Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Nine Charged in SIM Hijacking Scheme

The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced. 

The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced. 

Six of the individuals were charged with wire fraud in connection to the hacking group “The Community,” while three former employees of mobile phone providers were charged with wire fraud in relation to the conspiracy.

Charges were brought against Conor Freeman, 20, of Dublin, Ireland; Ricky Handschumacher, 25 of Pasco County, Florida; Colton Jurisic, 20 of, Dubuque, Iowa; Reyad Gafar Abbas, 19, of Rochester, New York; Garrett Endicott, 21, of Warrensburg, Missouri; Ryan Stevenson, 26, of West Haven, Connecticut; Jarratt White, 22 of Tucson, Arizona; Robert Jack, 22 of Tucson, Arizona; and Fendley Joseph, 28, of Murrietta, California. 

The defendants are alleged members of “The Community,” a hacking group focused on stealing victims’ identities to perform cryptocurrency theft via “SIM Hijacking.” 

Also referred to as “SIM Swapping,” the “SIM Hijacking” identity theft technique, which exploits mobile phone numbers, allowed the hackers to gain control of victims’ mobile phone numbers. Thus, the victims’ phone calls and short message service (SMS) messages were being routed to devices controlled by the group. 

According to the indictment, the SIM Hijacking was often facilitated by bribing an employee of a mobile phone provider. The hackers would also call the mobile phone provider’s customer service, posing as the victim and requested the phone number be swapped to a SIM card controlled by “The Community”.

Once the hackers had control of a victim’s phone number, they would then use the number to gain control of the victim’s online accounts, including email, cloud storage, and cryptocurrency exchange.   

The group would abuse the control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes. 

Advertisement. Scroll to continue reading.

The hackers sought to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal their funds, the indictment alleges. They appear to have executed seven attacks and stole cryptocurrency valued at approximately $2,416,352.

White, Jack and Joseph, who were employees of mobile phone service providers, allegedly helped members of “The Community” steal the identities of subscribers in exchange for bribes. 

“Mobile phones today are not only a means of communication but also a means of identification. This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it,” United States Attorney Matthew Schneider said. 

Each of the nine defendants faces a statutory maximum penalty of 20 years in prison. 

Related: U.S. Charges Ukrainian for Malvertising

Related: U.S. Charges 8 in Securities Hacking Scheme

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.