Many people thought it was some advanced cyber warfare or the work of a Russian hacker group, but in reality, it was a poor kid from Florida—Graham Ivan Clark, only 17 at the time, with just a laptop and a phone, who used social engineering to completely rewrite the history of internet security.
他没有破解代码,反而破解了人性。这才是最可怕的地方。 He didn't crack codes; instead, he cracked human nature. That is the most terrifying part.
2020年中期的那个晚上,推特上的大V账户集体沦陷了。 On that night in mid-2020, the big influencer accounts on Twitter were collectively compromised. 埃隆·马斯克、奥巴马、贝索斯、苹果官方账号——全都发出同一条信息:'转我1000美元比特币,我给你2000美元回来'。 Elon Musk, Obama, Bezos, Apple’s official accounts—all posted the same message: "Send me 1,000 dollars in Bitcoin, and I will send you back 2,000 dollars." 看起来像个蹩脚的笑话,但那些推文是真的。在短短几小时内,超过11万美元的比特币流入了黑客的钱包。 It looked like a lame joke, but those tweets were real. In just a few hours, over $110,000 worth of Bitcoin flowed into the hacker’s wallet. 推特被迫全球锁定所有认证账号,这在历史上还是第一次。 Twitter was forced to lock all verified accounts worldwide, a first in history.
Graham Ivan Clark是怎么做到的?他根本没有什么高超的黑客技术。 How did Graham Ivan Clark do it? He didn’t have any advanced hacking skills. 他用的是最古老的武器——欺骗和心理操纵。 He used the oldest weapons—deception and psychological manipulation. 他打电话给推特员工,冒充内部技术支持,骗他们重置登录凭证。 He called Twitter employees, impersonating internal tech support, tricking them into resetting login credentials. 员工们一个接一个地上当了。最后,这两个十几岁的孩子竟然获得了推特内部的'上帝模式'账户权限,可以随意重置平台上任何账号的密码。 One employee after another fell for it. In the end, these two teenagers gained access to Twitter’s internal "God mode" account privileges, allowing them to reset any account password on the platform at will.
有意思的是,这个人的成长过程就像一部黑暗的教科书。 Interestingly, his growth process is like a dark textbook. 他从小在坦帕长大,家庭破裂,没钱没前景。 He grew up in Tampa, with a broken family, no money, no prospects. 别的孩子玩我的世界,他在游戏里跑诈骗——骗朋友买虚拟物品,收钱就消失。 While other kids played Minecraft, he ran scams in games—cheating friends out of virtual items, then disappearing with the money. 后来他加入了一个臭名昭著的黑客论坛,学会了SIM卡交换这一招——只需要几通电话就能骗电信员工把别人的手机号控制权交给你。 Later, he joined a notorious hacking forum and learned the trick of SIM swapping—just a few phone calls to trick telecom employees into handing over control of someone’s phone number. 一旦掌控了别人的手机号,你就能进入他们的邮箱、加密钱包,甚至银行账户。 Once you control someone’s phone number, you can access their email, encrypted wallets, and even bank accounts.
他的受害者里有些是吹嘘自己有多少加密资产的投资人。 Some of his victims were investors bragging about how much crypto assets they had. 有个叫格雷格·本内特的风险投资家,一觉醒来发现自己丢了超过100万美元的比特币。 A venture capitalist named Greg Bennett woke up to find he had lost over a million dollars worth of Bitcoin. 黑客甚至给他发了威胁信息:'要么付钱,要么我们来找你的家人'。 The hacker even sent him threatening messages: "Pay up, or we’ll come after your family."
这就是Graham Ivan Clark真实的样子——一个被权力和金钱腐蚀的孩子,最后连自己的黑客伙伴都敢欺骗。 This is the real Graham Ivan Clark— a kid corrupted by power and money, who even dared to deceive his own hacker partners in the end. 那些伙伴找上门来,有人甚至被枪杀了。 Some of those partners came after him, and some were even shot. 他逃脱了,又一次逃脱了。 He escaped—again and again.
