UPDATED 20:19 EST / MAY 10 2023

SECURITY

Extradited UK hacker pleads guilty to 2020 celebrity Twitter hack

The U.K. hacker behind the infamous hack of Twitter Inc. in 2020 that compromised the accounts of famous users has been extradited to the U.S., where he has pleaded guilty to various cybercrime offenses.

Joseph James O’Connor, known online as “PlugWalkJoe,” was extradited from Spain on April 26 and pleaded guilty Tuesday to conspiracy charges to commit computer hacking and other criminal charges in a Southern District of New York court on Tuesday. The charges related to the hacking of Twitter and a SIM-swapping attack that resulted in cryptocurrency theft.

The Twitter hack occurred in July 2020 and saw high-profile Twitter accounts tweeting cryptocurrency scams. Compromised accounts included those belonging to Apple Inc., Wendy’s Co., Uber Technologies Inc., Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, Bill Gates, Warren Buffett, Kim Kardashian, Mike Bloomberg and Kanye West. The messages on the hacked accounts told people that if they sent a certain amount of bitcoin to the address given, the payment would be doubled and returned.

Twitter subsequently blamed social engineering for the hack, with many at the time claiming that it was proof of poor security practices at the company. O’Connor was first named as a possible suspect at that time, although it was noted that he was not likely to be working alone, since he was linked to a group of hackers known as “ChucklingSquad.”

The case against O’Connor claimed that he participated in a conspiracy to gain unauthorized access to social media accounts maintained by Twitter. O’Connor and his co-conspirators used social engineering techniques to obtain unauthorized access to administrative tools used by Twitter to support its operations. With that access, the co-conspirators were able to transfer control of certain Twitter accounts and then used that access “to launch a scheme to defraud other users.”

O’Connor is also alleged to have been involved in a SIM swapping case between March 2019 and May 2019, resulting in the theft of approximately $794,000 worth of cryptocurrency from an unnamed Manhattan-based cryptocurrency exchange.

As part of his guilty plea, O’Connor has agreed to forfeit $794,012.64 and to make restitution to victims of his crimes. His sentencing hearing is scheduled for June 23, where he potentially faces up to 70 years in prison.

“It’s encouraging to see a cyber criminal brought to justice in this way,” Chris Vaughan, vice president of technical account management at endpoint management firm Tanium Inc., told SiliconANGLE. “Part of the reason why we’re currently seeing an increase in cyber threats is because many attackers feel like they can act with impunity. Historically it’s been incredibly difficult for law enforcement to gather enough evidence about an attack and the perpetrators to achieve a successful conviction, but progress has been made in the last few years.”

Vaughan noted that O’Connor is a British citizen, arrested in Spain and extradited to the U.S., demonstrating that various countries are working together to share intelligence and identify cyber criminals. “Collaboration between private and public sector organizations is another fundamental aspect of holding hackers to account,” he aid.

Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd., was more skeptical, saying that though the arrest was a “small step in the right direction,” getting a conviction may “be a slight deterrent to casual criminals in Western countries, but it will be minor at best and will do nothing to deter cybercriminals in countries that aren’t friendly to the West.”

“While these criminal prosecutions do need to happen, they don’t address the root problems that enable these criminal activities,” Parkin said. “It’s much better to put resources into preventing the incident — better cybersecurity — than into cleaning up after the fact — investigation and prosecution.”

Image: Andreas Eldh/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU