Jail Time: ‘PlugWalkJoe’ Gets 5 Years for Twitter Hack and Sim Swapping

Jail Time: ‘PlugWalkJoe’ Gets 5 Years for Twitter Hack and Sim Swapping

The mastermind behind the Twitter hack, Graham Ivan Clark, is already serving a three-year sentence.

A New York court has formally sentenced Joseph James O’Connor for his involvement in an extensive SIM-swapping scheme and other crimes. The 24-year-old British hacker has received five years behind bars.

The accused pleaded guilty to four counts of wire fraud, computer hacking, and cyberstalking in May 2023. O’Connor will also return $749,000, which he admitted to stealing from a Manhattan-based cryptocurrency firm.

In 2020, the then-22-year-old O’Connor pulled off a massive hacking spree targeting Twitter accounts, impacting dozens of high-profile personalities. Using SIM swapping, the notorious hacker and his accomplices stole their victims’ cryptocurrencies, including Ethereum, Bitcoin, Bitcoin Cash, and LiteCoin.

It is worth noting that the mastermind behind the Twitter hack, Graham Ivan Clark, is already serving a three-year sentence. Clark was arrested on July 31st, 2020, in Tampa, Florida, when he was 17 years old. Therefore, he has been sentenced as a youthful offender.

Jail Time: 'PlugWalkJoe' Gets 5 Years for Twitter Hack and Sim Swapping
Graham Ivan Clark (Left) – Graham Ivan Clark (Right)

On the other hand, O’Connor used his online handle PlugWalkJoe to carry out the breaches. In a SIM swapping attack, hackers obtain control of their victims’ cellphone numbers by linking them to SIM cards.

The prosecutors argued that O’Connor possessed immense technical knowledge and capabilities. However, he used it to hijack around 130 Twitter accounts, many belonging to well-known politicians, companies, entrepreneurs, and celebrities including the following:

  1. Apple
  2. Bill Gates
  3. Joe Biden
  4. Jeff Bezos
  5. Elon Musk
  6. Kanye West
  7. Warren Buffet
  8. Barack Obama
  9. Kim Kardashian and more.

Additionally, he was involved in cyberstalking two individuals, one of whom was a minor. The gang tricked Twitter employees into giving them access to Twitter’s internal tool by claiming to be part of its IT department.

The hackers then used this access to abuse an internal admin tool, which, according to Twitter’s head of security Peiter Mudge Zatko, helped them gain god mode. They could hijack and tweet from any Twitter account they desired. This is how they pulled off the “largest hack of a social media platform in history,” claims Zatko.

The gang exploited these accounts to post cryptocurrency scams, which impacted millions of users as their Twitter timelines were flooded with the “double your Bitcoin” scams from the hijacked accounts. The hackers made $120,000 from this breach. Twitter had to block access to these accounts to prevent further damage while it fixed the issue.

Prominent & verified Twitter accounts hacked to run crypto scam
Bill Gates and Elon Musk had their account compromised in the Twitter hack (Image: Hackread.com)

An investigation by the New York Department of Financial Services declared Twitter responsible for the breach due to weak and inadequate cybersecurity mechanisms. This prompted the microblogging platform to introduce hardware security keys for employees to prevent phishing attacks and improve its cybersecurity mechanisms.

Further, O’Connor acknowledged swatting a teenage girl in June and July of 2020. He contacted the sheriff’s department and sent messages to a high school and restaurant, falsely claiming that the girl was planning a mass shooting and providing her address. A month later, he threatened to kill the girl’s family. During the sentencing hearing, O’Connor acknowledged his crimes were pointless and foolish.

“I am ashamed to be here. I’m sorry to all the victims of my crimes. I’m here because I did stupid and shameful things. I will never break the law again,” O’Connor told Manhattan federal court’s Judge Jed S. Rakoff.

O’Connor has remained in pre-trial custody for a long time. Therefore, the judge said he will only serve half of his term. He was extradited to the US from Spain in April 2023 and faced a maximum penalty of 77 years. However, prosecutors asked for 7 years in prison.

  1. Owner of Breach Forums Pompompurin Arrested in New York
  2. Twitter hack’s mastermind trial zoom bombed with pornography
  3. Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
  4. Estonian Arrested: Accused of Supplying Hacking Tools to Russia
  5. Twitter Scraping Breach: 209m Accounts Leaked on Hacker Forum
Related Posts