all the passwords have been changed, and he will not be able to reset them because he has lost his phone number. This is just one of several methods used by hackers. If this does not work, they try another employee or another department of the company.
This is literally social hacking, not technical. The hacker is trying to trick people more than find vulnerabilities in software. At first, Graham used this trick to get Twitter accounts with special names and sell them to OG Users. His goal was only to get Twitter accounts, but he soon realized that if he could get someone’s phone number, he would also get access to their email. If he could get access to their email, that would mean he could get access to their bank account. The problem was that it is not so easy to withdraw money from a bank without a trace. But there is another type of currency - cryptocurrency. The real treasure is the people who have huge amounts of Bitcoin and cryptocurrency. From that moment on, Graham began to hunt exactly such people.
In reality, he is far from the only one who has done this. There have been and are many such attacks, in which a hacker somehow gets hold of a person’s phone number, goes into their Bitcoin wallet and steals all their money. The owner of the wallet can do nothing about it. For this reason, we often hear about such thefts, which amount to millions – amounts that even bank robbers could not get. It would be easier if the thief could get access to a Bitcoin wallet. Graham started his journey when he was 15 years old. First, he started selling usernames on OG Users, and through this site he met many hackers who had mastered this method, and began to learn from them. They even formed a small community. Most of them bragged about their wealth, posting on social networks all the things they bought – luxury cars, expensive watches, clothes and shoes worth thousands of dollars.
At first, Graham earned thousands of dollars from this work. Then he started making hundreds of thousands and gradually started making millions. Over time, he began to carefully select his targets. First, he went on Twitter, searched for cryptocurrency platforms and looked for followers who seemed to have a huge fortune in bitcoins and cryptocurrencies. Most of these people brag about their wealth on social media and use their real personal information, which makes them easy prey for hackers. Once he has identified a potential target, Graham performs an operation called “doxing” them - revealing identifying information about a person online, such as their real name, home address, place of work, phone number, email and other personal information.
They got all this information from sites that sell personal data that the user submits to several sites. This process does not require experience; many ordinary people can use these resources. Graham used this information to carry out the card swap operation we wrote about earlier. He calls the telecom company, somehow convinces them that he is the owner of the SIM card, and then takes possession of it. This man, Greg Bennett, a venture capitalist, was one of Graham's victims.
The first major hack
On April 15, 2019, Greg was working in his office and his phone was lying on the table. He was holding the phone in his hands when suddenly the network signal disappeared. He was surprised: his office was in an urban area with excellent, constant network coverage. How could the network suddenly disappear? He tried to log in to his email but couldn’t. He entered the password several times but each time it was incorrect. Soon, the phone was disconnected. Greg was horrified. When he tried to check his crypto accounts, he stored his bitcoins on three different platforms but none of the accounts gave him access. Then he realized that he was hacked and the worst thing was that he could do nothing about it.
After that, he remembered that he had an app that directly gets all the data from the crypto accounts and collects it in one place so that he can see the transactions made on his account through this app. He opened the app and saw bitcoin transactions from his account to another account. The hacker was actually transferring bitcoins to his own account. It would later turn out that Graham was the one who hacked Greg’s accounts and stole his bitcoins, which at one point were worth a million dollars. This was not the entire amount in Greg’s accounts; Graham withdrew as much as he could because these platforms set a daily limit on how much you can withdraw from any account.
That same day, Greg contacted the phone company and managed to recover his phone number, which he used to immediately freeze all of his crypto accounts. Of course, Greg would not be able to return the amounts that Graham withdrew, since the funds had already been withdrawn to other accounts.
Graham was a little greedy. He wanted to take back the bitcoins left in Greg’s wallet that he could not get because of the daily withdrawal limit. Graham got into one of Greg’s emails again and contacted him through the same email. He sent him a threatening message, writing in the text: “If you want to restore all of your accounts and avoid any persecution, transfer us 50 bitcoins.” At that time, 50 bitcoins were worth $250,000. They even threatened to harm his friends and family, saying that if he wanted everything to end well, he had to give them the rest of the bitcoins. There was no limit to their impudence, they stole a million dollars from him and they still wanted more.
