Teen Charged as Ringleader in Massive Twitter Hack

The alleged mastermind behind the biggest hack in Twitter’s history—one that targeted accounts of celebrities and a former president—was barely out of high school.

Graham Clark, a 17-year-old from Orlando, Florida, hijacked 130 Twitter profiles as part of a cryptocurrency scam, according to a complaint filed Friday in the Northern California federal court district in San Francisco.

The U.S. Department of Justice accused Clark of carrying out the scheme with 19-year-old UK resident Mason “Chaewon” Sheppard, 22-year-old Nima “Rolex” Fazeli from Orlando and a third defendant whose name is being withheld because he’s a minor.

Federal officials say Clark pulled it off by convincing a Twitter IT employee that he was a colleague who forgot his login credentials to access the Bay Area-based social media firm’s customer support system.

Accounts that were compromised in the July 15 hack included those of former President Barack Obama, Amazon CEO Jeff Bezos and Tesla’s Elon Musk.

Clark, who only recently graduated high school, now faces 30 felony charges for the scheme, in which he allegedly posted messages from the hacked accounts to lure victims into sending him upward of $100,000 in Bitcoin donations. The feds say the codefendants helped Clark by brokering sales of the hijacked Twitter profiles.

In an interview with NBC, Clark’s mother Emiliya Clark maintained her son’s innocence. “I believe he didn’t do it,” she said. “I’ve spoken to him every day. I’m devastated.”

Twitter thanked the FBI for the swift investigation and promised to improve security measures to “make them even more sophisticated.”

Meanwhile, the social media behemoth is in damage control mode, having to acknowledge the possibility that a 17-year-old kid outsmarted its army of engineers and supposedly state-of-the-art cybersecurity protections.

Federal officials say the defendants managed to beat Twitter’s controls through a tactic called social engineering, which involves impersonation instead of traditional hacking techniques. Cybersecurity experts say the methods alleged are more often used to pilfer credit card info and usernames—but never in such a high-profile way.

Per the federal complaint, the defendants were part of a collective of hackers who billed themselves “OGUsers” and devoted their efforts to bilking, buying and selling accounts with sought-after usernames. In the shadowy world of OGUsers, the shortest social media handles are the most lucrative.

Hackers who commandeer accounts with names such as a single letter or numeral earn bragging rights and the ability to sell them off for the highest profits.

Investigators tracked down Clark and the other defendants partly because of the boasts they posted in online forums, according to the recently filed federal complaint.

“There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence,” U.S. Attorney David A. Anderson said in a news release sent out Friday.

What may seem like fun and games for members of OGUsers can have devastating real-world consequences, Caroline O’Brien Buster, special agent in charge of the U.S. Secret Service Orlando Field Office, warned in the same written announcement. “Our identities and reputations are sacred,” she said. “We will continue to aggressively defend and protect individuals, companies, and other entities from new-age cyber-fraud, especially those who scheme to hack, defraud and wreak havoc on U.S. citizens across the country.”

The charging announcements should make other hackers think twice before winding up in the same position as the defendants, Anderson added.

“Criminal conduct over the internet may feel stealthy to the people who perpetrate it, but there is nothing stealthy about it,” he said. “In particular, I want to say to would-be offenders, break the law, and we will find you.”

Jennifer Wadsworth is the former news editor for San Jose Inside and Metro Silicon Valley. Follow her on Twitter at @jennwadsworth.


  1. Fact #1: The wizards who created Twitter have been revealed to be so lacking in supremacy in their own technology they’ve been bested by Chaewon, Rolex, and a couple of teenage mutant hackers.

    Fact #2: Twitter’s ostensible expertise has in the past led Congress and the American public to accept as credible their identification, and impact assessment, of foreign political operatives.

    Fact #3: Twitter’s policy of acting as unconditional gatekeepers of social, scientific, medical, and political discourse is persuasive evidence of its assumed infallibility.

    What these facts evidence is that Twitter’s structure is not infallible, its technology not invulnerable, its command of its site dubious. In other words, as a media platform Twitter is the equivalent of a loose cannon. Given the frightening potential of state-sponsored hackers, there is no reason to accept the ragtag collection of young hoodlums who embarrassed the company did anything remarkable, especially considering the abilities of the Chinese, Russians, Iranians, and our sometimes allies in Israel.

    Twitter’s sector dominance and financial success has caused its high command to arrogantly confuse its triumph in an extremely narrow endeavor as evidence of its acuity and wisdom in all things. But revealed by this episode is not only Twitter’s internal infallibility, but compelling reason for its leadership (and everyone else) to doubt its qualifications to govern external matters, especially those history has shown to be exasperatingly complex (e.g. human nature, governance, medicine).

    President Trump’s objection to Twitter’s authority (“unchecked power to censor”) and conduct (like an “editor with a viewpoint”) is animated by the site’s blatant bias against him and his political views. Twitter, of course, sees things differently, however, as this episode makes clear both its shareholders and the nation would be best served if the company were to stick to the technology it knows, albeit imperfectly.

  2. Correctomundo, PHU TAN ELLI. May I add one other thought? Of course!

    The perps in this case are under U.S. jurisdiction, unlike thousands of foreign “diplomats” operating here.

    Those foreigners tear up traffic tickets with impunity, and they commit felonies (yes, really) with the same disregard for our laws. Numerous physical assaults have been recorded by foreign ‘diplomats’ assaulting American citizens, up to and including murdering them.

    The feds do nothing when our laws are broken by foreign diplomats — which can include a true diplomat’s family and retainers, including chauffeurs, maids, and other household employees.

    So the feds finally nabbed a teenager for squeezing a multi-billionaire out of a bitcoin or two. How many foreign diplomats are doing the same kind of fraud — but doubled and squared?

    And since Twitter enjoys a (bogus) claim that its finger is to the wind on any and all political questions, the least it could do is verify the identity of commenters. The way it does business now, ‘bots post thousands of comments, giving the impression that’s what American opinion is.

    Anyone who uses Twitter as a reference is either gullible, or dissembling. Either way they should be disregarded.

Leave a Reply

Your email address will not be published. Required fields are marked *