Fraudulent SIM swaps formed basis of massive Twitter hack
A British man has admitted to his involvement in one of the most high-profile social media hacks, a plot that included the hijacking of top US political and business leaders’ Twitter accounts.
Joseph James O’Connor pleaded guilty in New York on Tuesday to hacking into the social network, a move that led to the impersonation of Barack Obama, Joe Biden, Jeff Bezos, Warren Buffett and others to advertise a Bitcoin scheme.
The 23-year-old, also known as “PlugwalkJoe,” was extradited from Spain on April 26, according to the Department of Justice.
The crimes involved SIM swaps — a process in which a phone number is transferred to a new device in order to bypass security measures — but went far beyond that, prosecutors said.
“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor,” said US Attorney Damian Williams for the Southern District of New York.
“O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice to those who victimize others through cyberattacks,” he said.
The Department of Justice alleges that O’Connor plotted with others to hijack Twitter accounts to promote a scheme to defraud the public, with O’Connor paying $10,000 for just one of the accounts he requested.
The co-conspirators used social engineering techniques to convince a Twitter employee into giving them access to administrative tools to the platform.
Those tools were used to take control of the high-profile accounts.
According to the charge sheet, O’Connor pleaded guilty to a variety of cybercrimes, including the exploitation of social media accounts, online extortion and cyberstalking.
In one case, he conducted a SIM swap to break into a victim’s Snapchat account and share the person’s pictures with his co-conspirators.
He conducted a similar hack in August 2020, using SIM swapping again to take over a high-profile TikTok account and threatening to post personal information about the victim on the Discord chat site.
O’Connor also pleaded guilty to “swatting” a minor in June and July 2020, which involved calling local police departments and pretending to be the victim, claiming they were planning to kill multiple people.
In response, every on-duty officer in the area was sent to the victim’s home. O’Connor also sent similar messages to a high school, a restaurant and a sheriff’s department.
The next month he called the victim’s family on multiple occasions and threatened to kill them.
In addition, O’Connor pleaded guilty to stealing $794,012.64 from a Manhattan-based cryptocurrency company by SIM swapping some of its executives.