The United States has indicted nine individuals with online identity theft and related charges, the U.S. Department of Justice announced.
Six of the individuals were charged with wire fraud in connection to the hacking group “The Community,” while three former employees of mobile phone providers were charged with wire fraud in relation to the conspiracy.
Charges were brought against Conor Freeman, 20, of Dublin, Ireland; Ricky Handschumacher, 25 of Pasco County, Florida; Colton Jurisic, 20 of, Dubuque, Iowa; Reyad Gafar Abbas, 19, of Rochester, New York; Garrett Endicott, 21, of Warrensburg, Missouri; Ryan Stevenson, 26, of West Haven, Connecticut; Jarratt White, 22 of Tucson, Arizona; Robert Jack, 22 of Tucson, Arizona; and Fendley Joseph, 28, of Murrietta, California.
The defendants are alleged members of “The Community,” a hacking group focused on stealing victims’ identities to perform cryptocurrency theft via “SIM Hijacking.”
Also referred to as “SIM Swapping,” the “SIM Hijacking” identity theft technique, which exploits mobile phone numbers, allowed the hackers to gain control of victims’ mobile phone numbers. Thus, the victims’ phone calls and short message service (SMS) messages were being routed to devices controlled by the group.
According to the indictment, the SIM Hijacking was often facilitated by bribing an employee of a mobile phone provider. The hackers would also call the mobile phone provider’s customer service, posing as the victim and requested the phone number be swapped to a SIM card controlled by “The Community”.
Once the hackers had control of a victim’s phone number, they would then use the number to gain control of the victim’s online accounts, including email, cloud storage, and cryptocurrency exchange.
The group would abuse the control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes.
The hackers sought to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal their funds, the indictment alleges. They appear to have executed seven attacks and stole cryptocurrency valued at approximately $2,416,352.
White, Jack and Joseph, who were employees of mobile phone service providers, allegedly helped members of “The Community” steal the identities of subscribers in exchange for bribes.
“Mobile phones today are not only a means of communication but also a means of identification. This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it,” United States Attorney Matthew Schneider said.
Each of the nine defendants faces a statutory maximum penalty of 20 years in prison.