In July 2020, a Twitter hack caused a stir in the news. The attack was perpetrated by Graham Ivan Clark, an 18-year-old hacker, who managed to access the accounts of influential figures and encourage users to send bitcoins to a specified address in return for a double-your-money scam. The attack was successful and resulted in over 400,000 USD being taken from unsuspecting users.
This incident’s significance lies in the increasing trend of cybercrime over the past few years. Attackers are ever younger, more ruthless, and increasingly fearless of any consequences for their actions. It is therefore of interest to explore why this is the case.
Cybercrime has become a major concern for society. With advancements in technology, criminals have more opportunities to access personal data and steal from victims, making it important for people to understand the risks of online activities and how to protect themselves against these threats. This article will discuss why cybercrime has exponentially increased in the past few years, what types of crimes constitute it, and the cybercrime career of Graham Ivan Clark. It will also explore society’s response (or lack of it) to these threats and the measures that can be taken to prevent falling victim to crime.
Covid 19 and Cybercrime Pandemic:
The COVID-19 pandemic has caused a dramatic shift in the way we live, work and interact with one another. Many countries implemented strict isolationist policies to help prevent the spread of the virus, resulting in many people being confined to their homes and a significant loss of jobs and opportunities. Unfortunately, criminals have taken advantage of this difficult situation, using it as an excuse to try and make ends meet through illicit means.
Prior to the pandemic, research conducted by Crime Science revealed that offline crimes such as break-ins and burglaries were predominant. However, due to the isolationist policies, people have become more digitised and reliant on technology and resulted in crime becoming digitised too. The Entrepreneur reported a 31% increase in cybercrime over the course of the pandemic. This should be cause for alarm, given the fact that our societies are becoming ever more digitalised and reliant on technology.
The digitalisation of our lives has helped to alleviate the spread of the pandemic by limiting real-life contact, but it has also created an entirely new problem. By spending more time on our computers than ever, we are transmitting even more data and sensitive information to online platforms, making us 47% more likely to fall victim to any form of cybercrime. These attacks, which involve a series of botnets programmed to infiltrate a website, can give the attacker access to all the data recorded on the website, including passwords and other sensitive information. These attacks were not uncommon before the pandemic, but they have increased by as much as 167% from 2020-2021, during the height of the pandemic. The danger these breaches pose is that the attacker can use your information to gain access to your entire digital life, allowing them to access many things you consider sensitive, such as banking details, passwords and much more.
The most surprising statistic that has been revealed is that the average age of these cyber-criminals is 17 . This is concerning, as it means that our youth, our future, are misguided. Many of them see no wrongdoings in their actions, and their young age allows them to not be properly held accountable or punished.
Graham Ivan Clark
Graham Ivan Clark’s criminal career began long before the infamous Twitter attack. The then 14-year-old began his exploits in late 2016, when he began to take advantage of the popular multiplayer game, Minecraft. Clark used scams to gain in-game advantages and money and even went as far as flaunting his illegal gains on social media platforms in videos. However, due to the niche nature of the game, his activities went largely unnoticed.
Clark’s activities evolved and took an even darker turn in early 2020, as the lockdown restrictions in the United States began to take their toll. His eagerness to make money and the lack of opportunities led him to begin sim-swapping. Sim-swapping uses stolen data from data breaches to gain victims’ credentials. These are filtered to find users with crypto exchanges & cellular providers linked to their accounts. The attacker logs into the provider & requests a change of sim card, gaining access to the victim’s phone number, which is often used as a security feature in crypto wallets. Graham would personally hand-pick his victims and would browse popular crypto-exchanges social media accounts, to get a list of users as they more likely own cryptos. Once he found a match, it would be as simple as changing the user’s password to gain access to their wallets and empty it out. He would amass over 4 Million USD by doing this. Eventually, Graham was arrested, but as he was 16 at the time, he was not charged and had to forfeit only one out of the four million USD that he had stolen. The reason is that they could only prove his involvement in the first million.
