UK hacker busted in Spain gets 5 years over Twitter hack and more – Naked Security

Sophos Home protects every Mac and PC in your home
Some hacks become so notorious that they acquire a definite article, even if the word THE ends up attached to a very general technical term.
For example, you can probably trot out the names of dozens of well-known internet worms amongst the millions that exist in the zoos maintained by malware collectors.
NotPetya, Wannacry, Stuxnet, Conficker, Slammer, Blaster, CodeRed and Happy99 are just a few from the past couple of decades.
But if you say THE internet worm, then everyone knows that you mean the Great Worm of November 1988 – the one written by Robert Morris, student son of Robert Morris of the US National Security Agency, that ended with Morris Junior getting three years of probation, 400 hours of community service and a $10,050 fine:
Memories of the Internet Worm – 25 years later

And if you say THE Twitter hack, everyone knows you mean the one that happened in July 2020, when a small group of cybercriminals ended up in control of a small number of Twitter accounts and used them to talk up a cryptocoin fraud.
But what accounts they were, as we wrote a year later, including Bill Gates, Elon Musk, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Mike Bloomberg, Warren Buffett, Benjamin Netanyahu, Kim Kardashian, and Apple (yes, THE Apple):
Twitter limits tweeting as prominent accounts spam out cryptocoin scams

One of the suspects in that case was Joseph O’Connor, then 21, who wasn’t in the US, and who eluded US authorities for a further year until he was arrested on the Costa del Sol in Spain in July 2021:
US court gets UK Twitter hack suspect arrested in Spain

O’Connor was ultimatly extradited to the US in April 2023, pleaded guilty in May 2023, and was sentenced last week.
He wasn’t convicted only of the Twitter cryptocoin scam we mentioned above, where high profile accounts were used to trick people into sending “investments” to users they assumed were people such as Gates, Musk, Buffett and others.
He was also convicted of:
Swatting gets its name because the usual reaction of US law enforcement to a call claiming that a shooting is imminent is to send a so-called Special Weapons and Tactics (SWAT) team to deal with the situation, rather than expecting a regular patrol officer to stop by and investigate.
As the US Department of Justice describes it:
A “swatting” attack occurs when an individual makes a false emergency call to a public authority in order to cause a law enforcement response that may put the victim or others in danger.
O’Connor was convicted of multiple offences: conspiracy to commit computer intrusions, conspiracy to commit wire fraud, conspiracy to commit money laundering, making extortive communications, stalking, and making threatening communications.
He received a five-year prison sentence, followed by three years of supervised release, and he was ordered to pay $794,012.64 in forfeiture. (What happens if he can’t or won’t pay, we don’t know.)
SIM swaps are tricky to protect against, because the final decision to authorise a replacement SIM card is down to your mobile phone company (or the staff in one of its stores), not to you yourself.
But the following tips can help:
Follow @NakedSecurity on Twitter for the latest computer security news.
Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!
Recently I noticed that Spain started handing out GDPR fines to telecom providers who fall for the sim swapping attack of 70.000€ per person:
If you fall victim to the sim swap start reporting to the data privacy agencies. I guess enough fines will result in a safer system.
(And as mentioned in the article use a safer 2FA option)


Leave a Reply

Your email address will not be published. Required fields are marked *