The Department of Justice (DoJ) announced May 9 that Joseph James O’Connor, aka “PlugwalkJoe,” pled guilty in New York to his role in the high-profile hacks of celebrity Twitter accounts and other computer hacking crimes involving stolen cryptocurrency.
DoJ said they extradited the 23-year-old UK citizen from Spain on April 26. O’Connor faces up to 77 years in prison for his role in the crimes. He is scheduled for sentencing on June 23 in New York.
The case drew quite a stir when it broke three years ago because reportedly the case involved hacking the Twitter accounts of former President Barack Obama, Elon Musk — who now owns Twitter — and President Joe Biden, who was running for president at the time. The accounts of other well-known celebrities, politicians and businesspeople were also hit, including Kim Kardashian, Bill Gates, Warren Buffet, Michael Bloomberg and many others.
In making the announcement, DoJ focused on two cases. The Twitter case, which was originally handled by the Northern District of California (NDCA) and the Southern District of New York (SDNY), which worked on the financial crimes case involving the cryptocurrency crime. DoJ has since consolidated the two cases and now both will be managed by SDNY.
“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim,” said U.S. Attorney Damian Williams for SDNY. “O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice those who victimize others through cyberattacks.”
According to court documents, between 2019 and 2020, DoJ alleges that O’Connor participated in a variety of crimes associated with the exploitation of social media accounts, online extortion, and cyberstalking. In the Twitter case, O’Connor pled guilty to participating in a conspiracy to gain unauthorized access to social media accounts maintained by Twitter.
In early July 2020, DoJ said O’Connor’s co-conspirators used social engineering techniques to obtain unauthorized access to administrative tools used by Twitter to maintain its operations. The co-conspirators were able to use the tools to transfer control of certain Twitter accounts from their rightful owners to various unauthorized users. In some instances, DoJ said the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others.
O’Connor communicated with others regarding purchasing unauthorized access to a variety of Twitter accounts, including accounts associated with public figures around the world. A number of Twitter accounts targeted by O’Connor were subsequently transferred away from their rightful owners. O’Connor agreed to purchase unauthorized access to one Twitter account for $10,000.
In the cryptocurrency case, between March 2019 and May 2019, O’Connor and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions to steal approximately $794,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company, which provided wallet infrastructure and related software to cryptocurrency exchanges around the world, according to court documents.
According to DoJ, during a SIM swap attack, cyber threat actors gain control of a victim’s mobile phone number by linking that number to a SIM card controlled by the threat actors, resulting in the victim’s calls and messages being routed to a malicious unauthorized device controlled by the threat actors. The threat actors then typically use control of the victim’s mobile phone number to obtain unauthorized access to accounts held by the victim that are registered to the mobile phone number.
After stealing and fraudulently diverting the stolen cryptocurrency, DoJ said O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services. Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor.
DoJ said O’Connor also agreed to forfeit the $794,000 and make restitution to the victims of his crimes.