With no consequences, Graham continued with his criminal activities, this time targeting an even bigger target: Twitter. He used a form of psychological manipulation known as social engineering, which is usually perpetrated by calling victims after obtaining their credentials from breached data using a spoofed phone number. This phone number mimics that of an existing one and is used to gain the trust of the victim. With all their sensitive information at the hand of the attacker, it is easy to manipulate the victims and gain access to their login details for example. Graham successfully employed this attack on a Twitter employee, gaining their credentials and access to the back-end of twitter.
He was now 17, and while committing his Twitter attack, he was apprehended a week later, as he mistakenly used a Bitcoin address linked with his real name. This time, Graham had to face the consequences of his actions but was treated as a youthful offender, avoiding the 10-year minimum sentence of an adult. Instead, he received a three-year sentence, which is quite lenient for the severity of the crime he committed.
The story of Graham illustrates the reality that many youths today are engaging in riskier and more violent cybercrime activities. This trend is concerning, as there are currently no effective punishments in place to discourage such criminal behaviour. Social media and a misguided perception of impunity are thought to be major motivating factors for many young criminals. It is essential to address these issues in order to curb the rising tide of cybercrime among youth.
Cybercrime Glamorization: a Growing Issue in the Digital Age
The glamorization of cybercrime is becoming an increasingly serious issue in the digital age. Many people view cyber-criminals as pioneers who make financial gains by going against society, and this view is perpetuated by their flaunting of stolen money on Instagram and in mainstream songs, such as “London Scammer” by Trapz. Young people, especially those naive to the long-term consequences, are being enticed by friends and other users to pursue this lifestyle, not knowing that it involves becoming victims of the crime as well. A common type of crime, the money-mule scam, involves using one’s banking details as an intermediary to acquire stolen funds, with a percentage of the cut going to the mule. However, this can lead to the closure of their bank, destroyed credit ratings, and harsh fines. But usually given the young nature of these mules, they are usually given a simple warning. The average age of cyber-criminals is 17, meaning many do not face consequences for their actions, and these petty crimes may be a stepping stone to bigger crimes. As previously seen in the case of Graham, who went from petty crimes of stealing in-game items to attacking Twitter. It is clear that social media’s glamorization of cybercrime has a detrimental effect on young people; however, the main problem is that these youngsters are not properly dealt with at the early stages of their crimes. Causing many to be fully indulged in the lifestyle and it is a real concern that needs to be addressed.
Exploring the Lack of Consequence for Underage Cyber-Criminals
It has happened countless times in many countries, where many youngsters can get away with or are pardoned for their cyber crimes. A high-profile example of this was the hacking and leaking of the long-awaited video game Grand Theft Auto 6. The main conspirator, like Graham, used social engineering to gain access to confidential data. Once again, like Graham, the attacker had a lengthy record of cyber-related crimes and never faced consequences as he too was under 18 when committing them.
The last high-profile example is that of RaidForum. RaidForums was created as a community forum for teens to go on and facilitate non-harmful ‘raids’ on live streamers. These raids were where users of the forum would go on live streams and engage in messing with the streamers to get a laugh out of it. The creator was a then 14-year-old Diogo, but the dynamic of his site quickly turned into hosting a variety of illegal activities, including the sale of stolen credit card information, malware, and breached databases. Diogo masterminded this and helped facilitate the transactions of these illegal goods by acting as a middleman. This caught the FBI’s attention, and Diogo received a formal warning from them but was let go without punishment. However, he did not stop there and continued the illicit activities, even starting to sell the goods himself. The FBI closely monitored the situation, and by the time he turned 18 and enough evidence of his acts had been gathered, they were finally able to put an end to his activities. He is currently awaiting extradition from the UK and may face up to 12 years in prison.
Lastly, a case that happened in the Netherlands saw criminals steal over 100,000 euros through sim swaps. Two arrests were made, but a 17-year-old involved was let go and only punished with 50 hours of community service, despite masterminding the attacks and having prior convictions.
These cases provided above show that in every instance, the criminals who were under the age of 18 at the time were not punished nor properly held accountable for their actions. Clearly, these criminals learned nothing and continued their acts until their age caught up with them. So, how should these criminals be treated, and why are many repeat offenders?
