Skip to content ↓ | Skip to navigation ↓

Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter’s history.

In July 2020, the Twitter accounts of public figures and well-known organisations were compromised, allowing malicious hackers to post tweets to millions of unsuspecting followers.

Compromised accounts included those of then-Presidential candidate Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos, as well as the corporate Twitter identities of Apple, Uber, and Coinbase.

Compromised Twitter accounts

As we described at the time, the accounts were hijacked to publish a cryptocurrency scam:

I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled. If you send $1,000 I will send back $2,000! Only doing this for the next 30 minutes! Enjoy.

The scale of the attack suggested that the malicious hackers had somehow managed to compromise Twitter’s internal systems to gain access to so many accounts that would normally be expected to be protected by strong passwords and multi-factor authentication.

The authorities quickly identified Graham Ivan Clark, of Tampa, Florida as having gained access to Twitter’s internal support tools through what the social network described as a “phone spear phishing attack” against a small number of its employees.

Clark, who was 17 years old at the time of the attack, is said to have managed to dupe unsuspecting Twitter users out of $117,000 worth of Bitcoin through the scam. He was ultimately sentenced to three years in a juvenile detention facility.

But the authorities have said for some time that they do not believe that Clark was the only person involved with the attack.

Yesterday the US Department of Justice announced the arrest in Estepona, Spain of 22-year-old Joseph O’Connor, a British citizen.

O’Connor’s name is one that is not unknown to cybercrime investigators. After the Twitter hack, cybersecurity blogger Brian Krebs alleged that Joseph O’Connor was the true identity of “PlugWalkJoe”, a hacker who was thought to have been involved in SIM-swapping attacks to compromise accounts.

Perhaps unwisely in retrospect, O’Connor gave an interview to the New York Times in the aftermath of the Twitter hack in which he not only confirmed he was PlugWalkJoe, and said that Twitter staff credentials were stolen after malicious hackers found a way to access the company’s internal Slack messaging channel.

O’Connor, who originally comes from Liverpool, told the New York Times he was not worried about any police investigation into the hack:

“I don’t care. They can come arrest me. I would laugh at them. I haven’t done anything.”

O’Connor is charged with not just being involved in the July 2020 Twitter hack, but also the compromise of accounts belonging to users of TikTok and Snapshot. In addition, he has been charged with cyberstalking a juvenile.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.