A UK citizen has pleaded guilty in connection with a Twitter attack in July 2020 that affected a number of high-profile accounts and defrauded other users of the platform.
Joseph James O’Connor also went by an online alias plug walk jawacknowledged “his role in multiple schemes involving cyberstalking and computer hacking, including the July 2020 hack of Twitter,” the U.S. Department of Justice (DoJ) said.
The 23-year-old individual was extradited from Spain on April 26 after a Spanish national court in February approved the DoJ’s request to extradite O’Connor to face 14 criminal charges in the United States.
In a massive hack on July 15, 2020, O’Connor and his co-conspirators seized control of 130 Twitter accounts, including those belonging to Barack Obama, Bill Gates and Elon Musk, to carry out cryptocurrency fraud. Did. $120,000 in a few hours.
The attack used social engineering techniques to gain unauthorized access to backend tools used by Twitter, then used that entry point to take control of accounts and in some cases sell access to others. made possible by doing O’Connor himself allegedly bought one of his unauthorized access to his Twitter account for $10,000.
O’Connor is one of four people charged with hacking Twitter. Nima Fazeli and Graham Ivan Clarke were arrested the same month, and O’Connor was arrested a year later in July 2021 by Spanish authorities in the town of Estepona.
According to the BBC, Mason Shepard Joe Tidy, not arrested. Clark was sentenced to three years in prison after pleading guilty to his 30 felony charges in March 2021.
In addition to the Twitter case, the defendants have been charged with computer intrusion in connection with the hijacking of TikTok and Snapchat user accounts, as well as online stalking of a juvenile victim.
This involved orchestrating SIM-swapping attacks against two unnamed victims to gain unauthorized access to their respective Snapchat and TikTok accounts, and making false emergency calls to law enforcement about a third victim. and the party “threatens to shoot people.”
SIM swapping occurs when scammers impersonate a victim and contact a telecommunications service provider to transfer the victim’s mobile phone number to a SIM card under their control. As a result, the victim’s calls and messages are routed to a malicious, unauthorized device controlled by the attacker.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
Malicious actors then typically take control of the victim’s mobile phone number and leverage call- or SMS-based two-factor authentication to take over bank accounts and other services held by the victim.
O’Connor and his co-conspirators are also accused of using SIM swapping techniques to siphon $794,000 of cryptocurrency from a New York City-based crypto firm between March and May 2019.
“After stealing and illicitly diverting stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions, using cryptocurrency exchange services to convert some of it into Bitcoin. ,” the Department of Justice said.
“Ultimately, some of the stolen cryptocurrency was deposited into an O’Connor-controlled cryptocurrency exchange account.”
O’Connor, who agreed to forfeit approximately $794,000 in stolen funds, is scheduled to be sentenced on June 23. In total, the charges carry him to more than 70 years in prison.
