Spanish Court Approves Twitter Hacking Suspect's Extradition
British Man Also Charged With Nude Photo Extortion, Swatting, Cryptocurrency TheftSpain's high court approved the U.S. Department of Justice's request that a British man be extradited to face charges that he hacked Twitter in 2020 to perpetrate a cryptocurrency scam.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
On Friday, Spain's Audiencia Nacional decided the U.S. request to extradite Joseph James O'Connor, 23, satisfies the country's extradition rules.
The Spanish government must now approve O'Connor's extradition. He can appeal the decision.
Authorities arrested O'Connor, aka "PlugwalkJoe," in southern Spain's Costa del Sol in July 2021, at U.S. request. He faces 14 charges including allegations that he helped seize control of 130 Twitter accounts, including ones used by Joseph Biden, Barack Obama, Bill Gates and Elon Musk; extorted individuals via social networking; and perpetrated internet-facilitated robberies.
O'Connor sought to have the extradition request dismissed by arguing that his case should be tried in Spain, where the servers used to perpetuate his alleged crimes are located. He also contended Spain would be a better venue because computer crime offenses in the United States incur disproportionate sentences.
In its decision published Friday, National High Court judges disagreed on both fronts.
The court said the Justice Department's documentation of crimes allegedly committed by O'Connor was voluminous and detailed. Because no criminal charges have been filed against the suspect in Spain, "the United States is in a better position to prosecute the facts since the evidence obtained in the investigation is found there and because it is the place where the damage has been caused," they wrote.
About the question of potentially disproportionate U.S. sentencing guidelines for computer crimes, the court said it is not within its purview to review another country's penalties.
According to documentation provided to the Spanish court by U.S. prosecutors, charges against O'Connor include "hacking the Snapchat account of a public figure whom he tried to extort and harass by threatening to spread her nude photos," it says. As security blogger Brian Krebs has reported, the target appears to have been actor Bella Thorne. O'Connor has also been charged with multiple cases of swatting, which refers to making false calls to generate an emergency response from law enforcement.
The court said that beyond the above charges, all of which were filed in U.S. District Court for the Northern District of California, O'Connor has also been charged in the Southern District of New York with cryptocurrency theft.
Twitter Hacked in 2020
O'Connor is one of four individuals charged with tricking several Twitter employees to share their administrator credentials, which attackers used to gain unauthorized access to 130 high-profile Twitter accounts on July 15, 2020. Compromised account holders included Biden, who was then the Democratic presidential nominee, plus Tesla CEO Musk, the corporate accounts of Apple and Uber, and Floyd Mayweather, Jeff Bezos, Kim Kardashian, Mike Bloomberg and Warren Buffet.
Posts to their accounts claimed that "I am giving back to the community," promising that for 30 minutes only, anyone who sent up to $1,000 in bitcoin would receive double in return. Prosecutors said 360 individuals fell victim to the scam, netting defendants nearly $120,000.
Beyond O'Connor, the three other individuals charged with perpetrating the Twitter hack and scam were Graham Ivan Clark and Nima Fazeli - both residents of Florida - and Mason Sheppard in England.
Sheppard - aka "Chaewon," "ever so anxious#001" - has not been arrested. But as of last November, authorities in the U.S. and U.K. told the BBC he remained under investigation.
Clark and Fazeli were arrested in the U.S. in July 2020. In March 2021, Clark, who was charged as a juvenile, pleaded guilty to 30 felony charges. He received a three-year sentence in a juvenile facility.
Also in March 2021, then-18-year-old Fazeli secured a plea deal that allowed him to plead guilty to state charges as a "youthful offender" - because he had been 17 when he committed the crimes - in return for serving a three-year prison sentence. Had he been sentenced as an adult, he would have faced a minimum 10-year sentence. Fazeli also surrendered his stolen cryptocurrency.
"Graham Clark needs to be held accountable for that crime, and other potential scammers out there need to see the consequences," Andrew Warren, then the state attorney for Florida's Hillsborough County, said at the time. "In this case, we've been able to deliver those consequences while recognizing that our goal with any child, whenever possible, is to have them learn their lesson without destroying their future."
SIM-Swapping Cryptocurrency Theft Charges
If O'Connor ultimately is extradited to the U.S., beyond the Twitter hacking charges, as well as alleged cyber extortion and swatting, he will face a separate indictment filed under seal in the Southern District of New York in August 2021 charging him with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, aggravated identity theft and conspiracy to commit money laundering.
The indictment was unsealed in November 2021 after the U.S. attorney for SDNY requested the court do so to supplement evidence provided to Spain by the Northern District of California, which is spearheading O'Connor's extradition request.
The SDNY indictment charges O'Connor, as well as unnamed co-conspirators, with using SIM swapping in the spring of 2019 to take control of mobile phone numbers used by three executives at a New York City cryptocurrency exchange, as part of a scheme that allowed them to steal cryptocurrency and tokens then valued at $784,000. The suspects allegedly used money laundering services to convert the stolen bitcoin cash, litecoin and ethereum into bitcoins.
O'Connor allegedly also took to Skype to taunt employees at the exchange with details of how the hack and theft had been perpetrated.