Pierluigi Paganini February 01, 2024

A US man has been sentenced to federal prison for his role in a fraudulent scheme that resulted in the theft of millions of dollars through SIM swapping.

Daniel James Junk (22) of Portland was sentenced to 72 months in federal prison for his role in a scheme that resulted in the theft of millions of dollars of cryptocurrency using a SIM swapping.

The man conducted SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudster. Once hijacked a SIM, the attacker can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.

Junk was also sentenced to three years’ supervised release and was also ordered to pay more than $3 million in restitution to his victims.

Based on court documents, between December 2019 and March 2022, Junk participated in a fraud scheme to steal funds from the cryptocurrency exchange accounts of his victims.

“Junk actively participated in an online SIM-swapping community where various individuals would partner with one another to play different roles needed to successfully execute a SIM swap scam.” reads the press release published by DoJ. “Throughout his involvement in such schemes, Junk performed some aspects of all the required roles including finding victims to target through breached databases or other exploits, porting victim phone numbers to devices controlled by members of the fraud conspiracy, and physically possessing the phone used for the “swap.” Junk and members of his online community also coordinated with one another to plan and carry out various in-person crimes including attempting to steal a 90-year-old victim’s cell phone and committing fraud at cellular telephone stores.”

On March 3, 2022, the FBI executed a federal search warrant on Junk’s apartment and seized his electronic equipment. The seized computer had an active browser showing that Junk was attempting to illegally access accounts belonging to other people when the FBI arrived at his residence. The FBI seized more than 71 bitcoins worth approximately $3 million. Two months later, Junk turned over an extra 33 bitcoins, valued at around $1 million.

In early January 2024, while awaiting sentencing, Junk was found to possess additional evidence of fraud. The FBI found lists of victims and approximately 25,000 compromised email addresses. “On January 10, 2024, Junk’s release was revoked, and he was ordered into custody pending sentencing.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SIM SWAPPING)