A British national extradited to the US last month has pleaded guilty in New York to participating in one of the biggest hacks in social media history.
The July 2020 Twitter hack affected over 130 accounts, including those of Barack Obama and Joe Biden.
Joseph James O’Connor, 23, known as PlugwalkJoe, pleaded guilty to the hacking charge, which carries a maximum sentence of over 70 years in prison.
The hacking was part of a large-scale Bitcoin scam.
O’Connor, who was extradited from Spain, hijacked numerous Twitter accounts and sent out tweets urging his followers to send bitcoins to an account and promising to double their funds.
O’Connor was charged with the fraud along with three other men. US teenager Graham Ivan Clark pleaded guilty in 2021. Nima Fazeli of Orlando, Florida, and Mason Sheppard of Bognor Regis in the United Kingdom were charged with federal crimes.
US Assistant Attorney General Kenneth Polite Jr. in a statement described O’Connor’s actions as “blatant and malicious.” He said he “harassed, threatened and blackmailed his victims, causing significant emotional damage”.
“Like many criminal actors, O’Connor attempted to remain anonymous by using a computer to hide behind stealth accounts and aliases from outside the United States. But this appeal shows that our investigators and prosecutors will identify, track down and bring such criminals to justice to ensure they face the consequences for their crimes.”
In 2020, an estimated 350 million Twitter users saw suspicious tweets from official accounts of the platform’s biggest users. Thousands fell for a scam trusting a crypto giveaway was legit.
Cyber experts agreed that the consequences of the Twitter hack could have been far worse had O’Connor and other hackers had had more sophisticated plans than a get-rich-quick scheme.
Disinformation could have been spread to influence political discourse and markets could have been moved by well-worded fake business announcements, for example.
The hack showed how vulnerable Twitter’s security was at the time, as the hackers managed to use social engineering tricks more akin to those used by scammers than high-level cybercriminals to gain access to the site’s powerful internal control panel receive.
It was, and still is, a deeply embarrassing moment in Twitter’s turbulent history.
O’Connor’s admission came as no shock, however, as there was a wealth of evidence in the public domain, thanks to the hackers making some nasty mistakes or being too loud in their celebrations after the hack.
O’Connor also pleaded guilty to other hacking crimes, including gaining access to a high-profile TikTok account.
He posted a video on that account, in which his own voice can be heard, and threatened to release “sensitive, personal material” related to the account owner to anyone who has joined a Discord group.
The US Department of Justice said he also used technology to track a minor.