Hackingbende has stolen millions in cryptocurrency via simswaps

Six people have been charged because they were supposedly SIM card swappers who have stolen the identities of their victims and their cryptocurrency and three mobile phone employees have been charged with accepting bribes to help them steal the identity of subscribers .

On Thursday, the federal prosecutors in the US district attorney for Michigan's eastern district said the six alleged hackers were part of a hacking gang called & # 39; The Community & # 39 ;. The gang allegedly carried out seven attacks that resulted in a cryptocurrency distance of more than US $ 2.4 million.

The unsealed charge costs Conor Freeman (20) in Dublin, Ireland; Ricky Handschumacher, 25, from Pasco County, Florida; Colton Jurisic, 20, from Dubuque, Iowa; Reyad Gafar Abbas, 19, from Rochester, New York; Garrett Endicott, 21, from Warrensburg, Missouri; and Ryan Stevenson, 26, from West Haven, Connecticut, with a conspiracy to commit wire fraud, wire fraud, and aggravated identity theft.

How the crooks beat a sim swap

As we explained, SIM swaps work because phone numbers are actually linked to the phone's SIM card – SIM is actually an abbreviation for Abonee identity module, a special system-on-a-card that securely stores the cryptographic secret that identifies your phone number to the network.

Most mobile phone shops can issue and activate replacement SIM cards quickly, causing your old SIM card to die and the new SIM card to take over your telephone number … and your telephone identity.

This is useful when you get a new phone or lose your phone: your telephone company is happy to sell you a new phone with a new SIM card with your old number on it.

But if a SIM swap scammer can get enough information about you, they can pretend to be you and then social engineer it to switch from your phone number to a new SIM card that is under their control.

By stealing your phone number, the crooks receive your text messages together with your phone calls, and if you have set up SMS-based two-factor authentication (2FA), the crooks now have access to your 2FA codes – at least until you find your phone dead and convince your account providers that someone else has hacked your account.

Prosecutors claim that the Community has control over the cell phone numbers of victims and intercepts phone calls and text messages. They often bought help from a mobile provider to buy. Other times they used social engineering: contacting the customer service of a mobile provider; pose as the victim; and talk sweetly about the victim's phone number on one of their own mobile devices to a SIM card.

Prosecutors also claim that the community has bribed the other three individuals charged with indictment, all of whom are employees of mobile phone service providers – Jarratt White, 22, from Tucson, Arizona; Robert Jack, 22, from Tucson, Arizona; and Fendley Joseph, 28, from Murrietta, California. The three would have helped the hackers to steal the identity of subscribers.

The indictment claims that once the gang had control over a victim's phone number, they would use it as a gateway to gain control over online services such as email, cloud storage, and cryptocurrency exchange accounts.

The community gang members allegedly tried to hijack the cryptocurrency wallets or cryptocurrency exchange accounts of victims to remove them from funds. The indictment claims that the suspects have carried out seven attacks that resulted in the theft of cryptocurrency worth $ 2,416,352.

If he is convicted of a conspiracy to commit wire fraud, every defendant is faced with a legal maximum sentence of 20 years in prison. The costs of wire fraud each bear a legal maximum penalty of 20 years, while the aggravated identity theft to support wiring practices has a legal maximum penalty of 2 years imprisonment to be served sequentially for each penalty imposed on the underlying count of wire fraud. However, maximum penalties are rarely handed out.