Joseph James O’Connor, also known as PlugwalkJoe, has confessed to his involvement in the July 2020 Twitter attack that targeted prominent accounts and defrauded users, according to the US Department of Justice (DoJ).
O’Connor was extradited from Spain after facing approval by the Spanish National Court and now faces 14 criminal charges in the US. The extensive hack involved O’Connor and his associates taking control of 130 Twitter accounts, including those belonging to notable individuals like Barack Obama and Elon Musk, and executing a cryptocurrency scam that yielded $120,000 in just a few hours.
The attack relied on social engineering tactics to gain unauthorized access to Twitter’s backend tools, enabling O’Connor to commandeer the compromised accounts and even sell access to others. O’Connor himself reportedly purchased unauthorized access to a Twitter account for $10,000. Alongside O’Connor, three others have been charged in connection with the Twitter hack, with two of them already arrested.
While O’Connor is set to be sentenced on June 23 and has agreed to forfeit around $794,000 in stolen funds, one individual named Mason Sheppard has yet to be apprehended.
Beyond the Twitter incident, O’Connor faces additional charges related to intrusions into TikTok and Snapchat accounts, as well as online stalking of a minor. His methods involved SIM swapping attacks to gain illicit access to the victims’ social media accounts.
In one case, false emergency calls were made to law enforcement, falsely accusing a person of making threats to shoot others. O’Connor and his co-conspirators are also accused of using SIM swapping techniques to steal approximately $794,000 worth of cryptocurrency from a New York City-based crypto company between March and May 2019.
The stolen funds were laundered through various transfers and transactions, with some exchanged for Bitcoin.
