05
Aug 20

Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.

17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office.

The incident occurred at a bond hearing held via the videoconferencing service Zoom by the Hillsborough County, Fla. criminal court in the case of Graham Clark. The 17-year-old from Tampa was arrested earlier this month on suspicion of social engineering his way into Twitter’s internal computer systems and tweeting out a bitcoin scam through the accounts of high-profile Twitter users.

Notice of the hearing was available via public records filed with the Florida state attorney’s office. The notice specified the Zoom meeting time and ID number, essentially allowing anyone to participate in the proceeding.

Even before the hearing officially began it was clear that the event would likely be “zoom bombed.” That’s because while participants were muted by default, they were free to unmute their microphones and transmit their own video streams to the channel.

Sure enough, less than a minute had passed before one attendee not party to the case interrupted a discussion between Clark’s attorney and the judge by streaming a live video of himself adjusting his face mask. Just a few minutes later, someone began interjecting loud music.

It became clear that presiding Judge Christopher C. Nash was personally in charge of administering the video hearing when, after roughly 15 seconds worth of random chatter interrupted the prosecution’s response, Nash told participants he was removing the troublemakers as quickly as he could.

Judge Nash, visibly annoyed immediately after one of the many disruptions to today’s hearing.

What transpired a minute later was almost inevitable given the permissive settings of this particular Zoom conference call: Someone streamed a graphic video clip from Pornhub for approximately 15 seconds before Judge Nash abruptly terminated the broadcast.

With the ongoing pestilence that is the COVID-19 pandemic, the nation’s state and federal courts have largely been forced to conduct proceedings remotely via videoconferencing services. While Zoom and others do offer settings that can prevent participants from injecting their own audio and video into the stream unless invited to do so, those settings evidently were not enabled in today’s meeting.

At issue before the court today was a defense motion to modify the amount of the defendant’s bond, which has been set at $750,000. The prosecution had argued that Clark should be required to show that any funds used toward securing that bond were gained lawfully, and were not merely the proceeds from his alleged participation in the Twitter bitcoin scam or some other form of cybercrime.

Florida State Attorney Andrew Warren’s reaction as a Pornhub clip began streaming to everyone in today’s Zoom proceeding.

Mr. Clark’s attorneys disagreed, and spent most of the uninterrupted time in today’s hearing explaining why their client could safely be released under a much smaller bond and close supervision restrictions.

On Sunday, The New York Times published an in-depth look into Clark’s wayward path from a small-time cheater and hustler in online games like Minecraft to big-boy schemes involving SIM swapping, a form of fraud that involves social engineering employees at mobile phone companies to gain control over a target’s phone number and any financial, email and social media accounts associated with that number.

According to The Times, Clark was suspected of being involved in a 2019 SIM swapping incident which led to the theft of 164 bitcoins from Gregg Bennett, a tech investor in the Seattle area. That theft would have been worth around $856,000 at the time; these days 164 bitcoins is worth approximately $1.8 million.

The Times said that soon after the theft, Bennett received an extortion note signed by Scrim, one of the hacker handles alleged to have been used by Clark. From that story:

“We just want the remainder of the funds in the Bittrex,” Scrim wrote, referring to the Bitcoin exchange from which the coins had been taken. “We are always one step ahead and this is your easiest option.”

In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents. A few weeks later, Mr. Bennett received a letter from the Secret Service saying they had recovered 100 of his Bitcoins, citing the same code that was assigned to the coins seized from Mr. Clark.

Florida prosecutor Darrell Dirks was in the middle of explaining to the judge that investigators are still in the process of discovering the extent of Clark’s alleged illegal hacking activities since the Secret Service returned the 100 bitcoin when the porn clip was injected into the Zoom conference.

Ultimately, Judge Nash decided to keep the bond amount as is, but to remove the condition that Clark prove the source of the funds.

Clark has been charged with 30 felony counts and is being tried as an adult. Federal prosecutors also have charged two other young men suspected of playing roles in the Twitter hack, including a 22-year-old from Orlando, Fla. and a 19-year-old from the United Kingdom.

Tags: , , , , ,

51 comments

  1. DelilahTheSober

    This is awesome, and exactly the kind of behavior that hackers and their supporters should be engaging in.

  2. Yeah. It’s just another day in Florida.

  3. Seems the judge went soft on him regarding bail. As you and Times article point out there are still 64 unaccounted bitcoins from his last known theft.

