Nearly three years ago, chaos descended upon Twitter when a small group of hackers successfully breached the accounts of some of the platform's most high-profile users.
From Barack Obama to Elon Musk to Kim Kardashian, the compromised accounts tweeted out a message urging their millions of followers to send Bitcoin to a mysterious wallet address.
[RELATED: Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?]
Now, the U.S. Department of Justice has announced that Joseph James O'Connor, a 23-year-old U.K. citizen, pleaded guilty to his role in the Twitter hack, as well as cyberstalking and other schemes. O'Connor, also known as "PlugwalkJoe," was extradited from Spain on April 26, 2023, after his arrest in August 2022.
O'Connor's criminal activities were described by U.S. Attorney Damian Williams for the Southern District of New York:
"O'Connor used his sophisticated technological abilities for malicious purposes—conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim.
O'Connor's guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice those who victimize others through cyber-attacks."
Court documents revealed that O'Connor conspired to gain unauthorized access to various social media accounts belonging to Twitter. He collaborated with others to purchase unauthorized access to multiple Twitter accounts, including those linked to public figures worldwide.
He was able to successfully transfer ownership of several targeted Twitter accounts away from their rightful owners. In one instance, he agreed to purchase access to a Twitter account for a hefty sum of $10,000.
O'Connor and his co-conspirators also gained unauthorized access to one of TikTok's most visible accounts, which belonged to a public figure with millions of followers. The group utilized a SIM swap after discussing various celebrities to target, and O'Connor used his access to the victim's account to post self-promoting messages, including a video featuring his recognizable voice.
"PlugwalkJoe" targeted another public figure in June 2019, when he obtained unauthorized access to the victim's Snapchat account via a SIM swap. He used that access to obtain sensitive materials, including private images that had not been made publicly available.
He then sent copies of these sensitive materials to his co-conspirators and reached out to the victim, threatening to publicly release the stolen images unless the victim posted messages related to O'Connor's online persona, among other things.
Lastly, the DOJ says that O'Connor stalked and threatened a minor victim in June and July 2020, orchestrating a series of swatting attacks on this third victim. He called a local police department and falsely claimed that this person was making threats to shoot people.
At first glance, the Twitter incident appeared to be some type of prank in which celebrities lost control of their accounts. But taking a deeper look at O'Connor's criminal activity shows a pattern of malicious behavior.
He currently faces a maximum prison sentence of 70 years, which will hopefully send a message to other cybercriminals, making them think twice before committing further crimes.
Follow SecureWorld News for more stories related to cybersecurity.