Joseph James O’Connor, also known as PlugwalkJoe, a 24-year-old U.K. citizen, has been sentenced to five years in prison for cybercrime offenses related to the Twitter hack in 2020.
The U.S. Department of Justice indicted O’Connor in November 2021, accusing him of stealing $784,000 worth of cryptocurrency through SIM swap attacks.
In these attacks, fraudsters gain control of victims’ phone numbers by tricking mobile operator employees into porting them to SIM cards under their control.
O’Connor and his co-conspirators successfully conducted SIM swap attacks targeting executives of a Manhattan-based cryptocurrency company, stealing significant amounts of Bitcoin Cash, Litecoin, Ethereum, and Bitcoin.
O’Connor was already indicted for his involvement in the high-profile Twitter hack of July 2020, where several prominent accounts, including those of Barack Obama, Joe Biden, Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were compromised.
The attackers used the hacked accounts to promote a cryptocurrency scam, resulting in nearly $120,000 worth of bitcoins being obtained from followers.
O’Connor was arrested in Spain in 2021, extradited to the U.S. in April 2023, and pleaded guilty to charges related to the Twitter hack and the SIM swap attacks in May 2023. The judge also ordered him to forfeit $794,000.
In addition to the cryptocurrency theft, O’Connor was involved in various cybercrimes between 2019 and 2020, including exploitation of social media accounts, online extortion, and cyberstalking.
He participated in a scheme to gain unauthorized access to Twitter accounts, sometimes selling access to others. In August 2020, O’Connor used SIM swapping attacks to take over a prominent TikTok account, and he was accused of stalking and threatening a minor victim in June and July 2020, orchestrating swatting attacks on the victim.
