Key takeaways:
- Joseph O’Connor received a five-year prison term in the United States for participating in the April 2019 SIM swap assault.
- O’Connor threatened to expose the Snapchat victim’s private chats if they didn’t share content that promoted O’Connor’s online reputation.
A British hacker, Joseph O’Connor, also known online as PlugwalkJoe, received a five-year prison term in the United States for participating in the April 2019 SIM swap assault that resulted in the theft of $794,000 worth of cryptocurrencies.
O’Connor was initially detained in Spain in July 2021, and on April 26, 2023, he was returned to the United States. Just under three years remain in his sentence after he served 28 months of it. He entered a guilty plea to several crimes in May, including conspiracy to commit money laundering, conspiracy to commit wire fraud, and conspiracy to hack computers.
The US Attorney’s Office for the Southern District of New York highlighted the jail term in a statement on June 23. The statement reads as follows:
“In addition to the prison term, O’Connor was sentenced to three years of supervised release. O’Connor was further ordered to pay $794,012.64 in forfeiture”
Although the compromised crypto executive has not been identified, O’Connor was able to access accounts and computer systems that belonged to the exchange where the executive worked by SIM swapping them. Additionally, it was stated:
“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services.”
In a SIM swap attack, a malicious party takes over the victim’s phone number by attaching it to a SIM card that belongs to them. The malicious party can access any accounts the victim uses SMS-based two-factor authentication on by redirecting the victim’s calls and texts to a device under their control. The tactic is typically used to trick fans of well-known accounts into clicking phishing links that ultimately steal their cryptocurrency holdings.
The offenses related to the significant July 2020 Twitter hack that earned O’Connor and his group almost $120,000 in illegal cryptocurrency proceeds are also included in his sentence. Along with two sizable accounts on TikTok and Snapchat, the hackers used various “social engineering techniques” and SIM-swapping operations to take over some 130 well-known Twitter accounts. The statement states:
“In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others,”
As part of this plan, O’Connor threatened to expose the Snapchat victim’s private chats if they didn’t share content that promoted O’Connor’s online reputation. This was an effort at blackmail. By fraudulently reporting crises to authorities, O’Connor reportedly “stalked and threatened” a victim and “orchestrated a series of swatting attacks” against them.
