In a press release dated on Thursday 9  May, the US Department of Justice announced charges against 9 people for stealing approximately $2.5 million in cryptocurrency through sim swapping hacks.

Of the nine individuals, six of them (five Americans and one Irish national) are members of a hacking group called “The Community”. The other three people listed in the 15 count indictment are reportedly Americans and former employees of phone providers.

What is SIM Swapping?

This process is also known as SIM hijacking. This is where a hacker will use a victim’s phone provider and request a new SIM card, impersonating the victim. The victim’s original phone number would be transferred to the new SIM and the hacker can reset the victim’s account passwords for their crypto accounts, bank accounts, social media accounts, and so on. Of course, when the scam has gone this far, then the user is locked out of their own accounts and has lost control.

The press release reads:

“SIM Hijacking” or “SIM Swapping” is an identity theft technique that exploits a common cyber-security weakness – mobile phone numbers.  This tactic enabled “The Community” to gain control of victims’ mobile phone number, resulting in the victims’ phone calls and short message service (“SMS”) messages being routed to devices controlled by “The Community”.

How to Protect Yourself from SIM Swapping Attacks

In order for this to be successful, the hacker needs to know your phone number and some other details like your name. One way to reduce the chance of this happening to you, you should remove your phone number from your accounts, especially public facing accounts. Ideally, network providers should be putting systems in place to prevent this from happening, and it’s likely they will in the near future, but until then you must take control of the situation.

We also recommend that you use two-factor authentication on your accounts where possible. To protect yourself from a SIM swapping attack you should opt for a token based two-factor authentication rather than an SMS one.

United States Attorney Matthew Schneider said:

Mobile phones today are not only a means of communication but also a means of identification,

This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it.

The Community

The Community hacking group allegedly used these SIM swapping methods repeatedly to gain control of victim’s SIMs and steal cryptocurrency from the victim’s crypto wallet. The hackers involved in the scam are facing several charges of fraud and identity theft. The three former phone company employees have been charged with wire fraud and potentially face decades behind bars.

According to the press release by the Department of Justice, US Attorney’s Office of Michigan East, the six accused hackers are Conor Freeman (20), from Dublin, Ireland; Colton Jurisic (20), from Dubuque, Iowa; Ricky Handschumacher (25), from Pasco County, Florida; Reyad Gafar Abbas (19), fro Rochester, New York; Garrett Endicott (21), of Warrensburg, Missouri; and Ryan Stevenson (26), of West Haven, Connecticut.

The press release continues:

The members of “The Community” charged in the indictment endeavored to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal victims’ funds.  It is alleged in the indictment that the defendants executed seven attacks that resulted in the theft of cryptocurrency valued at approximately $2,416,352.