U.K. citizen sentenced to five years for cybercrime offenses


Date: June 23, 2023

Contact: newsroom@ci.irs.gov

SAN FRANCISCO — Joseph James O'Connor, a/k/a "PlugwalkJoe," a U.K. citizen, was sentenced today to five years in federal prison for his role in a wide array of cybercrime offenses. O'Connor was extradited from Spain on April 26, 2023, and pleaded guilty on May 9, 2023, before Southern District of New York U.S. District Judge Jed S. Rakoff to two sets of charges: (i) a set of charges filed in the Northern District of California, and transferred to the Southern District of New York under Federal Rule of Criminal Procedure 20, relating to O'Connor's role in the July 2020 hack of Twitter, Inc. (Twitter), computer intrusions related to takeovers of TikTok and Snapchat user accounts, and cyberstalking two separate victims (the "NDCA Case"), and (ii) conspiracy to commit computer hacking and other charges pending in the Southern District of New York relating to a fraudulent scheme perpetrated by O'Connor and his co-conspirators to use a cyber intrusion technique known as a SIM swap attack to steal cryptocurrency, then valued at approximately $794,000, from a Manhattan-based cryptocurrency company and then to launder the proceeds of the scheme (the "SDNY Case"). U.S. District Judge Rakoff handed down today's sentence.

"The investigation, charging, extradition, and prosecution of this case required the cooperation and coordinated efforts of many people," said United States Attorney Ismail Ramsey. "This case demonstrates why cybercriminals can take no comfort in any anonymity they may think they enjoy. They will be identified, diligently pursued, and brought to justice."

The NDCA Case

According to the publicly filed charging documents, court filings, and statements made in court, between 2019 and 2020, O'Connor participated in a variety of crimes associated with exploitation of social media accounts, online extortion, and cyberstalking.

In July 2020, O'Connor participated in a conspiracy to gain unauthorized access to social media accounts maintained by Twitter. In early July 2020, O'Connor co-conspirators used social engineering techniques to obtain unauthorized access to administrative tools used by Twitter to maintain its operations. Those co-conspirators were able to use the tools to transfer control of certain Twitter accounts from their rightful owners to various unauthorized users. In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others. O'Connor communicated with others regarding purchasing unauthorized access to a variety of Twitter accounts, including accounts associated with public figures around the world. A number of Twitter accounts targeted by O'Connor were subsequently transferred away from their rightful owners. O'Connor agreed to purchase unauthorized access to one Twitter account for $10,000.

O'Connor also accessed without authorization one of the most highly visible TikTok accounts in August 2020, which was associated with a public figure with millions of followers ("Victim-1"). O'Connor and his associates obtained unauthorized access to Victim-1's account via a SIM swap after discussing a variety of celebrities to target, and O'Connor used his unauthorized access to Victim-1's platform to post self-promotional messages, including a video in which O'Connor's voice is recognizable. O'Connor also stated publicly, via a post to Victim-1's TikTok account, that he would release sensitive, personal material related to Victim-1 to individuals who joined a specified Discord server.

O'Connor targeted another public figure ("Victim-2") in June 2019. O'Connor and his associates obtained unauthorized access to Victim-2's account on Snapchat via a SIM swap. They used that access to obtain sensitive materials, to include private images, that Victim-2 had not made publicly available. O'Connor sent copies of these sensitive materials to his associates. O'Connor and his associates also reached out to Victim-2 and threatened to publicly release the stolen sensitive materials unless Victim-2 agreed to publicly post messages related to O'Connor online persona, among other things.

