The guy who hacked Twitter: “Kirk” and the human factor

It was a 17-year-old hacker who managed to persuade some Twitter employees that he was a collaborator of the technology department who needed the credentials to log into the customer support portal.

Resident of Tampa, Florida, Graham Ivan Clark – known by the pseudonym Kirk – is defined by investigators as a teenager out of the ordinary.


The story

Having obtained the passwords, “Kirk” was able to enter the Twitter computer system.

The intrusion involved access to hundreds of VIP profiles including Barack Obama and Bill Gates, but also Jeff Bezos, Mike Bloomberg, Warren Buffet, Wiz Khalifa, Floyd Mayweather, Elon Musk, and Kanye West.

Kirk’s goal was to publish fake tweets with messages containing requests for bitcoin donations to the followers of the affected accounts, taking advantage of the well-known philanthropic activity of the profile holders

The boy allegedly received 100,000 bitcoins in minutes, via an anonymous Bitcoin profile.

Kirk justified himself by saying that he “decided to give my money back to the community. All Bitcoins that will be sent to this address will be sent back doubled. Up to a maximum of $ 50 million. I am grateful and I want to double all payments sent to my Bitcoin address. If you send a thousand dollars, I will give you 2000. But you have to do it within the next 30 minutes ”.


The fraud

How is it possible that a teenager was able to overcome the defenses of a giant like Twitter?

The security team of the social network said that Kirk’s intrusion took place thanks to a phone phishing. Simply put, “Kirk” pretended to be a Twitter employee on the phone to get access to the profiles he hacked.

The investigation made it clear that “Kirk” had duped several Twitter employees into gaining access to 145 accounts and 36 inboxes.

However, this fact does not appear to be a simple stunt. “Kirk” was the mastermind of a complex and articulated plan of global reach.

He has also recently been involved in other criminal investigations, including a murder case.



Now, Kirk will have to answer about thirty counts of fraud and other related crimes – and despite being a minor he will be tried as an adult.

Let that sink in: a 17-year-old boy hacked Twitter. While Kirk certainly possesses out-of-the-ordinary skills, the fact that he was able to accomplish this has raised concerns about the actual security of Twitter procedures.

What can this case teach us? Kirk evaded Twitter, but he didn’t use technology to do so. He used persuasion.

He exploited a human vulnerability.

The “Human Factor” can weaken the most sophisticated IT infrastructure: to find out more, read our blog that we have dedicated to it.