A British national has pleaded guilty in connection with the July 2020 Twitter attacks that affected many high-profile accounts and deceived other users of the platform.
Joseph James O’Connor, who also uses an online alias PlugwalkJoeacknowledged its “role in cyberstalking and various schemes involving computer hacking, including the July 2020 Twitter hack,” the US Department of Justice (DoJ) said.
The 23-year-old individual was extradited from Spain on April 26 after the Spanish National Court, in February, Approved the DoJ’s request to hand O’Connor over to face 14 criminal charges in the US
The massive hack, which occurred on July 15, 2020, involved O’Connor and his associates who controlled 130 Twitter accounts, including those of Barack Obama, Bill Gates, and Elon Musk, to carry out cryptocurrency fraud that netted them. $120,000 in a few hours.
The attack was made possible by using social engineering techniques to gain unauthorized access to backend tools used by Twitter, and then leveraging those entry points to take control of accounts and, in some cases, sell access to others. O’Connor himself is said to have purchased unauthorized access to one Twitter account for $10,000.
O’Connor is one of four people accused of hacking Twitter. Nima Fazeli and Graham Ivan Clark were arrested the same month, while O’Connor was arrested by Spanish authorities in the city of Estepona a year later in July 2021.
Mason Sheppard, according to the BBC Joe neat, has not been caught. Clark was sentenced to three years in prison after he pleaded guilty to 30 felony counts in March 2021.
In addition to the Twitter incident, the defendant was charged with computer disorder related to the takeover of TikTok and Snapchat user accounts, as well as online stalking of the teenage victim.
This entailed setting up a SIM-swap attack against two unnamed victims to gain illegal access to their Snapchat and TikTok accounts, as well as making fake emergency calls to law enforcement about a third victim, claiming that the party was “making threats to shoot people.”
SIM exchange happen when the fraudster contacts a telecommunication service provider under the guise of the victim to transfer the target’s mobile number to a SIM card they control, resulting in the victim’s calls and messages being diverted to an unauthorized malicious device controlled by the threat actor.
The criminals then typically use control of the victim’s cell phone number to take over bank accounts and other services owned by the victim registered to the mobile number by utilizing call- or SMS-based two-factor authentication.
O’Connor and his co-conspirators have also been accused of using a SIM-swapping technique to siphon up to $794,000 worth of cryptocurrency from a New York City-based crypto firm between March and May 2019.
“After stealing and fraudulently transferring the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services,” the DoJ said.
“Eventually, some of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor.”
O’Connor, who has agreed to forfeit approximately $794,000 in the stolen funds, is scheduled to be sentenced on June 23. The charges carry a total maximum penalty of just over 70 years in prison.