Lastly, O'Connor stalked and threatened a minor victim ("Victim-3") in June and July 2020. In June 2020, O'Connor orchestrated a series of swatting attacks on Victim-3. A "swatting" attack occurs when an individual makes a false emergency call to a public authority in order to cause a law enforcement response that may put the victim or others in danger. On June 25, 2020, O'Connor called a local police department and falsely claimed that Victim-3 was making threats to shoot people. O'Connor provided an address that he believed was Victim-3's address, which would have the result of causing a law enforcement response. That same day, O'Connor placed another call to the same police department and stated that he was planning to kill multiple people at the same address. In response to that call, the police department dispatched every on-duty officer to that address in reference to an armed and dangerous individual. O'Connor sent other swatting messages that same day to a high school, a restaurant, and a sheriff's department in the same area. In those messages, O'Connor represented himself as either Victim-3 or as a resident at the address he believed was Victim-3's. The following month, O'Connor called multiple family members of Victim-3 and threatened to kill them.

The NDCA Case was transferred to the Southern District of New York pursuant to Federal Rule of Criminal Procedure 20 and consolidated with the SDNY Case before U.S. District Judge Rakoff.

The SDNY Case

During a cyber intrusion known as a subscriber identity module ("SIM") swap attack, cyber threat actors gain control of a victim's mobile phone number by linking that number to a SIM card controlled by the threat actors, resulting in the victim's calls and messages being routed to a malicious unauthorized device controlled by the threat actors. The threat actors then typically use control of the victim's mobile phone number to obtain unauthorized access to accounts held by the victim that are registered to the mobile phone number.

Between approximately March 2019 and May 2019, O'Connor and his co-conspirators perpetrated a scheme to use SIM swaps to conduct cyber intrusions in order to steal a large amount of cryptocurrency from a Manhattan-based cryptocurrency company ("Company-1"), which, at all relevant times, provided wallet infrastructure and related software to cryptocurrency exchanges around the world.

As part of the scheme, O'Connor and his co-conspirators successfully perpetrated SIM swap attacks targeting at least three Company-1 executives. Following a successful SIM swap attack targeting one of the executives on or about April 30, 2019, O'Connor and his co-conspirators successfully gained unauthorized access to multiple Company-1 accounts and computer systems. On or about May 1, 2019, through their unauthorized access, O'Connor and his co-conspirators stole and fraudulently diverted cryptocurrency of various types (the "Stolen Cryptocurrency") from cryptocurrency wallets maintained by Company-1 on behalf of two of its clients. The Stolen Cryptocurrency was worth at least approximately $794,000 at the time of the theft and is currently worth more than $1.6 million.

After stealing and fraudulently diverting the Stolen Cryptocurrency, O'Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services. Ultimately, a portion of the Stolen Cryptocurrency was deposited into a cryptocurrency exchange account controlled by O'Connor.

O'Connor of the United Kingdom, pleaded guilty before U.S. District Judge Rakoff to the following charges: (i) as part of the NDCA Case – a conspiracy to commit computer intrusion, two counts of committing computer intrusions, making extortive communications, two counts of stalking, and making threatening communications; and (ii) as part of the SDNY Case – a conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and conspiracy to commit money laundering. In addition to the prison term, O'Connor was sentenced to three years of supervised release. O'Connor was further ordered to pay $794,012.64 in forfeiture.

The FBI is investigating the case with assistance from the IRS Criminal Investigations, Cyber Crimes Unit; US Secret Service, San Francisco Field Office; US Secret Service, Criminal Investigations Division; Spanish National Police; and United Kingdom National Crime Agency.

The U.S. Attorney's Office for the Northern District of California and the Criminal Division's Computer Crime and Intellectual Property Section (CCIPS) are handling the NDCA case. Assistant U.S. Attorney Andrew F. Dawson for the Northern District of California and CCIPS Assistant Deputy Chief Adrienne L. Rose are prosecuting the case.

The U.S. Attorney's Office for the Southern District of New York's Complex Frauds and Cybercrime Unit is handling the SDNY case. Assistant U.S. Attorney Olga I. Zverovich for the Southern District of New York is prosecuting the case.

The Justice Department's Office of International Affairs provided valuable assistance in securing the extradition of O'Connor.