    To allow any funds (without sourcing) to be posted seems totally irresponsible – esp after being made to look foolish running his Zoom proceeding (thanks for the great screen shots Brian!)

    Although, as is typical in many similar cases the perp spends illegal proceeds wildly (per the Times: own apt, gem-encrusted Rolex, new BMW, etc.). to go from that last caper, into this current one indicates his total disdain for authority and any legal ramifications.

    It’s time for a long vacation; I’m not gonna hold my breath…

  4. bail is overused in the US. the judge can set a reasonable bail and put on internet use restrictions.

    • Brian Fiori (AKA The Dean)

      While I agree bail tends to be overused (and the amount often exceeds what is reasonable) I don’t agree in this case. Has “restricting Internet use” EVER worked? How can they do it?

      All he’d need is a burn phone to bypass that restriction. In case after case I read about these scumbags being on “restricted Internet use” they typically continue to engage in their illegal activities.

    • The US Justice system itself is a huge joke. Extremely long sentences and high bails. $750k for this guy? Most countries would of let him out pending trial for nothing, This is ridiculous and an embarassment that we have such barbaric sentencing in the justice system

      • SomeoneFromTheEU

        Well, on the other side there’s justice systems like the ones in Western Europe where prisons are basically all-inclusive summer camps and sentences are so short that they probably don’t deter anyone from committing a crime.
        I am from Western Europe and very jealous of the US justice system because it doesn’t treat criminals like precious little snowflakes. The EU has a lot to learn from the US justice system, especially in the cybercrime and white-collar crime area.

        • Western Europe also has less crime compared to the US (per capita). Maybe it speaks more to the efficacy of long prison sentences as a deterrence or prevention of crime.

          In some countries totalitarian and democratic alike, there is a philosophy of “tough on crime” that just isn’t based on reality.

          Many western European countries do not subscribe to this particular philosophy of criminal justice.

        • @SomeoneFromTheEU

          The purpose of improsonment should not be to force inmates to live under inhumane conditions, such as the prisons in the US, on top of getting their future life ruined completely for having done a criminal act earlier in their life. When an inmate gets out of a US prison, one of his only available career paths is to go back to crime.

          This is why the western european system is better. It allows inmates who have served their sentence to start over, without having caused them psychological damage from inhumane living conditions.

          Imprisonment should not be about making life unlivable for those who have commited a crime (such as in the US) – it should be about restricting their freedom by taking away (isloating) years of their life to prevent the same from happening again.

          This way inmates are rehabilitated a way better way than what happens in US prisons.

      • Yes Jake, and the US criminal justice system is also misandrist, as well as racist. There is a disproportionate number of males in prison compared to their percentage of the total population. Defacto proof, of sexism in the form of misandry. Causation follows from Correlation. I’m sure you’d agree with the “logic” of that argument.

        So if he had embezzled the same amount from a company or bank, should he also be allowed free prior to trial? No possibility of a flight risk? If he tried to hide out in the US, having a bail bondsman invested to ensure his court appearances has worked for over 100 years.
        http://www.americanbailcoalition.com/pdf_files/PublicvsPrivate.pdf/

    • Bail as a trap?

      If you want to find more stolen money, maybe it is wise to let the criminal go off on a leash, so they can pull some money, and then add to the indictment.

      Smart not to require the defendant to “prove the source of the funds” beforehand. That way they feel safe digging into their secret stash. Nothing stopping them from investigating the source of funds AFTER.

  5. This is precisely what happens when you bypass competent IT and go the route of DIY. Shadow IT, i.e. employees of an organization doing their own IT thing, is one of the biggest security risks in the industry, and the wherewithal to stop it has to come from the top of the organization structure down. A judge should not be trying to do an IT function and administer a hearing at the same time…

    • Brian Fiori (AKA The Dean)

      The level of incompetence this demonstrates is almost unfathomable IMO. But then again, it is Florida! Truthfully though, I could see this happening just about anywhere. Goverment (and business) systems are just so out of touch with IT safety.