Exploring Solutions to Cybercrime Laws Against Teenagers
Cybercrime laws against teenagers are becoming increasingly important. In the United States, cybercrime laws are enforced by both federal and state governments. However, these laws are typically not applied to teenagers as they are not considered legally responsible for their actions in the same way that adults are. Many cyber-crimes laws are designed to punish those who commit malicious acts with the intent to cause harm or financial loss. Teenagers are not typically seen as having the same level of malicious intent as adults, and as such, are not held to the same standard.
More so, the last aforementioned case in the Netherlands can give us an insight into why many teens do not get punished and become repeat offenders. In the Netherlands, as with many other countries, there is a struggle to punish offenders. They think it is in the best interest to re-educate the culprits, rather than put them in prison. But also, they deem it the responsibility of the victims to press charges before the authorities can intervene. These young criminals are deemed to be ignorant and unaware of their actions by authorities, meaning that repeat offences are not uncommon. Legal action is only enforced when it is reported by the victims, which in many cases is not done.
So this shows that the lack of jurisdiction against these teens means that many will, unfortunately, keep on committing their crimes.
It is clear that the current system of punishment for cybercrimes is inadequate, and that more needs to be done to ensure that young perpetrators are held accountable for their actions. By increasing awareness of the consequences of cyber-crimes, and by providing more resources to law enforcement to investigate and prosecute these crimes, we can hold those criminals responsible for their actions. In many instances, it is easy to say that these minors are unaware of their actions, but if they cannot get punished, who is to blame instead? Should the parents of the kids be punished for their actions as it is an indirect result of their upbringing? Or should laws be changed to tackle these specific problems?
Some solutions (these are of course subject to disagreement, but this author thinks these are the best) could be:
First, it’s important for parents and guardians to be aware of the dangers of the internet and talk to their children about online safety. This includes educating them about the risks associated with cybercrime and the consequences of engaging in illegal activities. Also, given unrestricted access to computers, many youngsters can get exposed to the wrong material. While I believe everyone should have the right of privacy, those who have a history or are showing signs of mal-intent when using technology, there should be some form of restriction or monitoring involved.
Second, it’s important to have laws in place that are tailored towards youthful offenders. This includes specific penalties related to cybercrime that are more appropriate for minors, such as probation and community service. Although, these should be tailored per crime, as cyber-crimes can come in many forms, one being more harmful than the other. We should remove the belief that you can get away with slap-off-the-wrist stealing millions of dollars since you were young.
Third, it’s important to have some sort of cybercrime awareness programs in your education. These can be used to help people identify and avoid cybercrime threats. Finally, it’s important to ensure that any punishments handed down to youngsters are appropriate and specific to their case. As we have seen, criminals like Graham started off with petty crimes but quickly transitioned into more harmful ones. It is therefore appropriate to properly punish them early on, so that they do learn from their mistakes. As many cases previously have shown, young people do not. Although young offenders should not be punished as adults, their actions must not be taken with a grain of salt. The crimes they are committing are serious in nature, and therefore should be treated as such.
How we can stay safe in the meantime:
So, before any change can happen, society needs to be vigilant. One should practise what is known as Operations Security (OPSEC). OPSEC is a term to describe risk management, and this applied to our digitalised lives is to closely monitor what we are publishing online, and regularly change passwords and other sensitive information. It is a good rule of thumb to change your passwords every 6 months or so, given the frequency of data being leaked from breaches. Ensure that you use a different, strong password for each of your most sensitive logins. But this should be paired together with another means of authentication, namely Two Factor Authorization (2FA). This should be done through a system-based authenticator app, which will generate a time-based key only on that system. These are safer than using your phone number as a 2FA, given the threat of sim swaps. The Google Authenticator app, known as G-Auth, is available for downloading from both the Play and App Stores, providing a secure authentication process.
A tool that is useful for everyone to use is https://haveibeenpwned.com, a site where you can see whether your email and other account details have appeared in a data breach. Given the frequency of breaches, the likelihood is high, therefore it is good to practise the points mentioned above.
Fascinating article. I suppose the ever-rising cybercrime activity is in a way a consequence of the rapid global digitalization, further escalated by the recent COVID-19 pandemic and lockdowns. The question now, will the instances of cybercrime keep rising or will the authorities find a way to minimize these numbers ?