The funniest thing is that Greg’s email was used by the hackers to communicate with each other. Apparently, Graham carried out this operation together with two other accomplices and, as usual, cheated them by not giving them his share of the loot. They were unable to contact him directly, so the hackers were forced to contact him through Greg’s email. In one of the letters, they wrote: “Either you give us our share, which is 66%, or you go to jail.” They threatened to expose him and report him to the police.
This was nothing new for Graham, he had been scamming people since he was a kid playing Minecraft. But this time he was scamming people who were just as dishonest as he was, which created a big problem for him. These people held a grudge against him and sometimes tried to harm him. This is the testimony of one of Graham’s friends and acquaintances who were around him at the time, whose identities are not revealed, but they were very close. After finding out his family’s personal details, they constantly harassed him. Someone sent people to Graham’s house to scare him or even rob him at one point.
What could be worse?
Graham got into not only the world of fraud and hacking, but also the world of drugs. He sold weed and drug pills. He also made some bad friends in the world of illegal substances. One day in late 2019, Graham was involved in a shootout that ended with the murder of one of his friends. In fact, it all happened like this: Graham and two of his friends, who were the same age, went to the house of a drug dealer with a gun. The reason for the visit is not specified, but apparently, there was a conflict between them over a debt, money, or something similar. Graham
stayed in the car, and his two friends broke into the house of the drug dealer, who also had a gun. As soon as he saw Graham's two friends in his house, he shot them. One of them died instantly, and the second was seriously injured. As for Graham, he immediately left the area in a car after hearing the sounds of gunshots. Then the police arrived and began investigating the incident. They questioned the wounded boy, who told them about Graham. The police brought Graham in for questioning, and he admitted that he was indeed with them, but he stayed in the car and had no idea what they were going to do. All he knew was that his friends had asked him to give them a ride to the house, and when he heard the gunshots, he got scared and ran away. He completely denied any involvement in the incident. Investigators saw inconsistencies between Graham's words and the evidence they had, but in the end, all they could prove was that he was in the car during the incident, which was not enough to convict him.
After the incident, the principal of Graham's school said that the students involved in the shooting would no longer be allowed to attend school. That was the end of Graham's schooling. After that, he moved out of his mother's house and bought his own apartment. However, the authorities kept an eye on him and continued to investigate.
Graham was one of those teenagers who would brag about their money on social media. Hackers and scammers competed with each other to see who was richer. They bragged about their cars, watches, travels, and parties.
When investigators were investigating Graham, they realized that something was not right, so the prosecutors took over the investigation. Having collected enough evidence against him, they issued a search warrant for his home, broke into it, and arrested him. Detectives managed to confiscate 400 bitcoins, which were worth almost $4 million at the time. Graham was making a lot more money from hacking than anyone could have guessed. They confiscated four million dollars, but during the investigation, they could prove that he had stolen only $1 million. Detectives concluded that the remaining $3 million was also stolen, but they could not prove it. The case remained confusing and lasted for eight months.
Eventually, prosecutors cut a deal with Graham. They offered him to give the authorities $1 million of the confiscated money, and they would return the remaining $3 million to him, and he would not be prosecuted. Graham immediately took the deal and walked away with $3 million that everyone knew was stolen. The difficulty with the case was that Graham was a minor. He was under 18 years old. Under American law, hacking and fraud are federal crimes. Minors are not prosecuted for federal crimes. The law may have to change so that the federal system can accommodate the fact that younger children are getting involved in Internet fraud and crypto scams that actually deserve more serious prosecution and punishment, which federal law does not currently allow.
