In July 2020, Liverpudlian hacker, Joseph James O’Connor committed a grandiose attack against Twitter and millions of its users.
Under the online alias of PlugWalkJoe, O’Connor and others managed to hack into 130+ high-profile Twitter accounts in a scam which netted them over $100,000 in the Bitcoin cryptocurrency.
The hacked Twitter accounts included those belonging to Apple, Uber, Kanye West, Binance, Bill Gates, Barack Obama, Joe Biden, and soon-to-be Twitter owner – Elon Musk.
O’Connor was caught in Estepona in Southern Spain in 2021 where he remained in a Spanish jail before being extradited to America in April 2023 to face charges.
Jail Time
On Friday (7th July 2023), O’Connor was sentenced to five years in prison for his part in the Twitter hack.
O’Connor was charged with four counts of hacking, wire fraud and cyber stalking.
Facing a maximum sentence of 77 years for his crimes, prosecutors wanted O’Connor to serve a minimum of 7 years behind bars, however Judge Jed S. Rakoff said O’Connor will likely serve about half of his sentence after spending more than two years in pre-trial custody. So O’Connor looks likely to be released sometime in 2025
As well as the jail time, O’Connor agreed to forfeit $794,000 to his victims.
Complex attacks
O’Connor was a member of a gang which included another UK citizen – 19-yr old Mason Sheppard from Bognor Regis, and 2 Florida residents – 22-yr old Nima Fazeli from Orlando, and 17-yr old Graham Ivan Clark from Tampa.
Together, the gang used a combination of Social Engineering exploits and SIM-swapping activities to gain access to the Twitter accounts and then sent a series of tweets telling followers that if they transferred cryptocurrency to a specific bitcoin wallet, they would receive double the money in return.
Graham Ivan Clark was accused of being the mastermind behind the attacks and was the one who managed to convince a Twitter employee that he worked in the company’s information technology department.
Clark then managed to access the company’s customer service portal which eventually gave him access to the user accounts.
Due to being only 17 years old at the time of the hack, Clark was tried as a “youthful offender,” and as such avoided a minimum 10-year sentence that would have followed if he’d been convicted as an adult
Clark was sentenced to three years prison in 2021 followed by three years probation.
The case against Mason Sheppard has yet to reach trial, however the criminal complaint filed in San Francisco outlines that he could be facing a maximum jail term of 45 years and a $750,000 fine for computer intrusion, wire fraud conspiracy, and money laundering conspiracy.
It is likely that Sheppard will ultimately receive similar terms to the other members of the gang.
Theft of thousands
The Bitcoin wallet where victims transferred money quickly rose to more than 11 BTC, which at the time was worth more than $100,000. Currently that wallet holds a little over $9K.