      • I see security from another perspective. Minnesota has spent millions and millions of taxpayer dollars on IT over the past decade, yet security breaches have still occurred. Repeatedly. (Keep in mind, most businesses do not have the seemingly unlimited resources ($$) that the state has.)
        Security IT salespeople know that the best tool in their sales kit is the ‘fear factor’.
        We recently simplified our motor vehicle registration policies so that IT could understand them. (Too bad it took ten years for IT to admit they just didn”t get it. )
        I would rather we had trained our own people (people who do understand our policies) than continuing to hand out mega dollars to independent IT companies who have no desire to understand government (or business) policy.
        It is not an either- or situation. It will take a combined effort, and much more education.
        One more thought. We do not leave our courthouses and other document storage facilities open 24/7, for good reason. When they are open to the public we have real time security guards in place. They recognize odd and unusual behavior, such as a thief attempting to walk out with a file cabinet full of data. How many IT companies train or provide real- time security guards? Boring job, I would think, but necessary all the same.

  6. Hy-larious!
    Is there a resource with kindergarten-level instructions for how to properly run a Zoom meeting to avoid the easily avoidable? I’m asking for a friend, honest.

    • Geez, right?! Truth!

    • I know you jest, but there are folks who should know this. They can look here for specific information on securing zoom meetings:
      https://zoom.us/security

      Zoom has actually made a decent effort in the last 6 months, including the acquisition of Keybase and a 90-day Security Plan they launched in late March or April. More details here: https://blog.zoom.us/category/company-news/security-privacy/

      I am interested in this because I am forced to use Zoom regularly and I am a Keybase user.

    • “Is there a resource with kindergarten-level instructions for how to properly run a Zoom meeting to avoid the easily avoidable?”

      Exactly. And this is the same level of government incompetence and inefficiency so many “more government can fix everything” fools trust to provide them with important services. I guess the main attraction for them is that the money to provide those services is stolen from others.

  7. The Sunshine State

    This young kid ruined his whole life over B.S.

    • Nah, he just got a huge paying infosec job out of this, career is set for life once time is served.

      • Nah… there wasn’t a whole lot transferable in cybersecurity. Mostly social engineering. It’s not like he found an exploit in the code. He leveraged the known exploits in human beings and the process.

        Look at Mitnick. One of the most famous of the people/process hackers. Not really employable, and not just because of a criminal record. He’s not gonna be a good fit in cybersecurity offensive or defensive.

        This mythos of convicted hackers being employed and paid lots of money when they get out… is really BS. It has a view notable exceptions, that prove the rule, that the vast majority are not gonna get hired for much of anything special.

        • That’s not completely true, social engineering skills are relevant to phishing simulations and security awareness training which many companies use to enhance their own employees’ security knowledge. In Mitnick’s case, this applies to his current role as Chief Hacking Officer for KnowBe4

          Citation: https://www.knowbe4.com/products/who-is-kevin-mitnick/

      • jimmy smith jr

        There’s no evidence of this kid actually knowning infosec, sim swapping and social engineering a twitter employee aren’t really hacking. He could maybe get away with being a security consultant but with this kid’s rap sheet nobody will trust him.

  8. I can’t help it, I think that is some funny stuff. It’s going to be hell to pay for that “mastermind” 17 year old, but damn that’s funny.

  9. Brian, you should have made the two images a gif. Something like this ==> https://imgur.com/a/M7wbQQa

  10. I can’t read the NY Times article (paywall) but from elsewhere I see he’s also allegedly involved in a deadly home invasion and multiple swatting incidents.

    No matter what, at only 17, after a short prison sentence, I imagine we will hear about him again. He’s got plenty of time to commit more crimes.

    It’s sad to think that at 17 he’s already a total loser.

    • Agree, but now this scum bags victims all know who and where he is.
      It was a short life for a fool and his greed.

    • Nah, he just got a huge paying infosec job out of this, career is set for life once time is served, the path they all take

      • That is wishful thinking by hackers.
        The vast majority of them can’t get a job on the Geek Squad. Companies can’t trust them with access. Especially the non-technical “hackers” who got famous because they compromised an insider. Social engineers are worse off, since they won’t even be trusted during the interview.

        If he were someone who wrote a lot of exploits, maybe. But script kiddies get caught, don’t expect people to hire them just because they used social engineering.