There were many problems and obstacles that prevented him from being sued as a minor, and this is what allowed Graham to ultimately avoid jail time with $3 million. Do you expect that after all this, Graham would repent and stop hacking and fraudulent activities because he was close to jail time? Of course not. On the contrary, while he was a minor and not prosecuted, Graham thought about committing more and more crimes. The only problem was that he was 17 years old and only eight months away from becoming an adult. He decided that he should use this time as best as possible to commit crimes that were superior to the previous ones before he turned 18 and then would not be prosecuted.
Twitter hack
What happened on July 15, 2020, was literally insane. Graham had carried out the largest hack on the internet. He hadn’t hacked any website, but Twitter, one of the largest social media platforms in the world. Suddenly, tweets started pouring in from the biggest Twitter accounts: 130 accounts with millions of followers, including Elon Musk, Bill Gates, Jeff Bezos, Apple, Barack Obama, Joe Biden, Floyd Mayweather, and many more. All of these accounts posted a tweet that basically said that the account owner was giving away money to their followers. Whoever sent Bitcoin would get double the amount. The offer was valid for 30 minutes, and at the end of the tweet was a wallet address that followers could send Bitcoin to.
As soon as you read the tweet, you immediately know it’s a scam, but the problem is that it was posted on accounts belonging to famous people and companies, and all the accounts were verified. This lasted for only a few minutes, and Twitter immediately started banning popular users with verified accounts from posting tweets until they figured out what exactly was going on.
There was a guy named Haseeb Awan, who runs a tech company that specializes in protecting people from hacking, especially SIM swapping. So, there was a connection between him and some hackers. One of them sent him the following message: “Today is going to be fun on Twitter.” Haseeb asked for clarification, and the hacker told him that there was a community that could take over any Twitter account. The hacker belonged to the OGUsers community, a site where social media accounts are put up for sale. Haseeb asked him where he got this information from, and the hacker sent him a message posted on a forum that read, “Buy any Twitter account? For just $2,000 to $3,000, you can get the password for the account.”
The message was posted on a forum by a person named Chaewon. Haseeb tweeted a screenshot of the message to warn people that this was the source of the hack. Ten minutes after the tweet, Haseeb received a private message that said, “Can you please delete your tweet? I don’t want people to think I’m the bad guy here.” Haseeb asked who he was, and he replied, “I’m Chaewon, the one who put the accounts up for sale.”
Chaewon tried to convince Haseeb that he had nothing to do with the hacking operation, that he was just a middleman and didn’t want to be implicated in this crime. Haseeb gave him the journalist’s phone number and told him that he had to tell the journalist the whole story if he wanted to clear his name. Otherwise, he would be arrested.
Sooner or later, Chivon felt he had no choice but to contact the journalist. So he nervously extended his hand to the journalist and told him the whole shocking story. He even revealed his true identity, admitting that he was a young guy, just 19 years old, named Mason, who lived in England.
During the conversation with the journalist, the guy was extremely tense. Mason excitedly told the journalist that he had absolutely nothing to do with the notorious hackers and was just innocently selling accounts. The journalist, surprised and curious, asked where he got these accounts. Mason replied that someone named Kirk had contacted him on Discord. Kirk, he explained, was a Twitter employee and it was he who provided Mason with the accounts.
The journalist asked in confusion: “A Twitter employee?” Mason said that he had not actually asked Kirk directly, but simply assumed that who else could have access to all these accounts if not a Twitter employee. Mason said that Kirk contacted him and asked if he could help sell some accounts. Mason was skeptical that this guy could have access to any Twitter account. In an attempt to reassure Mason, Kirk asked him to give him any username he wanted. Mason was wary and gave him a random name. To his surprise, Kirk handed Mason the account and password a few seconds later. Mason logged in and realized that this guy could actually do what he claimed. Mason agreed to help sell the accounts and posted the ad.
At the time, Mason probably didn’t realize what he was getting himself into, but he definitely realized that the game was bigger than he thought after seeing all the major Twitter accounts post the same tweet. Now the question was: who is Kirk? Of course, we all know the answer now, but at the time, how could they know his true identity and how was he able to carry out such a massive hacking operation?
