Joseph O’Connor, a British hacker who operated under the pseudonym PlugwalkJoe, has been given a five-year prison sentence in the United States. His conviction stems from his involvement in a SIM swap attack targeting a high-profile cryptocurrency exchange executive in April 2019, resulting in the theft of digital assets valued at approximately $794,000.
Having initially been apprehended in Spain in July 2021, PlugwalkJoe was extradited to the U.S. on April 26, 2023, to face justice. Demonstrating a willingness to cooperate with authorities, he entered a guilty plea in May.
For more clarification, a SIM swap hack is a form of cyber attack where hackers fraudulently gain control of a victim’s phone number by tricking the mobile carrier. By doing so, they can bypass two-factor authentication and gain access to the victim’s sensitive information, such as financial accounts.
PlugwalkJoe: Sentencing And Criminal Activities
The U.S. Attorney’s Office of the Southern District of New York emphasized the severity of the prison sentence in an official statement released on June 23.
Aside from the imprisonment, PlugwalkJoe was also subjected to three years of supervised release as part of his sentencing. Additionally, according to the statement provided, he was instructed to make a substantial forfeiture payment amounting to $794,000.
Although the identity of the targeted cryptocurrency executive remains undisclosed, O’Connor successfully executed a SIM swap on this individual.
This illicit maneuver allowed O’Connor to gain unauthorized entry into various accounts and computer systems associated with the cryptocurrency exchange where the executive was employed.
The statement read:
“Following the illicit acquisition of the stolen cryptocurrency, O’Connor and his accomplices engaged in a series of deceptive practices to launder the funds. Through a multitude of transfers and transactions, they deliberately obscured the origins of the illicitly obtained digital assets. Furthermore, a portion of the stolen cryptocurrency was converted into Bitcoin by leveraging cryptocurrency exchange services. This covert conversion process allowed them to further obfuscate the trail of the misappropriated funds.”
Intricate Cyber Techniques Unveiled
According to the statement, a significant fraction of the stolen cryptocurrency was traced back to a cryptocurrency exchange account under O’Connor’s control. This revelation further solidifies his direct involvement in illicit activities.
In addition to his involvement in the cryptocurrency theft, O’Connor’s sentence encompasses his participation in the Twitter hack in July 2020. During this incident, O’Connor and his team accumulated approximately $120,000 in illicit cryptocurrency gains.
The statement highlights how PlugwalkJoe and his co-conspirators leveraged their control over the compromised Twitter accounts. They engaged in various fraudulent activities, including schemes to defraud others and selling access to the hacked accounts to interested parties.
O’Connor’s involvement in the scheme extended beyond digital manipulation. He attempted to blackmail a victim on Snapchat by threatening to expose private messages unless they made posts promoting PlugwalkJoe’s online persona.
Furthermore, O’Connor resorted to stalking and threatening another individual, orchestrating swatting attacks by falsely reporting emergencies to authorities and targeting the victim.