Two Massachusetts men charged in connection with a two-year-old scheme of allegedly sim swapping attacks targeting ‘high-value’ social media accounts and stealing cryptocurrency.
According to the announcement on November 14, two Massachusetts men Eric Meiggs, 21 and Declan Harrington, 20 were arrested on Thursday and charged in U.S district court in Boston accused in an 11-count indictment, charging with one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse and one count of aggravated identity theft.
What is SIM-swapping?
The scam begins with the attacker collecting the personal details of the victim by launching a phishing campaign or buying them from an underground market or by directly socially engineering the victim.
Once the attackers obtain these details, they impersonate them in front of the victim’s telecom operator. The attacker convinces the telephone company using social engineering techniques to provide a new sim or port the victim’s phone number to the fraudster sim.
Once obtained a new sim, the victim’s phone will lose connection to the network, and the victim will receive all the SMS and voice calls intended for the victim. This allows the attacker to intercept any one-time passwords sent via text or telephone calls forwarded to the victim, any security features of accounts such as bank accounts, social media accounts etc.
How did the two Massachusetts men attack?
According to the indictment, the pair allegedly stole or attempted to steal over $550,000 in cryptocurrency from at least 10 victims throughout the U.S, since November 2017.
Meiggs and Harrington allegedly targeted executives of cryptocurrency companies thought to own significant amounts of cryptocurrency as well as social media accounts with “high-value” we’re hijacked. Massachusetts used the illegal SIM swapping technique to take control of the victim’s social media and other sensitive accounts.
Meiggs and Harrington were also accused of threatening the victim’s family members in an attempt to force victims to pay up.
A 20-year-old hacker in the U.S named Joel Oritz of Boston was sentenced to 10 years in prison for stealing over $5million worth of cryptocurrency earlier this year.
A British teenager was sentenced to 20 months in prison for use in SIM swapping attack back in August.
How to protect yourself from a SIM swap attack?
The guidance proposed by the U.S Federal Trade Commission (FTC) against a SIM swap attack:-
- Don’t reply to calls, emails, or text messages that request personal information.
- Set up a PIN or password on by our cellular account.
- Consider using stronger authentication on accounts with sensitive personal or financial information.
You may be interested in reading: Click2Mail Suffers Data Breach