Image: Brett Jordan / Flickr / CC BY 2.0

British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes

A British man pleaded guilty in New York on Tuesday to his role in the Twitter hack of July 2020, alongside multiple other cyber offenses including stealing cryptocurrency through SIM swapping attacks and cyberstalking a minor.

Joseph James O’Connor, 23, was extradited to the United States from Spain in April. He faces up to 77 years in prison when sentenced on June 23 and will forfeit more than $794,000 as well as pay restitution to his victims.

O’Connor, who was also known by the alias PlugwalkJoe, was part of a conspiracy that managed to access Twitter’s internal administration tools in 2020.

After socially engineering access to Twitter’s back-end, the group then hijacked celebrities’ accounts to post a scam message soliciting bitcoin: “Feeling grateful, [sic] doubling all payments sent to by BTC address! You send $1,000, I send back $2,000!”

The target accounts included some of the social media platform’s most high-profile users, including then presidential candidate Joe Biden, Elon Musk, Jeff Bezos, Barack Obama and Kim Kardashian.

The listed bitcoin address received more than 400 transfers worth over $117,000 in total, according to the Department of Justice. No funds were observed being sent back.

Alongside the scam messages, the hackers sold access to Twitter accounts “associated with public figures around the world,” with O’Connor agreeing to purchase one unidentified account for $10,000, according to prosecutors.

The Brit also used SIM swapping attacks to gain access to what was described as “one of the most highly visible TikTok accounts” in August of the same year. Prosecutors said he used this access to post “self-promotional messages, including a video in which O’Connor’s voice is recognisable.”

Although prosecutors identified the TikTok account as belonging to Victim-1, the TikTok star Addison Rae’s account was hacked at this time, with its name changed to “joeandzak1” and its bio referencing “plugwalkjoe zak n crippin.”

Prosecutors said: “O’Connor also stated publicly, via a post to Victim-1’s TikTok account, that he would release sensitive, personal material related to Victim-1 to individuals who joined a specified Discord server.”

SIM swapping and cyberstalking

O’Connor also pleaded guilty to targeting another unidentified public figure in June 2019, again using a SIM swapping attack to access the victim’s Snapchat account.

He “used that access to obtain sensitive materials, to include private images, that Victim-2 had not made publicly available. O’Connor sent copies of these sensitive materials to his co-conspirators.”

The hackers also contacted this victim and “threatened to publicly release the stolen sensitive materials unless Victim-2 agreed to publicly post messages related to O’Connor’s online persona, among other things.” SIM swapping is an account takeover technique in which the perpetrator persuades a mobile carrier to switch an existing phone number to a new SIM card.

A third victim, described as a minor by prosecutors, was stalked and threatened by O’Connor in June and July 2020, when the Brit orchestrated “a series of swatting attacks” by attempting to send armed police to the victim’s location, alongside calling the victim’s family members and threatening to kill them.

O’Connor also pleaded guilty to stealing approximately $794,000 from a Manhattan-based cryptocurrency company, again using a SIM swap attack to hijack accounts registered to the victim’s mobile phone number.

“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services. Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” said prosecutors.

U.S. Attorney for the Northern District of California, Ismail Ramsey, said: “O’Connor has left an impressive trail of destruction in the wake of his wave of criminality.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.