A few days after Graham was unexpectedly released by the authorities, the deal was done and he received $3 million. The young prodigy, along with another teenager who was two years younger than him, set about his daring plan to carry out this massive operation. This boy was much more skilled in hacking than Graham. The identity and name of the boy are not revealed because he remains a minor to this day. So, Graham worked with this young guy to carry out the largest Twitter hacking operation. It was 2020 and we all remember what happened in the world that year – a devastating pandemic. As a precaution, many large companies switched to a remote work system. Twitter, like other large corporations, made its employees work from home. All Twitter employees were required to log in to their accounts and the company’s system from their personal devices at home. Graham and his friend carefully checked the employee accounts and made a detailed list of each one so they knew their identity.
Then, using the data they had collected, including phone numbers, they began calling the employees and pretending to be from Twitter tech support, claiming that there was a problem with the employee’s account that needed to be fixed. The two guys looked confident and convincingly professional. Eventually, they asked the employee to log into a fake page that looked just like the company’s real website. Unsuspectingly, the employee went to the page and entered their username and password, not realizing that they were actually handing them over to the hackers. Graham and his friend then took the login information, logged into the employee’s account, and checked what permissions the employee had.
Not all Twitter employees have the same level of access. The ability to log into any account and change their email or password are high-level privileges given to specific employees. Graham and his friend logged into Twitter employee accounts one by one, trying to find an employee with the authority to change passwords and emails. The more accounts they logged into, the more authority they found.
Finally, they reached the account of one of Twitter's managers. This person could access any account and change its password and email. Finally, they found a tool that would allow them to take over any Twitter account.
What was truly insane was that the operation was not run by any other organization or group of professional hackers, but by two cheeky teenagers. While the operation was brilliant, the material gain from it was very small. All these guys cared about was getting unique accounts to sell and then scamming bitcoins. While they could have made much more financial gain by using the accounts of large companies that were at their disposal, for example, they could have manipulated the world economy. They could have tweeted that most of Apple’s managers had resigned, which would have caused the company’s stock to immediately fall, and the two guys would have made millions if they had shorted those shares. Moreover, they had access to the private conversations of celebrities. They could have exposed their secrets, blackmailed them, or even sold the information.
The platform was literally in their hands. They could have done some serious damage to the economy and politics, but fortunately they were still kids.
It didn’t last long. Two weeks after the hack, on July 31, 2020, the FBI arrested Graham and his friend. Details of the case were not released. To this day, we do not know how the FBI was able to arrest them. Details of the case, which involves a minor, are not released to protect the teenagers. However, Graham and his friend most likely left a clue - a phone number, an email, an IP address, or maybe someone else reported them.
A few days after Graham's arrest, a meeting was held between his lawyer, the judge, and a group of other secondary lawyers who specialize in such cases. This was the first meeting in which they determined the details of the case. Due to the quarantine, the meeting was held online on the website Zoom. A group of Graham's friends who were with him on this forum introduced themselves as media outlets, newspapers, and TV stations and entered the conversation as journalists, and then began to make fun of the judge and perform songs.
Court
Graham faces a tough trial and the prosecution is planning to try him as an adult because he is just a few months away from turning 18. In court, the prosecution brought 30 felonies against him and he faces up to 210 years in prison.
Graham initially pleaded not guilty to the charges, but after seven months of trial, he agreed to a deal called a plea bargain. The main condition of the deal is that he admits guilt and in exchange, he will be tried as a juvenile, despite the original intent to try him as an adult. In Florida, there is a program called the Young Offenders Program. Under this program, the maximum sentence a judge can impose is six years. Graham was sentenced to six years in exchange for his guilty plea, and most importantly, he will be incarcerated in a juvenile facility. As a result, Graham avoided a very harsh sentence. If he had been an adult, his sentence would have been much harsher.
Source
