UK Man to Serve Five Years for Twitter Attack on Musk, Gates and Bezos, plus Crypto Theft

In a landmark cybercrime ruling, 24-year-old British citizen Joseph James O'Connor, known online as PlugwalkJoe, has been sentenced to five years in prison.

The US Department of Justice (DoJ) delivered the verdict for his role in the infamous 2020 Twitter hack and a $784,000 cryptocurrency theft. The DoJ indicted O'Connor in November 2021 for orchestrating a sophisticated SIM swap attack, leading to a significant crypto asset heist.

The SIM swapping technique, a favored modus operandi among cybercriminals, involves hijacking victims' SIM cards by persuading mobile operator employees to transfer the victims' phone numbers to a new SIM card that the attackers control.

This lets criminals bypass security to access personal information and steal assets from associated accounts.

The indictment revealed that O'Connor and accomplices used this technique to breach the accounts of a Manhattan-based cryptocurrency company. The group stole Bitcoin cash, Litecoin, Ethereum, and Bitcoin totaling approximately $784,000.

"On or about May 1, 2019, through their unauthorized access, O'CONNOR and his co-conspirators stole and fraudulently diverted cryptocurrency of various types (the "Stolen Cryptocurrency") from cryptocurrency wallets maintained by Company-1 on behalf of two of its clients," reads the DoJ press release. "The Stolen Cryptocurrency was worth at least approximately $794,000 at the time of the theft and is currently worth more than $1.6 million."

The ill-gotten gains were then laundered through several transactions. Notably, O'Connor was also a key figure in the July 2020 Twitter attack, a significant cybercrime event that saw several high-profile accounts hijacked simultaneously.

"In early July 2020, O'CONNOR's co-conspirators used social engineering techniques to obtain unauthorized access to administrative tools used by Twitter to maintain its operations," according to the press release. "Those co-conspirators were able to use the tools to transfer control of certain Twitter accounts from their rightful owners to various unauthorized users. In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users."

Victims of the attack included Jeff Bezos, Barak Obama, Joe Biden, Elon Musk, Bill Gates, and corporate accounts like Apple and Uber. After compromising the accounts, attackers solicited the account followers to send crypto assets to specific addresses, with the promise of receiving larger sums in return.

The well-coordinated scam netted the culprits $120,000 in Bitcoin.

Authorities apprehended O'Connor in Spain in 2021 and extradited him to the US in April 2023.He pleaded guilty on May 9 to two sets of charges - conspiracy to commit computer hacking and the SIM swap fraud charges.

Along with the jail term, O'Connor is also mandated to relinquish $794,000. This judgment is a stark reminder of the escalating complexity and menace of cybercriminal activities, prompting global authorities to advocate for increased awareness and the fortification of digital security systems.