PlugwalkJoe, aka Joseph James O’Connor, a UK citizen connected to the 2020 Twitter hack affecting many high-profile accounts, including Elon Musk, Joe Biden, Barack Obama, and Apple, has pled guilty to cyberstalking and other crimes. On Tuesday, the Department of Justice (DOJ) announced that O’Connor has been extradited to the US.
In 2020, PlugwalkJoe and unnamed co-conspirators gained access to Twitter’s administrative tools. Using that access, the co-conspirators were able to tweet from several accounts belonging to major companies and celebrities. This allowed them to promote a Bitcoin scam that raked in almost $120,000.
In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others. O’CONNOR communicated with others regarding purchasing unauthorized access to a variety of Twitter accounts, including accounts associated with public figures around the world. A number of Twitter accounts targeted by O’CONNOR were subsequently transferred away from their rightful owners. O’CONNOR agreed to purchase unauthorized access to one Twitter account for $10,000.
PlugwalkJoe also took over an unnamed TikTok user’s account in 2020, and the details listed suggest the unnamed victim is top TikToker Addison Rae. At the time, Rae’s TikTok account name changed to “joeandzak1” and her bio read “plugwalkjoe zak n crippin.” The DOJ also says PlugwalkJoe and co-conspirators targeted the Snapchat account of another high-profile user in 2019 and threatened to release their private images to the public. In this case, the victim appears to be Bella Thorne, who publicly thanked the FBI for arresting O’Connor.
A separate case from the Southern District of New York accuses O’Connor and conspirators of SIM swaps, or the act of gaining control of a victim’s phone number, as part of a scheme that resulted in the theft of $794,000 in crypto from an unnamed, Manhattan-based company that “provided wallet infrastructure and related software to cryptocurrency.”
“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim,” US Attorney Damian Williams for the Southern District of New York says in a statement.
O’Connor was arrested in Spain in 2021 on multiple charges, including three counts of conspiracy to intentionally access a computer without authorization, one count of making threatening communications, two counts of cyberstalking, and more. He’s set to be sentenced on June 23rd and has agreed to forfeit over $794,000 to the victims of his scams.