Three Years After the Twitter Hack, One of the Masterminds Behind the Scheme Will Serve Time in Federal Prison
It has been three years since one of the most visible hacks in recent history played out live on Twitter, with millions of users watching in real-time as their timelines flooded with cryptocurrency scams from high-profile accounts. Today, Joseph James O’Connor, 24, a U.K. citizen and one of the hackers responsible for the breach, will begin serving his five-year prison sentence.
The Verdict: Five Years in Prison
On Friday, O’Connor was sentenced in a New York federal court to five years in prison after pleading guilty in May to four counts of computer hacking, wire fraud, and cyberstalking. As part of his plea deal, O’Connor agreed to forfeit at least $794,000 to the victims of his crimes.
The Background: A Complex SIM Swap Attack
According to prosecutors, O’Connor "used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim." The government alleged that O’Connor was part of a group that broke into dozens of high-profile Twitter accounts in July 2020, including Apple, Binance, Bill Gates, Joe Biden, and Elon Musk.
The Breach: A Real-Time Hack
On the day of the hack, millions of Twitter users watched as their timelines flooded with cryptocurrency scams from some of the most recognizable names on the planet. The scammers used phone-based social engineering techniques to trick Twitter employees into granting them access to Twitter’s network. Graham Ivan Clark, also known as Kirk, was another hacker involved in the breach and used his access to abuse an internal admin tool to hijack and reassign Twitter user accounts.
The Investigation: A Subsequent Probe by New York’s Department of Financial Services
A subsequent investigation by New York’s Department of Financial Services found that the hackers broke in by "calling Twitter employees and claiming to be from Twitter’s IT department." The probe revealed that the scammers hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs to tweet "double your bitcoin" scams. The scam netted about $120,000, according to public blockchain records.
The Aftermath: Twitter’s Response
Twitter temporarily blocked users from posting to the site as it grappled with the intrusion. In response to the breach, Twitter improved its cybersecurity controls by introducing hardware security keys for its employees to prevent future phishing attempts.
New Allegations: The Largest Hack of a Social Media Platform in History
Two years on from the hack, more explosive allegations about the breach came to light. Peiter "Mudge" Zatko, who was hired as Twitter’s head of security months after the breach, later described the hackers’ access as achieving "god mode," which allowed them to imposter-tweet from any account they wanted. Zatko called the incident "the largest hack of a social media platform in history" in a whistleblower complaint filed with federal regulators in 2022.
The Hacker’s Apology and Plea for Leniency
In court, O’Connor said his crimes were "stupid and pointless," apologized to his victims, and asked the judge for leniency. According to Reuters, O’Connor faced a maximum of 77 years in prison, with Justice Department prosecutors calling for him to serve at least seven years.
The Judge’s Ruling: A Prison Sentence Likely to Be Served
Judge Jed S. Rakoff said O’Connor will likely serve about half of his sentence after spending more than two years in pre-trial custody. As a result, O’Connor will begin serving his five-year prison sentence.
The Conclusion: A Warning for Future Hackers
This verdict serves as a warning to future hackers who attempt to breach high-profile social media platforms like Twitter. The consequences of such actions can be severe and long-lasting, with potentially devastating effects on both the individuals targeted by the hackers and the platform itself.
Related Articles
- UK Domain Giant Nominet Confirms Cybersecurity Incident Linked to Ivanti VPN Hacks
- Carly Page | 19 minutes ago
- AICoreWeave, a $19B AI Compute Provider, Opens Its First International Data Centers in the UK
- Paul Sawers | 2 hours ago
