UK hacker pleads guilty to Twitter attack

He pleaded guilty. A British hacker admitted Tuesday, before American justice, his responsibility in a series of cyberattacks, the most spectacular of which had targeted, in 2020, the Twitter accounts of personalities like Joe Biden, Bill Gates or Elon Musk. Joseph O’Connor, 23, was arrested in Spain in July 2021 at the request of the United States and was extradited on April 26, the US Department of Justice said in a statement.

Cryptocurrency scam

In addition to the attack on Twitter, he was prosecuted for the takeover of TikTok and Snapchat accounts, as well as acts of online harassment, or extortion. “O’Connor used his technological skills for malicious purposes (…) to steal cryptocurrencies, hack Twitter, take control of social media accounts and harass two victims, including a minor,” said prosecutor Damian Williams, in charge of the case.

On July 15, 2020, Twitter had been the subject of a particularly troublesome attack, given the visibility of the 130 hacked accounts. An enticing message was displayed on 45 of them: “I have decided to help my community. All bitcoins sent to my address, below, will be doubled”, could we read, in particular, under the profile of the founder of Amazon, Jeff Bezos. These messages were quickly deleted, but according to the investigation, the scam would have allowed hackers to pocket more than 100,000 dollars in cryptocurrency, via 400 transfers from gullible Internet users.

The double authentication barrier bypassed

The attack had revived the debate on the security of social networks, a few months before the presidential election, and seriously damaged the credibility of the bird network. Twitter had explained that hackers had targeted a handful of employees via a phone phishing operation. They had thus succeeded in passing the barrier of double authentication, which normally makes it possible to secure an account beyond the simple password.

Justice had traced the course of bitcoins and quickly went up to three young hackers: Graham Clark, an American then aged 17, Mason Sheppard, a 19-year-old Briton, and Nima Fazeli, a 22-year-old American. After pleading guilty, the first, considered the mastermind of the attack, was sentenced in 2021 to three years in prison.

The name of Briton Joseph O’Connor, better known as PlugWalkJoe, was immediately mentioned by cybersecurity experts. After his arrest, American actress Bella Thorne revealed that he had threatened to release nude photos of her, stolen in 2019 from his Snapchat account. She had uploaded them herself to regain control.