  11. Desparaging someone because they are seventeen? Or a county it system that’s not set up properly? Or a court system, thats public, for allowing the public in? Or someone who ideas lead to problems. Or someone, a victim, that had trusted the system to keep his finances safe. How is the news supposed to be able to report about a case, if they are not invited to a stream? An archived stream. But, an archived stream .may be edited, unknown to others, missing evidence and proper procedures. Making the bad guy look better then they were.
    Even zoom and other platforms for business use may be inaccurate, intruded upon, and misused. When that occurs, look at the consequences, the people will be denied further news. Or, you will have to prove yourself, to gain entry for news. Even just to lurk, in real time, a shame. The ” police” would have to identify themselves also?
    Good article Brian.

  12. So who’s fundamentally at fault for this preposterous lack of any sort of semblance of security, both at Twitter for enabling this hack and at Zoom for adding insult to injury? I thought the brightest minds that gave us all this tech were… well, the brightest minds. Instead we appear to have dim bulbs doing the design and the coding, while the salespeople peddling their stuff have absolutely no idea as to what exactly they are pushing.

    • Zoom and Twitter are two MASSIVE targets.
      Combine that with the very true philosophy of cybersecurity that no system is 100% secure unless unplugged and thrown into the ocean… and we absolutely should expect these vulnerabilities to be found and exploited in very visible ways.

  13. Absolutely hilarious! I can’t help it! HAHAHA!

    I also can’t help notice the irony of networking mischief and networking crime on trial. It just doesn’t get any better than this. LOL! 😀

  14. I can’t stop laughing at the facial expressions. Thanks for the laugh Brian.

  15. These are not, “mischief makers.” These are hard core criminals intent on anarchic levels of disruption of the economy, and outright theft and destruction of other people’s property. In this instance they criminally disrupted the operation of a court hearing. This is not graffiti on public buildings. This is disrupting the operation of the judicial system, which in any purely physical court system would, and should, have resulted in immediate physical arrest. This is Roger Stone level interference in the lawful operation of society itself. All the babble on here about it somehow being the courts fault it could not protect itself from the miscreants, all of whom should be jailed for this activity, is enabling that very activity. Downplaying the seriousness of such activity enables more of it. A metaphor would be blaming the court for not having enough weaponry to hold off an assault by more heavily armed attackers, or BK for being a victim of a DOS or a Swatting, not, “kids will be kids.” Nothing, at all, to laugh about here. There are many millions of victims suffering serious consequences of the activities of these criminals. That needs a serious, not an amused, response from what is left of a responsible, honest, segment of society. We need to work, and pay, seriously to combat this criminality, or we will deserve the results – chaos on the world wide web and many millions more victims of damage and theft. All you smug smirkers on here, trust this – if they can get Twitter, and serious anti-hacker sites, including BKs, they will come for, and get, you, too.

    • Don’t worry David – we know the consequences of this criminal activity – some of us have been victims ourselves. I’m no body’s chump – but sometimes you just have to laugh about it and go on with the grim details later. Life is short enough as it is.

    • This friend speaks my words. Thank you.

    • Courts should be aware of how to employ basic security practices in their zoom meetings. If they were aware, this wouldn’t have happened. Simple as that. Responsibility is on them, 100%.

  16. #Graham Clark i do not know you but if you will become my teacher not only my life in your life will be postive impact i know you younger than me but knowledge is always bigger
    as my birthday gift #fan I will be your Diamond in coal mine

  17. Interesting the judge did not have better training on Zoom from the IT department. Would really not want to be that person right now.

  18. Justice system has become a barbaric garbage disposal system created to be efficient not just and to ensure high standard lifestyle for judges, prosecutors while entertaining the barbaric revengeful primitive impulse of low iq population. Really sick to see crowds asking for harsh sentences for these cyber deeds. Long sentences has become a form of entertainment similar to killing captured soldiers turned gladiators in ancient Rome.

    • It’s easy to say prisons are terrible institutions, it’s hard to find a way to do without the concept entirely.

      So you have a credible alternate deterrent? Let’s hear it.

  19. If you read the story on nyt, he appears to be a simple thief / con man, who sells or agrees to buy things and then does not give them up or pay. He’s takes advantage of peoples trust and then expoits it for his own benefit. Even the twitter accounts were done this way.
    That is a con man. He comes from a broken home with an absent father and either hasn’t been taught right from wrong or seemingly doesn’t seem to care. He is either a narcissist who doesnt care what happens to others or a sociopath who enjoys the agony he is causing to others.

  20. Florida State Attorney Andrew Warren’s reaction shot is a riot.

  21. These people are evil. They don’t even think about the global crisis that we are facing right now.