• Thu. May 30th, 2024

SIM Hijacking Scheme Smashed in Southern California

ByGeorge Bao

May 10, 2019

Los Angeles — A SIM hijacking scheme to steal personal identity of the victims to steal their money has been smashed by Federal Law Enforcement with nine defendants charged against wire fraud and identity theft, the U.S. Attorney’s Office announced Thursday.

Six individuals connected to a hacking group known to its members as “The Community” were charged in a fifteen count indictment unsealed today with conspiracy to commit wire fraud, wire fraud and aggravated identity theft, announced United States Attorney Matthew Schneider.  In addition, a criminal complaint was unsealed charging three former employees of mobile phone providers with wire fraud in relation to the conspiracy.

Schneider was joined in the announcement by Acting Special Agent in Charge Angie Salazar of U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) Detroit.

According to the indictment, the defendants are members of “The Community” and are alleged to have participated in thefts of victims’ identities in order to steal cryptocurrency via a method known as “SIM Hijacking”.  Cryptocurrencies, also known as virtual currencies or digital currencies, are online media of exchange.  The most famous of these is Bitcoin.  Like traditional currency, they act as a store of value and can be exchanged for goods and services.  They can also be exchanged for dollars. 

“SIM Hijacking” or “SIM Swapping” is an identity theft technique that exploits a common cyber-security weakness – mobile phone numbers.  This tactic enabled “The Community” to gain control of victims’ mobile phone number, resulting in the victims’ phone calls and short message service (“SMS”) messages being routed to devices controlled by “The Community”.  “SIM Hijacking” was often facilitated by bribing an employee of a mobile phone provider.  Other times, SIM Hijacking was accomplished by a member of “The Community” contacting a mobile phone provider’s customer service—posing as the victim—and requesting that the victim’s phone number be swapped to a SIM card (and thus a mobile device) controlled by “The Community”.

The indictment alleges that, once “The Community” had control of a victim’s phone number, the phone number was leveraged as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and cryptocurrency exchange accounts.  For example, “The Community” would use their control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes that allowed them to bypass security measures. 

The members of “The Community” charged in the indictment endeavored to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal victims’ funds.  It is alleged in the indictment that the defendants executed seven attacks that resulted in the theft of cryptocurrency valued at approximately $2,416,352.

According to the criminal complaint, defendants White, Jack and Joseph were employees of mobile phone service providers and helped members of “The Community” steal the identities of subscribers to their employers’ services in exchange for bribes. 

“Mobile phones today are not only a means of communication but also a means of identification,” stated United States Attorney Matthew Schneider.  “This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it.”

“The allegations against these defendants are the result of a complex cryptocurrency and identity theft investigation led by Homeland Security Investigations, which spanned two continents,” said Salazar. “Increasingly, criminal groups are turning exclusively to web-based schemes to further their illicit activities, which is why HSI has developed capabilities to meet these threats head on.”


Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.