Pierluigi Paganini
June 25, 2023
Joseph James O’Connor, aka PlugwalkJoe (24), the hacker who was involved in the attacks on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses.
On November 2021, the US Department of Justice indicted Joseph James O’Connor for stealing $784,000 worth of cryptocurrency using SIM swap attacks.
Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.
According to the indictment, O’Connor and co-conspirators used SIM swaps to gain access to accounts of a Manhattan-based cryptocurrency company.
“Between approximately March 2019 and May 2019, JOSEPH JAMES O’CONNOR, a/k/a “PlugwalkJoe,” the defendant, and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions in order to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company (“Company-1”), which, at all relevant times, provided wallet infrastructure and related software to cryptocurrency exchanges around the world.” reads the press release published by DoJ.
“As part of the scheme, O’CONNOR and his co-conspirators successfully perpetrated SIM swap attacks targeting at least three Company-1 executives.”
The group stole approximately 770.784869 Bitcoin cash, approximately 6,363.490509 Litecoin, approximately 407.396074 Ethereum, and approximately 7.456728 Bitcoin.
O’CONNOR and his co-conspirators laundered the stolen funds through dozens of transfers and transactions, he deposited part of the stolen cryptocurrency into a cryptocurrency exchange account under his control.
O’Connor was already indicted for his alleged involvement in a massive Twitter hack that took place on July 2020, at the time the attackers hijacked a number of high-profile accounts, including those of Barak Obama, US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple.
All the accounts were compromised at the same time and threat actors used them to promote a cryptocurrency scam. The attackers posted messages urging the followers of the hacked accounts to send money to a specific bitcoin wallet address to receive back larger sums.
“Everyone is asking me to give back, and now is the time,” reads a messages posted from Bill Gates’ Twitter account said. “You send $1,000, I send you back $2,000.”
Experts also noticed that attackers have changed the email addresses associated with the accounts to delay the response to the hijack.
With this fraudulent scheme, threat actors obtained nearly $120,000 worth of bitcoins (approximately 12.86 bitcoins were amassed by attackers in their wallet) from the unaware followers of the hacked accounts.
The man was arrested in Spain in 2021, was extradited to the US on April 26, 2023, and pled guilty on May 9, 2023 to two sets of charges: conspiracy to commit computer hacking and other charges pending in the Southern District of New York relating to a fraudulent scheme perpetrated by O’CONNOR and his co-conspirators for the SIM swap attacks.
“Between 2019 and 2020, O’CONNOR participated in a variety of crimes associated with exploitation of social media accounts, online extortion, and cyberstalking. In July 2020, O’CONNOR participated in a conspiracy to gain unauthorized access to social media accounts maintained by Twitter, Inc. (“Twitter”).” reads the press release published by the DoJ. “In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others.”
In August 2020, O’CONNOR also relied on SIM swapping attacks to take over one of the most highly visible TikTok accounts with millions of followers (“Victim-1”).
The man was also accused of having stalked and threatened a minor victim (“Victim-3”) in June and July 2020, he also orchestrated a series of swatting attacks on the Victim-3.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Twitter hacker)
