nito - Fotolia

U.K. man arrested in connection with 2020 Twitter breach

A 22-year-old U.K. resident was arrested in Spain and will face extradition on charges related to a social engineering operation that netted big-name Twitter accounts.

A U.K. man faces extradition to the U.S. after being arrested on charges related to the massive 2020 attacks at Twitter and other social networking sites.

Joseph O'Connor, age 22, was caught by police in Estepona, Spain. He faces multiple criminal hacking charges in connection with last year's Twitter breach, as well as a cyberstalking count in the U.S. District Court for the Northern District of California, according to an announcement from the U.S. Department of Justice.

The DOJ claims O'Connor was one of multiple hackers who used the pilfered credentials of employees at Twitter in a social engineering attack. Once the hackers obtained access to Twitter's internal administrative tools, they proceeded to seize control of dozens of high-profile accounts, including those of Amazon founder Jeff Bezos and former president Barack Obama.

The pilfered accounts were then primarily used to post bitcoin scams, where the attackers promised to send users large sums of money but instead transferred funds from the victims' accounts into their own. It was estimated at the time that the scheme was able to net well over $100,000 worth of the virtual currency.

Shortly after word of the Twitter breach broke, infosec journalist Brian Krebs named O'Connor as one of the likely perpetrators. U.S. authorities, however, had to take more time in order to build a case and bring O'Connor in, relying on help from both U.K. and Spanish law enforcement.

The Twitter attacks will not be the only crimes for which O'Connor looks to face charges. Authorities said he will also face charges of stealing accounts from TikTok and Snapchat users, and cyberstalking a minor.

Legally, O'Connor faces a laundry list of criminal counts. According to the DOJ announcement, the charges include "three counts of conspiracy to intentionally access a computer without authorization and obtaining information from a protected computer; two counts of intentionally accessing a computer without authorization and obtaining information from a protected computer; one count of conspiracy to intentionally access a computer without authorization and, with the intent to extort from a person a thing of value, transmitting a communication containing a threat; one count of making extortive communications; one count of making threatening communications; and two counts of cyberstalking."

Authorities did not provide an estimate on possible sentencing.

O'Connor is the latest suspect to be apprehended in connection with the 2020 Twitter breach. Authorities had previously charged 17-year-old Graham Ivan Clark of Florida. Clark, the alleged mastermind behind the social engineering attacks and bitcoin schemes, pled guilty in March and will serve three years in jail followed by three years of probation.

In addition, Mason Sheppard, 19, of the U.K., and Nima Fazeli, 22, of Florida were also charged in connection with the Twitter breach. Sheppard was charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and unauthorized access of a computer or electronic device. Fazeli was charged with aiding and abetting the unauthorized access.

Dig Deeper on Application and platform security

Enterprise Desktop
Cloud Computing