Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping

Pierluigi Paganini November 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping.

American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency.

The suspects stole the funds from at least 10 victims using SIM swapping between November 2015 and May 2018. In February, a 20-year-old college student that has stolen more than $5 million worth of cryptocurrency through SIM swapping attacks got a 10 years jail sentence.

In May, the U.S. Department of Justice charged nine individuals connected to a hacking crew focused on identity theft and SIM swapping attacks.

In SIM swap frauds crooks are able to port the phone number of the victims to a new SIM card under their control.

A SIM swap fraud is a type of fraud that overwhelms the additional security measures introduced by organizations to protect their customers.

Attackers obtain victims’ information by launching a phishing campaign, or by purchasing them in the underground market.

Crooks use the information gathered on the victims in the attempt to impersonate them in front of a telco operator and ask it to provide a new SIM to replace the old one that was lost or stolen.

They can prove their identity by answering basic security questions and requesting the cancellation of the old SIM and the activation of a new one. Once obtained a new SIM, crooks can operate with the victim’s mobile account, intercepting or initiating calls, accessing SMSs (including authorizations codes sent by bank and cryptocurrency exchanges) and to authorize transactions.

SIM swapping

“Two Massachusetts men were arrested today and charged in U.S. District Court in Boston with conducting an extensive scheme to take over victims’ social media accounts and steal their cryptocurrency using techniques such as “SIM swapping,” computer hacking and other methods.” reads the press release from DoJ. “Eric Meiggs, 21, of Brockton, Massachusetts, and Declan Harrington, 20, of Rockport, Massachusetts, were charged in an 11-count indictment, charging them with one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse and one count of aggravated identity theft. “

According to the DoJ, the two defendants Eric Meiggs (20) and Declan Harrington (21) targeted users with high-value cryptocurrency accounts, and also executives of cryptocurrency companies.

The duo has also been charged for taking over social media accounts of their victims, including two who individuals that “had high value or ‘O.G.’ (slang for ‘Original Gangster’) social media account names.”

The duo has been charged with:

  • one count of conspiracy to commit wire fraud,
  • eight counts of wire fraud,
  • one count of computer fraud and abuse, and
  • one count of aggravated identity theft.

The defendants face a maximum penalty of 20 years in prison, the aggravated identity theft charge can add to the sentence additional 2 years in prison.

In March, the FBI issued a SIM swapping alert in response to the increasing cases of SIM jacking attacks.

In October, the U.S. Federal Trade Commission (FTC) released guidance on how to protect against SIM swapping attacks in October, below the list of countermeasures recommended by the agency:

• Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
• Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
• Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
• Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SIM swapping, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment