UK National Pleads Guilty to 2020 Twitter Hack

Facts

• 23-year-old UK citizen Joseph James O'Conner has pled guilty to participating in the 2020 hack of numerous high-profile Twitter accounts and other cybercrime incidents. He was arrested in Spain in 2021 and was extradited to the US last month.¹
• O'Conner and his co-conspirators are alleged to be behind the July 2020 hacking incident that saw over 130 Twitter accounts compromised, including those of Elon Musk, Joe Biden, and Apple. The accounts were then used to promote a Bitcoin scam, prompting Twitter to prevent verified accounts from tweeting for hours until the breach ended.²
• An attorney for the Southern District of New York, where O'Conner pled guilty, stated that the hackers were also behind a "complex SIM swap attack" designed to steal cryptocurrency, as well as two cases of cyberstalking, one involving a minor. The SIM swap targeted an NY-based cryptocurrency company, with nearly $800K USD being stolen.³
• The US Department of Justice (DOJ) alleges that the hackers used social engineering techniques on Twitter employees — such as deception and impersonation — to gain access to administrator tools, enabling them to take control of targeted accounts.³
• After pleading guilty to charges of conspiring to commit computer intrusions, wire fraud, and money laundering, O'Conner is set to be sentenced in June and faces a maximum of 77 years in prison. He is also set to forfeit proceeds from the crimes he committed and pay restitution to the victims.⁴
• In July 2021, alleged ringleader of the scam Graham Ivan Clark was sentenced to three years in juvenile detention after pleading guilty. It is claimed the group is also behind the extortion of two celebrities after using a SIM swap to gain access to their accounts, "causing substantial emotional harm" and impacting "multiple people’s lives," the DOJ says.⁵

Sources: ¹BBC News, ²New York Post, ³Fortune, ⁴Reuters, and ⁵Guardian.

Narratives

• Narrative A, as provided by New York Times. Now that the dust has settled, it is clearly outrageous that a handful of teenagers were able to paralyze one of the world's biggest social media platforms with hardly any resistance. One can only imagine what a nation-state or more sophisticated group would be capable of pulling off. This is one of many cybersecurity incidents to have affected the platform, and it remains to be seen if Twitter has learned its lesson from this debacle and improved its security.
• Narrative B, as provided by Forbes. What befell Twitter has little to do with the security of the platform itself, as it was a social engineering attack that was ultimately responsible. This was not a breach that relied on computer exploits, but instead on the fallible employees behind the keyboard. There is no firewall that can defend against human error — everyone ought to be more aware of social engineering as a serious cybersecurity threat.

Predictions