A 22-year-old British citizen was arrested in Spain on Wednesday in connection with a July 2020 Twitter hack which compromised the accounts of high-profile politicians and celebrities, the U.S. Justice Department said on Wednesday.
It named the British man as Joseph James O’Connor and said he faced multiple charges. He was also accused in a criminal complaint of computer intrusions related to takeovers of TikTok and Snapchat accounts, including one incident involving sextortion, as well as cyberstalking a 16-year-old juvenile.
An unnamed second person, identified only as “Juvenile 1” in the criminal complaint, was also charged in connection with the hack on July 30, 2020, in the Northern District of California for playing a “central role” in the Twitter attack and used the moniker Kirk#5270.
The teen was later identified as Graham Ivan Clark, 18. The federal charges were dismissed and in March, he pleaded guilty to state charges in Florida and agreed to serve three years in juvenile prison.
The July 2020 Twitter attack hijacked a variety of verified Twitter accounts, including then-Democratic candidate Joe Biden and Tesla CEO Elon Musk. The accounts of former President Barack Obama, TV reality star Kim Kardashian, Bill Gates, Warren Buffett, Benjamin Netanyahu, Jeff Bezos, Michael Bloomberg an Kayne West were also hit.
The alleged hacker used the accounts to solicit digital currency, prompting Twitter to take the extraordinary step of preventing some verified accounts from publishing messages for several hours until security to the accounts could be restored.
According to the criminal complaint, the accounts of cryptocurrency exchanges such as Binance, Gemini and Coinbase among others were also compromised, as well as those of companies including Apple Inc. and Uber Technologies Inc.
The messages directed people to send cryptocurrency to various accounts, and received about $117,000 through 415 transfers, the complaint said. Two other bitcoin addresses that were posted, meanwhile, also collected an additional $6,700 through 100 transactions.
Authorities allege that Juvenile 1 reached out to multiple other people and claimed he could “reset, swap and control any Twitter account at will, and would do so in exchange for bitcoin transfers.”
Two of those people whom Juvenile 1 recruited, Nima Fazeli and Mason Sheppard, agreed to serve as middlemen to help find buyers for Twitter usernames in exchange for a fee, investigators say.
Both Fazeli and Sheppard were criminally charged in the case on July 30, 2020, the complaint says.
O’Connor’s role in the attack came to light after the FBI interviewed another unnamed juvenile, referred to as Juvenile 2, who identified O’Connor and said O’Connor had communicated about getting access to certain Twitter accounts, including possibly that of former President Donald Trump.
Criminal investigators in California started receiving tips about O’Connor, who uses the online moniker PlugwalkJoe, as far back as 2018, the complaint says. Witnesses who had heard what O’Connor’s voice sounded like on various Google voice calls were able to help law enforcement identify him.
A Justice Department spokesman said O’Connor is expected to have a detention hearing in Spain on Thursday.