Briton pleads guilty in US to 2020 Twitter hack
A British national who was extradited to America last month pleaded guilty to his role in the largest hack in the history of social media in New York.
The hack of July 2020 Twitter accounts affected more than 130 accounts, including those belonging to Barack Obama and Joe Biden.
Joseph James O’Connor (also known as PlugwalkJoe), 23, pleaded guilty to hacking charges, which carry a maximum prison sentence of 70 years.
The hacking was part of a massive Bitcoin scam.
O’Connor was extradited to the United States from Spain. He hijacked Twitter accounts, asking his followers to send Bitcoins to a specific account and promising to double their money.
O’Connor and three other men were charged with the scam. Graham Ivan Clark, a US teenager, pleaded guilty to the scam in 2021. Nima Fazalei, from Orlando, Florida, and Mason Sheppard of Bognor Regis, UK were both charged with federal crimes.
US Assistant Attorney-General Kenneth Polite Jr described in a statement O’Connor’s actions as “flagrant and malicious”, saying he had “harassed, threatened and extorted his victims, causing substantial emotional harm”.
“Like many criminal actors, O’Connor tried to stay anonymous by using a computer to hide behind stealth accounts and aliases from outside the United States.
“But this plea shows that our investigators and prosecutors will identify, locate, and bring to justice such criminals to ensure they face the consequences for their crimes.”
In 2020, an estimated 350 million Twitter users saw suspicious tweets from the official accounts of the platform’s biggest users. Thousands fell for a scam, trusting that a crypto giveaway was real.
Cyber experts agreed that the consequences of the Twitter hack could have been far worse if O’Connor and other hackers had more sophisticated plans than a get-rich-quick scheme.
Disinformation could have been spread to affect political discourse and markets could have been moved by well-worded fake business announcements, for example.
The hack showed how fragile Twitter’s security was at the time. The attackers telephoned a small number of Twitter employees with a believable tale to convince them to hand over their internal login details – which eventually granted the hackers access to Twitter’s powerful administrative tools.
Essentially, the hackers managed to use social engineering tricks more akin to those of conmen than of high-level cyber criminals to get access to the powerful internal control panel at the site.
It was, and still is, a hugely embarrassing moment in Twitter’s troubled history.
O’Connor’s admission has not come as a shock though as there was a wealth of evidence in the public domain thanks to the hackers making some bad mistakes or being too loud in their celebrations in the aftermath of the hack.
O’Connor also pleaded guilty to other hacking crimes including gaining access to a high-profile TikTok account.
He posted a video to that account where his own voice is recognizable and threatened to release “sensitive, personal material” related to the owner of the account to people who joined a Discord group.
The US justice department said he had also used technology to stalk a minor.