On Friday, Joseph James O’Conner was given a five-year prison term for his role in the 2020 Twitter hack by a federal court. The 24-year-old man, who goes by the online moniker “PlugwalkJoe,” pleaded guilty last month to a number of cybercrimes, including a SIM-swapping attack against a TikTok account with millions of followers.
In 2020, O’Conner and his accomplices hacked into Twitter and gained access to the accounts of Elon Musk, Bill Gates, Barack Obama, and more than a hundred other prominent users. In the subsequent crypto scam, O’Conner made $794,000.
Twitter hacker and crypto scammer’s trial and verdict
After being apprehended in Spain in July 2021, O’Connor was extradited to the United States on April 26, 2023. In May, he pleaded guilty to various charges connected to a conspiracy involving computer intrusion, wire fraud, and other crimes. Do some money laundering if you name them.
The Southern District of New York US Attorney’s Office noted the prison term in a statement on June 23. O’Connor was also given three years of supervised release following his prison term. According to the announcement, O’Connor was mandated to forfeit $794,012.64.
The compromised crypto executive has yet to be identified, but O’Connor could access the exchange the executive worked on without authorization after swapping the SIM cards.
O’Connor and his cohorts used a series of transfers and transactions to “wash” the stolen crypto. After stealing and fraudulently rerouting the crypto, they exchanged some of it for Bitcoin using crypto trading platforms.
According to the statement, “in the end, a portion of the stolen crypto was deposited into a crypto exchange account managed by O’Connor.” O’Connor’s sentence also covers offenses connected to the significant July 2020 Twitter breach, ultimately resulting in him and his team obtaining over $120,000 in illegal cryptocurrency profits.
By using a combination of “social engineering techniques” and SIM-swapping operations, the hackers were able to get control of roughly 130 high-profile Twitter accounts, as well as two large profiles on TikTok and Snapchat.
Sometimes the conspirators will seize control and use it to launch a scam on unsuspecting Twitter followers. According to the statement, some of the conspirators allegedly engaged in the sale of access to Twitter accounts.
SIM swap hacking on the rise
O’Connor attempted to blackmail the Snapchat user by threatening to reveal private conversations if the user did not share content that boosted O’Connor’s online reputation as part of this scam.
In addition to making a fake report of an emergency to the police, O’Connor “followed and threatened” a victim and “perpetrated a series of assaults” on them.
A SIM swap attack occurs when a malicious actor uses one SIM card to switch the victim’s number over to another SIM card under their control.
This means that every account the victim uses SMS-based two-factor authentication to access is vulnerable because the bad guys can redirect their calls and texts to a device they control.
In most cases, this tactic is utilized to steal crypto from the accounts’ followers by posing as a trusted source. SIM-swapping assaults are still a big problem in the crypto industry, notwithstanding O’Connor’s activities from almost three years ago.
Blockchain sleuth ZachXBT earlier this month discovered a group of scammers who SIM-swapped at least eight accounts belonging to well-known figures in the crypto industry, including DJ and NFT collector Steve Aoki, Puddy Penguins creator Cole Willeman, and Bitcoin Magazine editor Pete Rizzo.
ZachXBT claims that the organization used the compromised accounts to spread phishing links and make a profit of about $1 million.
Reducing further attacks
This imprisonment sends a solid message to would-be SIM swap hackers that authorities are serious about protecting the public from cybercriminals. That’s why people must take preventative precautions like using two-factor authentication, keeping a close eye on their accounts, and alerting their cell network and bank immediately if they notice anything unusual.
The conviction of “PlugwalkJoe” and his subsequent five-year prison sentence exemplify the dedication of law enforcement to the fight against cybercrime and the protection of citizens from the harm caused by SIM swap attacks. While a win, in this case, is certainly cause for celebration, it also serves as a cautionary tale about the importance of staying alert and taking reasonable measures to protect one’s digital assets in today’s increasingly linked world.