Infamous Twitter Hacker Cops to Cybercrimes, Extradited to US for Trial
Confessed cybercriminal hijacked Twitter, TikTok, and Snapchat accounts; defrauded victims; and more.
May 10, 2023
Stalking, extortion, and swatting are just a sampling of the cybercrimes UK citizen Joseph James O'Connor has confessed to committing — dating back to a spectacular 2020 Twitter caper where he hijacked famous accounts, including Elon Musk's, to defraud victims.
O'Conner (aka PlugwalkJoe), 23, was extradited from Spain to New York to face charges related to exploitation of social media accounts, online extortion, and cyberstalking, according to the Department of Justice (DoJ).
"O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM-swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim," US Attorney Damian Williams for the Southern District of New York said in a statement. "O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice those who victimize others through cyber-attacks."
Confessed Cybercrimes
In July 2020, O'Connor confessed that along with two co-conspirators, he hijacked 130 Twitter high-profile Twitter accounts of public figures, including Musk, President Joe Biden, former President Barack Obama, and Kanye West, along with others, and defrauded other Twitter users into handing over more than $100,000 in a Bitcoin scam.
The following month, in August 2020, the DoJ said O'Connor pivoted to a SIM-swap scam where he hijacked high-profile TikTok accounts to post what authorities characterize as "self-promotional" videos where his voice is audible.
O'Connor also used SIM-swapping to steal sensitive materials from an unnamed public figure's Snapchat account and threatened to release them publicly unless this celebrity posted messages promoting the defendant's online persona.
Finally, over June and July 2020, O'Connor confessed to being behind several so-called "swatting" attacks against a minor, whereby the perpetrator calls in a false emergency to the victim's address, the DoJ said.
"Today’s guilty plea is confirmation that the FBI’s strategy to counter cybercrime is working. It’s also indicative of what can be accomplished when we work closely with our partners to bring these perpetrators to justice and make the cyber ecosystem more secure," Assistant Director Bryan Vorndran of the FBI's Cyber Division said. "O'Connor's extradition is as a warning to all dangerous cyber criminals that the FBI will work tirelessly to find them and hold them accountable wherever in the world they may try to hide."
Prosecution, Extradition an "Encouraging" Sign
Chris Vaughan, vice president with Tanium, says law enforcement's ability to collaborate internationally and bring cybercriminals like O'Connor to justice is "encouraging."
"Part of the reason why we're currently seeing an increase in cyber threats is because many attackers feel like they can act with impunity," Vaughan said in a statement. "Historically, it's been incredibly difficult for law enforcement to gather enough evidence about an attack and the perpetrators to achieve a successful conviction, but progress has been made in the last few years."
However, Mike Parkin, senior technical engineer with Vulcan Cyber, is skeptical that this case will deter future cybercrime.
"While these criminal prosecutions do need to happen, they don't address the root problems that enable these criminal activities," Parkin explained in an emailed reaction to the news. "It's much better to put resources into preventing the incident (better cybersecurity) than into cleaning up after the fact (investigation and prosecution.)"
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024