A 22-year-old British citizen has been arrested in Spain in connection with a July 2020 Twitter hack that compromised the accounts of high-profile politicians and celebrities, the US Justice Department said on Wednesday.
It named the British man as Joseph James O’Connor and said he faced multiple charges. He was also accused in a criminal complaint of computer intrusions related to takeovers of TikTok and Snapchat accounts, including one incident involving sextortion, as well as cyberstalking a 16-year-old juvenile.
An unnamed second person, identified as “Juvenile 1” in the criminal complaint, was also charged in connection with the hack on 30 July 2020, in the northern district of California for playing a “central role” in the Twitter attack using the moniker Kirk#5270.
The hacker was later identified as Graham Ivan Clark, 18. The federal charges were dismissed and in March he pleaded guilty to state charges in Florida and agreed to serve three years in juvenile prison.
The July 2020 Twitter attack hijacked a variety of verified Twitter accounts, including then Democratic candidate Joe Biden and Tesla CEO Elon Musk. The accounts of former US president Barack Obama, TV reality star Kim Kardashian, Bill Gates, Warren Buffett, Benjamin Netanyahu, Jeff Bezos, Michael Bloomberg and Kayne West were also hit.
The alleged hacker used the accounts to solicit digital currency, prompting Twitter to take the extraordinary step of preventing some verified accounts from publishing messages for several hours until control over the accounts could be regained.
According to the criminal complaint, the accounts of cryptocurrency exchanges such as Binance, Gemini and Coinbase among others were also compromised, as well as those of companies including Apple and Uber Technologies Inc.
The messages directed people to send cryptocurrency to various accounts, and generated about $117,000 through 415 transfers, the complaint said. Two other bitcoin addresses that were posted collected an additional $6,700 through 100 transactions.
Authorities allege that Juvenile 1 reached out to multiple other people and claimed he could “reset, swap and control any Twitter account at will, and would do so in exchange for bitcoin transfers”.
Two of those whom Juvenile 1 recruited, Nima Fazeli and Mason Sheppard, agreed to serve as intermediaries to help find buyers for Twitter usernames in exchange for a fee, investigators say. Both Fazeli and Sheppard were criminally charged in the case on 30 July 2020, the complaint says.
O’Connor’s alleged role in the attack came to light after the FBI interviewed another unnamed juvenile, referred to as Juvenile 2, who identified him. Juvenile 2 said O’Connor had communicated about getting access to certain Twitter accounts, including possibly that of former president Donald Trump.
Criminal investigators in California started receiving tips about O’Connor, who uses the online moniker PlugwalkJoe, as far back as 2018, the complaint says.
A justice department spokesman said O’Connor was expected to have a detention hearing in Spain on Thursday.