2019年警察突击搜查他的公寓时,发现了400个比特币,当时价值接近400万美元。 In 2019, when police raided his apartment, they found 400 Bitcoins, worth nearly 4 million dollars at the time. 他退回了100万美元'结案',然后因为是未成年人,剩下的钱他法律上可以保留。 He returned $1 million as "settlement," and because he was a minor, he could legally keep the rest. 他打败了系统一次,所以他相信自己能再打败一次。 He defeated the system once, so he believed he could beat it again.
最讽刺的是,现在Graham Ivan Clark已经出狱了。 The most ironic thing is, Graham Ivan Clark is now out of prison. 他自由了,有钱了,基本上不可触及。 He’s free, wealthy, and virtually untouchable. 他黑进推特的时候,推特还是推特。 When he hacked Twitter, it was still Twitter. 现在推特变成了X,每天都充斥着各种加密诈骗——正好是当年让Graham发家致富的那种把戏。 Now Twitter has become X, filled daily with various crypto scams—just the kind of tricks that made Graham rich back then. 同样的骗术,同样的心理学原理,依然在骗倒数百万人。 Same scams, same psychological principles, still fooling millions.
这个故事最值得学的不是技术细节,而是一个警告。 The most valuable lesson from this story isn’t about technical details, but a warning. 社会工程学之所以有效,不是因为系统有多复杂,而是因为人类太容易被操纵。 Social engineering works not because systems are complex, but because humans are too easily manipulated. 恐惧、贪心和信任——这些才是最大的漏洞。 Fear, greed, and trust—these are the biggest vulnerabilities. 真正的黑客不是破坏系统,而是欺骗运营系统的人。 A true hacker isn’t someone who destroys systems, but someone who deceives those who operate them. Graham Ivan Clark证明了这一点。 Graham Ivan Clark proved this.
刚看到一个很值得深思的故事,关于那个震撼硅谷的Twitter黑客事件。
Many people thought it was some advanced cyber warfare or the work of a Russian hacker group, but in reality, it was a poor kid from Florida—Graham Ivan Clark, only 17 at the time, with just a laptop and a phone, who used social engineering to completely rewrite the history of internet security.
他没有破解代码,反而破解了人性。这才是最可怕的地方。
He didn't crack codes; instead, he cracked human nature. That is the most terrifying part.
2020年中期的那个晚上,推特上的大V账户集体沦陷了。
On that night in mid-2020, the big influencer accounts on Twitter were collectively compromised.
埃隆·马斯克、奥巴马、贝索斯、苹果官方账号——全都发出同一条信息:'转我1000美元比特币,我给你2000美元回来'。
Elon Musk, Obama, Bezos, Apple’s official accounts—all posted the same message: "Send me 1,000 dollars in Bitcoin, and I will send you back 2,000 dollars."
看起来像个蹩脚的笑话,但那些推文是真的。在短短几小时内,超过11万美元的比特币流入了黑客的钱包。
It looked like a lame joke, but those tweets were real. In just a few hours, over $110,000 worth of Bitcoin flowed into the hacker’s wallet.
推特被迫全球锁定所有认证账号,这在历史上还是第一次。
Twitter was forced to lock all verified accounts worldwide, a first in history.
Graham Ivan Clark是怎么做到的?他根本没有什么高超的黑客技术。
How did Graham Ivan Clark do it? He didn’t have any advanced hacking skills.
他用的是最古老的武器——欺骗和心理操纵。
He used the oldest weapons—deception and psychological manipulation.
他打电话给推特员工,冒充内部技术支持,骗他们重置登录凭证。
He called Twitter employees, impersonating internal tech support, tricking them into resetting login credentials.
员工们一个接一个地上当了。最后,这两个十几岁的孩子竟然获得了推特内部的'上帝模式'账户权限,可以随意重置平台上任何账号的密码。
One employee after another fell for it. In the end, these two teenagers gained access to Twitter’s internal "God mode" account privileges, allowing them to reset any account password on the platform at will.
