A UK citizen has pleaded guilty in connection with the July 2020 Twitter attack that affected numerous high-profile accounts and defrauded other users of the platform.
Joseph James O’Connor, who also went by the alias online PlugwalkJoeadmitted to “his role in cyberbullying and multiple schemes involving hacking, including the July 2020 Twitter hack,” the US Department of Justice (DoJ) said.
The 23-year-old was extradited from Spain on April 26 after the Spanish National Court in February approved the DoJ’s request to extradite O’Connor to face 14 criminal charges in the United States .
The massive hack, which took place on July 15, 2020, involved O’Connor and his co-conspirators taking control of 130 Twitter accounts, including those belonging to Barack Obama, Bill Gates and Elon Musk , to perpetrate a cryptocurrency scam that allowed them. $120,000 in a few hours.
The attack was made possible by using social engineering techniques to gain unauthorized access to the backend tools used by Twitter and then exploiting this entry point to take control of accounts and, in some cases , sell access to others. O’Connor himself is said to have bought unauthorized access to a Twitter account for $10,000.
O’Connor is one of four people who have been charged with carrying out the Twitter hack. Nima Fazeli and Graham Ivan Clark were arrested that same month, while O’Connor was arrested by Spanish authorities in the town of Estepona a year later, in July 2021.
Mason Sheppard, according to the BBC Joe Tidy, has not been arrested. Clark received a three-year prison sentence after pleading guilty to 30 felonies in March 2021.
In addition to the Twitter incident, the defendant has been charged with computer hacking related to the acquisition of TikTok and Snapchat user accounts, as well as online harassment of a minor victim.
This involved orchestrating SIM-swapping attacks against two unnamed victims to gain illicit access to their Snapchat and TikTok accounts, respectively, as well as making fake emergency calls to law enforcement about a third victim , alleging that the party “was making threats to shoot people”. “
SIM swapping occurs when fraudsters contact a telecom service provider under the guise of a victim to port the target’s mobile number to a SIM card under their control, which that the victim’s calls and messages are sent to an unauthorized malicious device controlled by the threat actors.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
Criminals then often use control of the victim’s mobile phone number to take over the victim’s bank accounts and other services that are registered to the mobile phone number by leveraging two-factor authentication based on calls or SMS .
O’Connor and his co-conspirators have also been accused of using SIM-swapping techniques to siphon $794,000 worth of cryptocurrency from a New York City-based crypto firm between March and May of 2019.
“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged a portion of it for Bitcoin through cryptocurrency exchange services,” he said. say the DoJ.
“Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor.”
O’Connor, who has accepted the forfeiture of about $794,000 in stolen funds, is scheduled to be sentenced on June 23. The charges carry a total maximum penalty of more than 70 years in prison.
An investigation done by the security firm Ikaroa reveals the mastermind behind the Twitter hack that occurred in 2020 has pleaded guilty to numerous charges and could face up to 70 years in prison.
The attack breached the accounts of several prominent users, including tech personalities like Bill Gates, Elon Musk, and Barack Obama, prompting Twitter to take drastic security measures.
The U.S Department of Justice announced on April 28th, 2021 that Graham Ivan Clark, a 17-year-old resident of Tampa, Florida, pleaded guilty to 30 counts of felony fraud. This includes counts of conspiracy to commit wire fraud, money laundering, and other charges.
The DOJ’s report details how Clark was the mastermind of the attack, heading a small group of hackers from Tampa that used spear phishing and other tactics to gain access to the accounts.
The hacker wasn’t alone in the network, as two co-conspirators—Nimish Jaiswal, 22, of California and Nischay P. Mondaire, 22, of New York—were also part of the group. Clark was also known to have had a mentor and tranche of students that helped maximize the attack’s focus.
Authorities said Clark and the others shared profits of more than $100,000 in cryptocurrency and faced dozens of other counts involving the hack.
The attacks on Twitter could have been much worse if not for the quick response of dedicated security teams. At Ikaroa, we take great pride in helping organizations stay secure and offer a portfolio of services that help keep businesses safe. We look forward to continuing our security efforts and strive to stay abreast of emerging threats.