British man pleads guilty to Twitter hack of Joe Biden, Elon Musk accounts
A photo of new Twitter owner Elon Musk is surrounded by Twitter logos in this photo illustration in Warsaw, Poland on November 8, 2022.
STR | Nurphoto | Getty Images
LONDON — A British man pleaded guilty to helping orchestrate a high-profile hack of the Twitter accounts of a number of celebrities and politicians, including Elon Musk, Joe Biden and Kanye West.
Joseph O̵[ads1]7;Connor, 23, who is known by an online alias of “PlugwalkJoe,” entered the guilty plea in a New York court on Tuesday, according to a Justice Department news release. He was extradited from Spain last month.
O’Connor pleaded guilty to conspiracy to commit computer hacking, computer hacking, extortion and threatening communications, cyberstalking and conspiracy to commit wire fraud and money laundering. Combined, the charges carry a maximum sentence of 77 years, the Justice Department said.
Assistant Attorney General Kenneth Polite of the Justice Department’s criminal division said O’Connor’s activities were “flagrant and malicious.”
“He harassed, threatened and pressured his victims, causing significant emotional harm,” Polite, Jr. said. in a statement on Tuesday.
“Like many criminal actors, O’Connor tried to remain anonymous by using a computer to hide behind stealth accounts and aliases from outside the United States. But this plea shows that our investigators and prosecutors will identify, locate and bring to justice such criminals . to ensure that they face the consequences for their crimes.”
The attack, which took place in 2020, targeted about 130 people, Twitter said at the time. Hackers took control of the accounts to promote a bitcoin scam, ordering users to send the funds to multiple bitcoin addresses.
Twitter said in 2020, shortly after the cyberattack took place, that it believed the hack was a “coordinated social engineering attack” on its employees — in other words, company insiders were tricked into handing over access to internal systems and tools.
The attackers were able to access Twitter’s internal controls by compromising a small number of employees, according to a July 2020 Twitter blog posts.
“O’Connor communicated with others regarding the purchase of unauthorized access to numerous Twitter accounts, including accounts associated with public figures around the world,” the Justice Department said Wednesday.
“A number of Twitter accounts targeted by O’Connor were later transferred from their rightful owners. O’Connor agreed to buy unauthorized access to a Twitter account for $10,000.”
“Impressive trail of destruction”
O’Connor was also charged and pleaded guilty for his role in a SIM-swapping attack, which is when an attacker convinces a mobile phone carrier to transfer a person’s phone number to their device to bypass multi-factor authentication on online accounts.
The attack targeted several high-profile companies and leaders in the cryptocurrency industry, including Binance, Tron founder Justin Sun and Litecoin founder Charlie Lee, and resulted in the theft of $794,000 in digital assets, according to the Justice Department. O’Connor agreed to forfeit $794,000 to the court and pay restitution to the victims of his crimes, the DOJ said.
O’Connor also compromised the account of “one of the most visible TikTok accounts” and threatened to release sensitive, personal material related to the cyberattack victim to people who joined a specified server on the chat app Discord, the Justice Department said.
United States Attorney Ismail J. Ramsey for the Northern District of California said O’Connor “left an impressive trail of destruction” in the wake of his crime spree.
“This case serves as a warning that the reach of the law is long, and criminals anywhere who use computers to commit crimes can end up facing the consequences of their actions in places they didn’t anticipate,” Ramsey said.
O’Connor was one of four people charged over the scheme. In 2021, American teenager Graham Ivan Clark pleaded guilty to fraud charges.
Nima Fazeli from Orlando, Florida, and Mason Sheppard from Bognor Regis in the UK have also been charged in connection with the hack.
O’Connor was arrested in July 2021 in Estepona, a resort town on the Costa del Sol in southern Spain, by Spanish National Police at the request of US authorities.