有意思的是,这个人的成长过程就像一部黑暗的教科书。
Interestingly, his growth process is like a dark textbook.
他从小在坦帕长大,家庭破裂,没钱没前景。
He grew up in Tampa, with a broken family, no money, no prospects.
别的孩子玩我的世界,他在游戏里跑诈骗——骗朋友买虚拟物品,收钱就消失。
While other kids played Minecraft, he ran scams in games—cheating friends out of virtual items, then disappearing with the money.
后来他加入了一个臭名昭著的黑客论坛,学会了SIM卡交换这一招——只需要几通电话就能骗电信员工把别人的手机号控制权交给你。
Later, he joined a notorious hacking forum and learned the trick of SIM swapping—just a few phone calls to trick telecom employees into handing over control of someone’s phone number.
一旦掌控了别人的手机号,你就能进入他们的邮箱、加密钱包,甚至银行账户。
Once you control someone’s phone number, you can access their email, encrypted wallets, and even bank accounts.
他的受害者里有些是吹嘘自己有多少加密资产的投资人。
Some of his victims were investors bragging about how much crypto assets they had.
有个叫格雷格·本内特的风险投资家,一觉醒来发现自己丢了超过100万美元的比特币。
A venture capitalist named Greg Bennett woke up to find he had lost over a million dollars worth of Bitcoin.
黑客甚至给他发了威胁信息:'要么付钱,要么我们来找你的家人'。
The hacker even sent him threatening messages: "Pay up, or we’ll come after your family."
这就是Graham Ivan Clark真实的样子——一个被权力和金钱腐蚀的孩子,最后连自己的黑客伙伴都敢欺骗。
This is the real Graham Ivan Clark— a kid corrupted by power and money, who even dared to deceive his own hacker partners in the end.
那些伙伴找上门来,有人甚至被枪杀了。
Some of those partners came after him, and some were even shot.
他逃脱了,又一次逃脱了。
He escaped—again and again.
2019年警察突击搜查他的公寓时,发现了400个比特币,当时价值接近400万美元。
In 2019, when police raided his apartment, they found 400 Bitcoins, worth nearly 4 million dollars at the time.
他退回了100万美元'结案',然后因为是未成年人,剩下的钱他法律上可以保留。
He returned $1 million as "settlement," and because he was a minor, he could legally keep the rest.
他打败了系统一次,所以他相信自己能再打败一次。
He defeated the system once, so he believed he could beat it again.
最讽刺的是,现在Graham Ivan Clark已经出狱了。
The most ironic thing is, Graham Ivan Clark is now out of prison.
他自由了,有钱了,基本上不可触及。
He’s free, wealthy, and virtually untouchable.
他黑进推特的时候,推特还是推特。
When he hacked Twitter, it was still Twitter.
现在推特变成了X,每天都充斥着各种加密诈骗——正好是当年让Graham发家致富的那种把戏。
Now Twitter has become X, filled daily with various crypto scams—just the kind of tricks that made Graham rich back then.
同样的骗术,同样的心理学原理,依然在骗倒数百万人。
Same scams, same psychological principles, still fooling millions.
这个故事最值得学的不是技术细节,而是一个警告。
The most valuable lesson from this story isn’t about technical details, but a warning.
社会工程学之所以有效,不是因为系统有多复杂,而是因为人类太容易被操纵。
Social engineering works not because systems are complex, but because humans are too easily manipulated.
恐惧、贪心和信任——这些才是最大的漏洞。
Fear, greed, and trust—these are the biggest vulnerabilities.
真正的黑客不是破坏系统,而是欺骗运营系统的人。
A true hacker isn’t someone who destroys systems, but someone who deceives those who operate them.
Graham Ivan Clark证明了这一点。
Graham Ivan Clark proved this.