Briton pleads guilty to major 2020 celebrity Twitter hack

Joseph James O’Connor, also known as PlugwalkJoe, has pleaded guilty in New York to participating in the hacking of over 130 Twitter accounts in July 2020. 

O'Connor and his co-conspirators gained access to Twitter’s administrative tools, and used it to post tweets from high-profile accounts promoting a Bitcoin scan that urged people to send $1,000 in Bitcoin to receive double back.

Joe Biden, Jeff Bezos, Elon Musk, Kim Kardashian, Bill Gates, Kanye (Ye) West and Barack Obama were some of the people whose accounts were affected. 

PlugwalkJoe was extradited from Spain in April and has now pleaded guilty to hacking, cyber stalking and money laundering. He will now have to return the stolen money and faces a potential prison sentence of 70 years. 

O'Connor's co-conspirators have also been charged over the scam. They have been identified as compatriot Mason Sheppard of Bognor Regis, West Sussex, and two Americans, Graham Ivan Clark and Nima Fazeli.

US teenager Clark pleaded guilty in 2021. Sheppard, also known as Chaewon, was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer.

Overall, the group is said to have stolen more than $794,000 (£629,000) of cryptocurrency.

"O'Connor's criminal activities were flagrant and malicious, and his conduct impacted multiple people's lives," said US assistant attorney-general Kenneth Polite Jr in a statement. “He harassed, threatened and extorted his victims, causing substantial emotional harm.

“Like many criminal actors, O’Connor tried to stay anonymous by using a computer to hide behind stealth accounts and aliases from outside the United States. But this [guilty] plea shows that our investigators and prosecutors will identify, locate and bring to justice such criminals to ensure they face the consequences for their crimes.”

The hackers gained access to Twitter's administrative tools by telephoning a number of the company's employees and convincing them to provide their login details.

From then, they were able to access high-profile accounts and post the following message: “I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled.

“If you send $1,000, I will send back $2,000!

“Only doing this for the next 30 minutes! Enjoy.”

At the time, Twitter said employees with access to its internal systems had been successfully targeted by hackers who “used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf”.

Since Musk’s takeover of Twitter, the platform has been rocked by a series of controversial changes implemented by the new CEO, coupled with mass layoffs and resignations of key staff members.

In recent months, other high-profile Twitter accounts have also fallen victim to cyber attacks. Northern Ireland secretary Chris Heaton-Harris, education secretary Gillian Keegan and news commentator Piers Morgan were some of the people targeted by hackers. 

In March, Twitter took legal action to try to identify GitHub user FreeSpeechEnthusiast, who had leaked part of the platform's source code online. The leak took place 10 days after Musk promised to make the code used to recommend tweets on the platform public from 30 March. As of the writing of this article, Twitter's code has not been made public.

O'Connor will be sentenced on 23 June 2023.