Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Nine Charged in SIM Hijacking Scheme

The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced. 

The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced. 

Six of the individuals were charged with wire fraud in connection to the hacking group “The Community,” while three former employees of mobile phone providers were charged with wire fraud in relation to the conspiracy.

Charges were brought against Conor Freeman, 20, of Dublin, Ireland; Ricky Handschumacher, 25 of Pasco County, Florida; Colton Jurisic, 20 of, Dubuque, Iowa; Reyad Gafar Abbas, 19, of Rochester, New York; Garrett Endicott, 21, of Warrensburg, Missouri; Ryan Stevenson, 26, of West Haven, Connecticut; Jarratt White, 22 of Tucson, Arizona; Robert Jack, 22 of Tucson, Arizona; and Fendley Joseph, 28, of Murrietta, California. 

The defendants are alleged members of “The Community,” a hacking group focused on stealing victims’ identities to perform cryptocurrency theft via “SIM Hijacking.” 

Also referred to as “SIM Swapping,” the “SIM Hijacking” identity theft technique, which exploits mobile phone numbers, allowed the hackers to gain control of victims’ mobile phone numbers. Thus, the victims’ phone calls and short message service (SMS) messages were being routed to devices controlled by the group. 

According to the indictment, the SIM Hijacking was often facilitated by bribing an employee of a mobile phone provider. The hackers would also call the mobile phone provider’s customer service, posing as the victim and requested the phone number be swapped to a SIM card controlled by “The Community”.

Once the hackers had control of a victim’s phone number, they would then use the number to gain control of the victim’s online accounts, including email, cloud storage, and cryptocurrency exchange.   

The group would abuse the control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes. 

The hackers sought to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal their funds, the indictment alleges. They appear to have executed seven attacks and stole cryptocurrency valued at approximately $2,416,352.

White, Jack and Joseph, who were employees of mobile phone service providers, allegedly helped members of “The Community” steal the identities of subscribers in exchange for bribes. 

“Mobile phones today are not only a means of communication but also a means of identification. This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it,” United States Attorney Matthew Schneider said. 

Each of the nine defendants faces a statutory maximum penalty of 20 years in prison. 

Related: U.S. Charges Ukrainian for Malvertising

Related: U.S. Charges 8 in Securities Hacking Scheme

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.