Spain’s National Police on Wednesday arrested a United Kingdom national in the town of Estepona (Málaga province) on suspicion of having hacked as many as 130 Twitter accounts belonging to high-profile figures and companies in order to commit fraud.
The alleged offenses took place in July 2020, when the 22-year-old supposedly took control of profiles on the social network including those of Barack Obama, Joe Biden, Kanye West, Kim Kardashian, Elon Musk and Bill Gates, as well as firms such as Apple and Uber. Messages posted on the profiles encouraged followers to send bitcoins to an account, on the promise that double the amount would be returned. “If you send a $1,000 I’ll return $2,000,” read the messages, which managed to raise $117,000 (€99,000).
The arrest in southern Spain was the second in the case, after the authorities detained a 17-year-old last August, who was considered to be the leader of the fraud.
The police operation, which was dubbed Portland, was carried out by the National Police’s cybercrimes unit in conjunction with the Federal Bureau of Investigation (FBI) in the United States. The probe began in April 2020, when the US warned the Spanish police that the suspect – who was already being investigated for other offenses – could be in Spanish territory.
The hack of more than a hundred Twitter accounts was of note not just because of the high number of profiles that were compromised and their relevance, but also because of the number of followers involved
The investigation led police to the Costa del Sol, where the young man – whose full name is Joseph James O’Connor – was detained. The US Department of Justice said that the UK national has been charged by criminal complaint filed in California.
He has been charged with several computer intrusions, including three counts of conspiracy to intentionally access a computer without authorization and obtaining information from a protected computer. He also faces one count of making extortive communications; one count of making threatening communications, and two counts of cyberstalking.
O’Connor is also accused of hacking accounts on other social networks, such as TikTok and Snapchat.
The hack of more than a hundred Twitter accounts, which took place on the night of July 15, 2020, was of note not just because of the high number of profiles that were compromised and the relevance of the users targeted, but also because of the total number of followers involved. The messages reached more than 350 million people, facilitating the deposit of $117,000.
Twitter sent out a message at the time confirming the hack. “We are aware of a security incident that is affecting Twitter accounts. We are investigating and taking action to resolve it,” the statement read. The next day, they updated the information, confirming that the incident was a “coordinated social-engineering attack” and that hackers had accessed the accounts via staff “with access to internal systems and tools.”
The FBI division in San Francisco – where Twitter is headquartered, along with other major tech firms – opened the investigation into the case, to be later joined by the Internal Revenue Service’s cybercrime unit, the US Secret Service and the Santa Clara country sheriff’s office. Later, the National Crime Agency in the United Kingdom joined the probe, as well as the National Police in Spain, who eventually carried out the arrest this week.
English version by Simon Hunter.