SIM Swapping Hacks: Hacker Group Steals $5 Million
Police arrested a 20-year old college student Joel Ortiz from Boston a few days ago for having been part of a hacker group that was involved in the hacking of cellphone numbers using SIM swapping technique. The hacker group reportedly managed to steal over $5 million in cryptocurrencies by targeting around 40 victims.
It’s users associated with cryptocurrencies and blockchains who are targeted by hackers in such kinds of attacks. The hackers would trick the telecom providers and swap the target’s phone number to a SIM controlled by them (the hackers). Thus, the hackers would have control over the phone number of the victim. They would then be able to reset the login credentials and also get easy access to the victim’s account.
SIM swapping, also known as SIM hijacking, is a rather common technique used by cybercriminals these days. They would register an already existing number on a new SIM card and that would enable them to intercept OTPs and reset login credentials of their victims.
Motherboard reports– “Ortiz was arrested at the Los Angeles International Airport on his way to Europe, according to sources close to the investigation, who said Ortiz was flashing a Gucci bag as part of a recent spending spree they believe was financed by the alleged crimes…He is facing 28 charges: 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft, according to the complaint filed against him on the day before his arrest.”
Detectives had started investigating the case after one victim, a blockchain investor, revealed to the police that his cell phone number has been stolen by hackers. Motherboard reports, “Ortiz allegedly targeted the investor between February and March on several occasions. He hijacked his phone number twice, reset passwords on his email and cryptocurrency accounts, added his own two-factor Google authenticator app to further lock the victim out, and even harassed his daughter, according to the case investigators, who are part of the Regional Enforcement Allied Computer Team, a task force made of multiple local California police departments that focuses on cybercrime…On March 20, Ortiz allegedly called the investor’s wife using the stolen phone number and then messaged the investor’s daughter and friends asking for bitcoin.”
The detectives them sent a warrant to the investor’s cell phone provider demanding call records for the days when the hackers were allegedly in control of the number.; the records revealed that the investor’s number was used by two Samsung Android phones, both of which were identified using their IMEI numbers. The investor then told the investigators he did not use Samsung phones and that led the detectives to infer that the devices belonged to the hackers. They then sent Google a search warrant for data connected to the IMEI numbers. That eventually led them on to Ortiz.
Motherboard reports about what happened when Google provided the data- “This revealed three emails associated with those numbers, including a Gmail account and a Microsoft Live account. By searching through that Gmail account, thanks to another warrant sent to Google, the investigators found evidence linking the account to Ortiz and showing potential criminal activity: an email that contained a selfie of Ortiz holding his Massachusetts ID card; an email “containing information about SIM swapping;” emails that showed Ortiz purchased domains such as “tw-tter.com” apparently to use in phishing attacks; and emails from YouTube that showed Ortiz had uploaded videos on how to exploit social media and phone company websites and how to use unknown security vulnerabilities, also known as “zero-day exploits.”” Further developments finally led to Ortiz being arrested.
Well, SIM swapping attacks are on the rise and almost anyone can fall victim to it. So, it’s always good to stay on the guard against SIM swapping attacks and other common bank fraud techniques, including phishing, vishing (voice phishing), smishing (SMS phishing) and banking malware attacks.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.