Twitter Hack: Hacker Sentenced to Five Years in Prison for Cybercrime
In July 2020, one of the most visible hacks in recent history played out in real-time in front of millions of Twitter users. The hackers responsible for the breach broke into dozens of high-profile Twitter accounts, including Apple, Binance, Bill Gates, Joe Biden, and Elon Musk, to spread cryptocurrency get-rich-quick scams. Three years after the incident, one of the hackers responsible for the breach will now serve time in federal prison.
Joseph James O’Connor, 24, was sentenced Friday in a New York federal court to five years in prison after pleading guilty in May to four counts of computer hacking, wire fraud, and cyberstalking. O’Connor also agreed to forfeit at least $794,000 to the victims of his crimes. O’Connor, a U.K. citizen, was extradited from Spain at the request of U.S. prosecutors earlier this year and has remained in custody since.
The Twitter Hack
According to prosecutors, O’Connor “used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim.”
O’Connor used phone-based social engineering techniques to trick Twitter employees into granting the group of hackers access to Twitter’s network. One of the other hackers convicted of the Twitter breach, Graham Ivan Clark, also known as Kirk, used the access to Twitter’s network to abuse an internal admin tool to hijack and reassign Twitter user accounts.
Twitter temporarily blocked users from posting to the site as it grappled with the intrusion, as millions of users watched in real-time as their timelines flooded with cryptocurrency scams from some of the most recognizable names on the planet.
The Aftermath
A subsequent investigation by New York’s Department of Financial Services, which accused Twitter of inadequate cybersecurity protections, found that the hackers broke in by “calling Twitter employees and claiming to be from Twitter’s IT department,” then hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs to tweet “double your bitcoin” scams. The scam netted about $120,000, according to public blockchain records.
The breach prompted Twitter to improve its cybersecurity controls, introducing hardware security keys for its employees to prevent future phishing attempts.
Two years on from the hack, more explosive allegations about the breach came to light. Peiter “Mudge” Zatko, who was hired as Twitter’s head of security months after the breach, later described the hackers’ access as achieving “god mode,” which allowed them to imposter-tweet from any account they wanted. Zatko called the incident “the largest hack of a social media platform in history” in a whistleblower complaint filed with federal regulators in 2022, in which Zatko accused his former employer of cybersecurity failings.
Conclusion
The Twitter hack was a significant event that highlighted the importance of cybersecurity. The breach prompted Twitter to improve its cybersecurity controls, but it also exposed the vulnerability of social media platforms to cyberattacks. The sentencing of Joseph James O’Connor is a reminder that cybercrime has consequences and that law enforcement agencies are committed to bringing cybercriminals to justice.
Headings:
– Introduction
– The Twitter Hack
– The Aftermath
– Conclusion
