A court in Spain has given its approval for the extradition of a British national to the United States, who is suspected of hacking the Twitter accounts of scores of celebrities back in 2020. Joseph James O’Connor, from Liverpool, was arrested in July 2021, in the southern city of Estepona.

A court statement stated that “requirements had been met” for handing over Mr O’Connor to US authorities for 14 charges, including the alleged crimes of revelation of secrets, membership of a criminal gang, illegal access to computer systems, internet fraud, money laundering, and extortion.

The charges all relate to the hacking of more than 130 accounts back in July 2020, including those of US President Joe Biden, and former President Barack Obama. The security breach saw those accounts, together with many other high profile accounts such as those of Elon Musk, Kanye West, Kim Kardashian and Bill Gates, all hijacked.

Mr O’Connor is wanted by courts in the Northern District of California and the Southern District of New York to answer questions connected to the offences. US officials allege he seized the Twitter accounts in an elaborate scam, asking their followers to send a bitcoin to a fake account, promising to double their money.

The Brit is also wanted for several alleged cases of making malicious calls to emergency services aimed at falsely misdirecting the police to visit various locations. At the court hearing it was acknowledged that the “necessary conditions” were met for Spain to agree to a US extradition request for the 23-year-old, who is also known by the alias Plugwalk Joe.

Spain’s National Court said that he is also suspected of hacking the Snapchat account of an unnamed public figure and then threatening to publish naked pictures of the person unless he was financially compensated. They rejected arguments by O’Connor’s lawyers that he should be tried in Spain, because the servers he used were located there.

The Spanish cabinet must approve the extradition, although it usually complies with the court’s decisions. Mr O’Connor can and almost certainly will, appeal against the extradition.

Bitcoin scam

It was on 15 July 2020, when a number of Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community, by doubling any Bitcoin sent to their address. Then, the apparent scam spread to mainstream celebrity accounts and those of corporations such as Apple and Uber.

Twitter shut down users

Twitter seemingly scrambled to contain the unprecedented attack, temporarily preventing all verified users from tweeting for the first time ever. It was explained that the attackers with Mr O’Connor at the heart of it, were able to bypass account security, due to them having somehow gained access to Twitter’s own internal administration tools.

Double your money

Some 130 accounts were targeted in the cyber-attack, but Twitter insisted that only a “small subset” of them had control seized by the attackers, although it later transpired that 36 of the accounts had their Direct Messages accessed.

On the official account of Mr Musk, the Tesla chief was apparently offering to double any Bitcoin payment sent to the address of his digital wallet “for the next 30 minutes”. He evidently tweeted: “I am feeling generous because of Covid-19.” The tweets were deleted just minutes after they were first posted, then another one appeared, and then a third.

Tens of thousands of pounds scammed brings in the FBI

Irrespective of the fact that the scam was conspicuously obvious to many, the attackers still received hundreds of transfers, worth more than £80,000 ($100,000). There were three separate crypto-currency wallets used and the cyber-criminals immediately emptied them and they were then believed to have been run through “mixer” services, making it extremely difficult to trace back. The FBI was brought in and a full-scale investigation was launched.

Arrogant posts give game away

Clues began to surface through boasting on social media; with adverts appearing on hacker forums asserting to the capability of stealing any Twitter account, simply by changing the email address to which it is linked. The seller arrogantly posted a screenshot of the panel usually reserved for high-level Twitter employees and it looked to be able to permit full control of adding an email to an account or “detaching” existing ones. This would have the effect, in the case of the scam, of giving the attackers access to the back end of Twitter, up to 48 hours before they began appearing.    

Arrested on multiple charges

In July 2021 National Police in Spain arrested Mr O’Connor in Estepona, pursuant to a US request on the multiple charges relating to the hack, which could have led to blackmail. Known online as “PugWalkJoe”, O’Connor had already been linked to separate hacking attacks with a gang referred to as the “Chuckling Squad” so his involvement was no real shock.

He was charged additionally with computer intrusions related to the takeover of TikTok and Snapchat user accounts, along with cyberstalking a juvenile victim.

Twitter takes steps to stop repeat

The hack has been described as “unsophisticated”, and Twitter has said that “significant steps” have been taken to limit access to internal systems and tools. They announced at the time that the cryptoforhealth.com web address to which some of the hacked tweets had directed the users towards, was registered by a cyber-attacker who used the name “Anthony Elias” to register the website, and its belief was that it was actually a play on “an alias”.

Plug Walk Joe could be Gulp Law Joke

“Plug Walk Joe” had self-indulgently said before being taken into custody: “I don’t care, they can come arrest me. I would laugh at them; I haven’t done anything.” Possibly an anagram of Plug, Walk, Joe, could be gulp, law joke? Gulp, representing an instinctive reflex at the realisation of the extradition; law, would be the authorities finding against him; and joke, possibly symbolising that the last laugh is on him.