A citizen of the United Kingdom has entered a guilty plea in connection with the July 2020 Twitter attack that compromised a large number of high-profile accounts and scammed other users.
Joseph James O’Connor, whose online alias was PlugwalkJoe, was arrested for his role in cyberstalking as well as multiple schemes that involve computer hacking, including the hacking of Twitter in July 2020, according to the announcement made by the United States Department of Justice (DoJ).
After the Department of Justice (DoJ) requested O’Connor’s extradition from Spain in February, the Spanish National Court granted the request on April 26. O’Connor faces 14 criminal accusations in the United States.
On July 15, 2020, O’Connor and his accomplices carried out a huge breach in which they gained control of 130 Twitter accounts, including those of Barack Obama, Bill Gates, and Elon Musk, and used them to conduct a cryptocurrency scam that generated $120,000 in a matter of hours.
The accounts were compromised, and, in some cases, the attackers even sold the credentials to other people since they had gained unauthorized access to Twitter’s backend tools using social engineering. It has been rumored that O’Connor paid $10,000 to gain unauthorized access to a single Twitter account.
O’Connor is one of four people arrested and accused of being responsible for the Twitter hack. O’Connor was captured by Spanish authorities in the town of Estepona a year later, in July 2022. At the same time, Nima Fazeli and Graham Ivan Clark were detained.
Joe Tidy of the BBC reports that Mason Sheppard remains at large. After pleading guilty in March 2021 to 30 felony offenses, Clark was given a three-year prison sentence.
The defendant has been charged with internet stalking of a minor, as well as computer intrusions relating to the takeover of TikTok and Snapchat user accounts.
To do this, they staged SIM swap attacks on two nameless victims to acquire unauthorized access to their Snapchat and TikTok accounts and then called the police on a third victim, falsely reporting that he was “making threats to shoot people.”
A SIM swap occurs when a fraudster poses as a victim to a telecommunications provider in order to port the target’s mobile number to a SIM card under the fraudster’s control. This allows the fraudster to redirect the victim’s calls and texts to a malicious unapproved device under the fraudster’s control.
The criminals then take advantage of call- or SMS-based two-factor authentication to gain access to the victim’s bank accounts and other services registered to the mobile phone number.
Between March and May of 2019, O’Connor and his accomplices are suspected of using SIM-swapping techniques to steal cryptocurrency worth $794,000 from a New York City-based crypto firm.
The DoJ claims that “after stealing and fraudulently diverting the stolen cryptocurrency,” O’Connor and his co-conspirators “laundered” the funds through many transfers and transactions, eventually trading some of it for Bitcoin through online cryptocurrency exchanges.
Some of the stolen cryptocurrency ended up in an exchange account that O’Connor managed. O’Connor’s sentencing is set for June 23, and he has already agreed to forfeit nearly $794,000 in stolen funds. The maximum sentence for all crimes is almost 70 years in prison.
A UK citizen extradited to the US last month admitted to a variety of cyber crimes, including the 2020 Twitter hack, one of the biggest in social media history that compromised celebrities and politicians like former US “President Barack Obama” and “Microsoft’s Bill Gates”. On April 26, 2023, Spain extradited 23-year-old PlugwalkJoe. He is accused of accessing 130 Twitter accounts and compromising the Snapchat account of an unidentified prominent figure, threatening to disclose sexual photos of them. O’Connor and unknown co-conspirators used Twitter’s administrative capabilities to hijack multiple celebrity and corporate accounts in 2020.
They then promoted a $120,000 Bitcoin fraud using the hacked accounts. Court filings indicate that PlugwalkJoe and his accomplices used SIM swapping to acquire access to three bitcoin exchange executives between March and May 2019. They stole $784,000 in cryptocurrencies from several company accounts and computer systems. Twitter scammer Joseph James O’Connor was charged with three others. In 2021, US teenager Graham Ivan Clark, the hack’s “mastermind,” pled guilty. Nima Fazeli (aka Rolex) of Orlando, Florida, and Mason Sheppard (as Chaewon) of Bognor Regis, UK, were also charged with federal offences.