SIM Swappers: A Latent Threat

CipherTrace and Chainalysis, cryptocurrency analysis companies, published two reports that focused on the main criminal activities that occurred in the cryptoactive industry during 2018.


CipherTrace and Chainalysis, cryptocurrency analysis companies, published two reports that focused on the main criminal activities that occurred in the cryptoactive industry during 2018. The data shown there is of great interest, which There is to keep in mind throughout this year 2019, however, they have omitted the importance of SIM Swappers in recent times.

What is it? How does it work?

SIM Swappers is a relatively simple concept to understand, but the potential damage that can be done to a person is scary, to say the least.

The swap SIM or Swappers SIM swap is a type of account acquisition fraud that usually points to a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call made to a mobile phone.

How do you proceed?

The fraud focuses on exploiting the ability of a mobile phone operator to seamlessly transfer a phone number to a new SIM. This function is normally used when a customer has lost or his phone has been stolen.

Therefore, the scam begins when the scammer obtains basic information about an individual, either through the use of phishing emails, buying them from organized criminals or through direct social engineering of the victim. Then they use it to request that the phone number of that user be changed to a SIM card that the attackers possess. Once this is done, the attacker can receive any SMS that the victim receives.

With that access, the attacker can request passwords and other confidential user information from various service providers, such as banks, and gain access to private accounts.

Kaspersky Labs security researcher Alexey Malanov says that replacing SIM cards to access two-factor authentication credentials (2FA) has become common:

“A typical scenario can look like this: an attacker reaches a regional department of a communications provider, such as a mobile operator, with forged documents that are supposed to prove a client’s valid identity. Or, the attacker simply gets in close contact with a department employee and receives a duplicate of the victim’s SIM cards. “The authentic SIM card in the victim’s phone is turned off at that time, so all subsequent SMS communications and calls are redirected to the attacker’s phone.”

A user’s 2FA access gives a hacker a great advantage when it comes to accessing and changing account details, which ultimately gives them access to data and funds.

As many of us already know, two-factor authentication is a security measure often used to protect access to a service such as a cryptocurrency wallet. Users must still know the password of an account and have a device to prove their identity.

What do we do when the protections offered by the crypto exchanges are no longer enough?

However, once the hacker has access to a user’s credentials through this method, it is almost impossible to stop it, since it will have access to the second authentication factor, being able to receive SMS codes from the original users’ phone. Therefore, hackers are much more likely to be able to reset account passwords, as Malanov explains:

“If you have forgotten the service password, you can often restore it using the same phone number to receive a text message. Sometimes additional knowledge is required (for example, a username or an email address), but such information is often not strongly protected.”

Once the hacker gains access to an unlocked phone a victim will practically succeed in hacking and stealing funds.

Sim-swapping: more powerful than phishing?

This is not a new phenomenon, but given the technological advances of smartphones in the last decade, the information that criminals can potentially obtain with this method makes it a great threat to people and their privacy.

As technology advances, criminal methods become more precise, smart and cared for Sometimes we can even think that the revolution in technology makes it even easier for criminals.

In this way, modern times have seen the emergence of applications that allow people to access and manage their bank accounts and other confidential financial information using smartphones and other devices.

While this has created a new era of convenience, it also provides a unique opportunity for criminals to steal data and money from people around the world with relative ease.

As Chainalysis reported, Ethereum scams were especially worrisome in the last two years, and an important tool for scammers and criminals was phishing. In short, users were tricked by emails or communications that seemed official, which led them to provide confidential information such as usernames and passwords. This information gives criminals almost miraculous access to victims’ accounts, which are immediately emptied.

This modus operandi has traditionally been aimed at users’ bank accounts, but these financial institutions have made concerted efforts to duplicate security verifications and verification. However, if a user’s funds are stolen, most financial institutions can reverse transactions or cover these circumstances with insurance protection.

Unfortunately, this is not the case when it comes to cryptocurrencies. If an attacker gains access to a user’s private key or cryptocurrency portfolio and sends a cryptocurrency to another portfolio, it is impossible to reverse the transaction.

“This is the reason why cryptocurrency wallets and private keys are apparently becoming a focal point for this type of attack.”

One of the biggest attractions of the crypto ecosystem is its anonymity and its decentralization, but when it comes to security, perhaps these characteristics represent its Achilles heel since it is what, for many, has prevented widespread adoption by institutions and institutions. traditional investors.

The crypto ecosystem is the gold mine for criminals

Do not look beyond the most recent Sim-swapping scandals in the encryption space to understand that this has become a lucrative way of stealing and laundering funds.

It was recently reported that a 20-year-old man has been formally indicted in the Supreme Court of New York for Sim-swapping and cryptocurrency theft.

