Three years after one of the most visible attacks in recent history played out in real time in front of millions of Twitter users, one of the hackers responsible for the breach will now serve time in federal prison.
Joseph James O'Connor, 24, was sentenced Friday in New York federal court to five years in prison after pleading guilty in May to four counts of computer hacking, wire fraud and cyberstalking. O'Connor also agreed to give at least $794,000 to the victims of his crimes.
O'Connor, a UK citizen, was extradited from Spain at the request of US prosecutors earlier this year and has remained in custody ever since.
At the hearing, Judge Jed S. Rakoff said O'Connor is likely to serve about half of his sentence after spending more than two years in pretrial detention.
O'Connor faced a maximum of 77 years in prison, according to Reuters. Justice Department prosecutors asked that O'Connor serve at least seven years in prison.
In court, O'Connor called his crimes "stupid and senseless," apologized to his victims and asked the judge for leniency.
According to prosecutors, O'Connor "used his sophisticated technological skills for malicious purposes: he conducted a complex SIM-swap attack to steal large amounts of cryptocurrency, hacked into Twitter, conducted hacks to take over social media accounts, and even harassed cybernetically targeted two victims, including a minor victim.”
The government said O'Connor, known by his name online PlugWalkJoe, was part of a group that broke into dozens of high-profile Twitter accounts, including Apple, Binance, Bill Gates, Joe Biden, and Elon Musk to spread cryptocurrency get-rich-quick scams in July 2020.
O'Connor used phone-based social engineering techniques to trick Twitter employees into granting the hacking group access to the Twitter network. one of the others doomed hackers of the Twitter breach, Graham Ivan Clark, aka Kirk, used Twitter network access to abuse an internal administration tool to hijack and reassign Twitter user accounts.
Twitter administration that the hackers breached to reassign access to user accounts.
Twitter temporarily blocked users to not post to the site while it dealt with the intrusion, while millions of users watched in real time as their timelines were being inundated with cryptocurrency scams from some of the most recognizable names on the planet.
A subsequent investigation by the new york state government which accused Twitter of inadequate cybersecurity protections, found that the hackers broke in "by calling Twitter employees and claiming to be from Twitter's IT department," then hijacked the Twitter accounts of politicians, celebrities, and business people to tweet scams of “double your bitcoin”. .
The scam netted around $120,000, according to public blockchain records.
Several of the tweets that were posted during the 2020 Twitter hack
The breach prompted Twitter to improve its cybersecurity controls, introducing hardware security keys for your employees to prevent future phishing attempts.
Two years after the hack, more explosive allegations about the attack came to light.
Peiter “Mudge” Zatko, who was hired as head of Twitter security months after the breach, he later described the hacker's access achieved "god mode," allowing them to tweet impostors from any account they wanted. Zatko called the incident “the largest hack of a social media platform in history” in a whistleblower complaint filed with federal regulators in 2022, in which Zatko accused his former employer of cybersecurity lapses.
Twitter automatically responded with a disapproving emoji in response to an emailed request for comment, as it has done shortly after the company was acquired by Elon Musk.
