US DOJ charges 9 individuals who stole $2.5M in Crypto using SIM Swapping

May 11 2019

The United States Department of Justice has published a fifteen-count accusation on May 9 which charges a hacking group with the name "The Community" with SIM swapping in order to steal cryptocurrencies.

U.S. Attorney Matthew Schneider and Angie Salazar, who is his colleague from the U.S. Immigration and Customs Enforcement declared the allegations in the Eastern District of Michigan. According to Salazar, the investigation was being carried out by Home Security Investigations in the two continents.

As per the accusation, five Americans and one Irishman are indicted for committing wired fraud and aggravated identity theft. Another three, who are basically the former employees of the mobile phone providers are charged in a criminal complaint with the wire fraud linked to "The Community."

In SIM frauds, criminals are able to port the phone number of the victims to a new SIM under their control. A SIM fraud is mainly a type of fraud which bypasses the extra security measures introduced by organizations to their customers. Attackers obtain the victim's data by initiating a phishing campaign, or by purchasing item in the underground market.

Criminals then use the data obtained from the Victim and represent them as a true user of the SIM to telco operator and request them to provide a new SIM as old was lost or stolen. 

As mentioned in the document, the hacking group used SIM swapping a kind of identity theft attack which generally weakens the two-factor authentication. By using his technique,

“The Community” got control of victims’ mobile phone number, resulting in the victims’ phone calls and short message service (“SMS”) messages being routed to devices controlled by “The Community”. states DoJ.

After properly swapping the numbers of the victims, "The Community" managed to get access to their online accounts along with crypto exchange accounts and wallets. Due to this fraud, around $2.5 million worth of Cryptocurrency was transferred to wallets of the hacking group. Attorney Schneider also mentioned that in this case, the three phone service providers helped traders to steal money. 

The charges of conspiracy to engage in wire fraud carry a maximum penalty of 20 years in prison each. However, an aggravated identity theft charge carries a maximum sentence of 2 years in prison.

Comments