“PlugWalkJoe” indicted for $784K SIM swap cryptocurrency theft

The U.S. Department of Justice charged a British man for his alleged role in stealing $784,000 worth of cryptocurrency using SIM swap attacks.

According to the unsealed indictment, Joseph James O’Connor – also known as “PlugWalkJoe” – conspired with others to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company.

It’s alleged that O’Connor, who is in his early twenties, perpetrated a scheme with unnamed co-conspirators to hijack control of three phone numbers belonging to executives of the targeted firm.

O’Connor and his associates are accused of pulling off a SIM-swap attack, which typically see fraudsters successfully dupe a cellphone provider’s customer support into giving them control of someone else’s phone number.

If a SIM-swap attack is successful, a fraudster will not just receive phone calls intended for their victim. They may also receive one-time passwords and 2FA codes used by some online services to authenticate whether a user is allowed to log into a system or not.

The Justice Department claims that after a successful SIM-swap attack, O’Connor and others managed to gain unauthorized access to staff accounts at the company and its computer systems.

On or about May 1, 2019, it is alleged that O’Connor and his cohorts then diverted the cryptocurrency held by the targeted company on behalf of two of its clients into cryptocurrency wallets under their own control.

The group allegedly stole a total of 770.784869 Bitcoin cash, 6,363.490509 Litecoin, 407.396074 Ethereum, and 7.456728 Bitcoin.

If the name “PlugWalkJoe” is familiar to you, then that may be because O’Connor was arrested earlier this year in relation to July 2020’s huge hack of celebrity Twitter accounts, a scheme which attempted to trick followers of the likes of Joe Biden, Kanye West, and Elon Musk into falling for a cryptocurrency scam.

In the aftermath of that high profile security breach, O’Connor showed a surprising willingness to confirm that he was “PlugWalkJoe,” telling the New York Times in July 2020 that he was not worried about police investigating his activities:

“I don’t care. They can come arrest me. I would laugh at them. I haven’t done anything.”

O’Connor is currently awaiting extradition from Spain, where he was apprehended earlier this year. He could face a lengthy prison sentence if convicted of the various criminal charges brought against him.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” “PlugWalkJoe” indicted for $784K SIM swap cryptocurrency theft” appeared first on TripWire

Source:TripWire – Graham Cluley