The Manhattan District Attorney’s Office announced that Dawson Bakies is charged with identity theft and cryptocurrency to more than 50 victims in the United States.

“The indictment represents the first indictment by Sim-swapping by the New York authorities,” the prosecution said.

It is alleged that Bakies fraudulently linked the victims ‘phone numbers to multiple iPhones owned by them, using them to bypass the two-factor authentication (2FA) security measures to access victims’ online accounts, including Google. and the cryptocurrency platforms. Among them, he managed to access 18 online accounts belonging to three victims based in Manhattan and stole about $ 10,000 in crypts. He also tried to extort one of the victims by demanding a bitcoin ransom, according to the Prosecutor’s Office.

The phone was recovered by the authorities, who claim that it had “dozens” of text messages that contained recovery passwords related to victims’ accounts.

Users of cryptocurrencies are the preferred target due to the anonymous nature of the technology, which facilitates the laundering of stolen funds. This has led to prominent people in the cryptocurrency space becoming targets of these attackers.

KrebsonSecurity’s interview with the California-based Regional Enforcement Group’s Allied Computer Team (REACT) reveals a series of cases in which active members of the crypto community have been victims, such as Christian Ferri, general manager of the signature of BlockStar cryptocurrencies.

The hackers managed to perform a Sim-swapping through Ferri’s mobile operator, whose database they had access to. Once this was done, they reset their Gmail password with the use of their phone number, and then specifically used information from a Google document to steal funds from their cryptographic wallet. As KrebsonSecurity points out, hackers could have stolen more, but they seemed to be targeting Ferri’s cryptocurrency holdings.

SIM swaps have had relative success through their efforts, however, a series of arrests occurred in 2018.

In July 2018, Joe Ortiz was arrested, who allegedly hacked about 40 victims; this represents the first time an individual was arrested due to Sim-swapping. The 20-year-old pleaded guilty to stealing $ 5 million and accepted a plea agreement of 10 years in prison for his crimes in late January 2019, in what authorities describe as Sim’s first conviction of a crime. -swapping.

A month later, Xzavyer Narváez, 19, was arrested in California for using Sim-swapping to commit computer crimes, identity fraud and grand larceny. Narváez was careless in the use of his illicit profits, when buying several sports cars during a period of two years, that was part of the evidence that the authorities used to present in the charges. In addition, Narvaez’s cryptocurrency account processed around 157 Bitcoins between March and July 2018, worth more than $ 1 million at that time.

Just one month later, in September 2018, hacker Nicholas Truglia, 21, was arrested for stealing $ 1 million in cryptocurrency using a SIM exchange to access the victim’s account.

In November 2018, two men, aged 23 and 21, were arrested for stealing $ 14 million from a cryptocurrency company using SIM swaps.

Following Ortiz’s prosecution in January 2019, as we mentioned earlier, Dawson Bakies, 20, was charged in February with the theft of the identities and funds of more than 50 victims across the country in an orchestrated Sim-swapping scandal. From your home.

Manhattan District Attorney Cyrus R. Vance said the case sends a strong message to the perpetrators of these crimes:

“Today my office is publishing the small handful of sophisticated ‘SIM Swappers’ on notice. We know what he is doing, we know how to find him and we will hold him criminally responsible, no matter where he is.”

On February 4 this year, California prosecutors charged 21-year-old Ahmad Hared and 23-year-old Matthew Ditman of conspiracy to commit computer fraud and abuse, access device fraud, extortion and aggravated identity theft for the use of SIM exchange. Both are accused of trying to gain access to funds controlled by executives of companies related to the cryptocurrency and cryptocurrency investors. They face five years of prison sentences and heavy fines.

We can see how this has become a criminal method that every time it acquires more importance and power.

Who is guilty?

The previous question is interesting. Michael Terpin, a victim of this criminal method, made a move in August 2018 that he would seek to hold the providers of telecommunication services responsible for negligence that led to fraudulent SIM exchanges. Terpin’s work led him to file a $ 224 million lawsuit against US telecommunications provider AT & T for negligence that led to the loss of about $ 24 million in cryptocurrency holdings. It is understood that the victim is the co-founder of a group of Bitcoin investors known as BitAngels.

In this way, the victim submitted an extensive report before the United States District Court in Los Angeles against AT & T because the theft of $ 24 million was the result of a “digital identity theft” of his cell phone account. The document is completely interesting, in the Terpin accuses the telecommunications company to cooperate with the hacker, gross negligence, violation of legal duties and to break the commitments of its privacy policy.

The victim described the behavior of the telecommunications company “as a hotel that gives a thief with a fake ID a key to the room and a key to the safe to steal jewelry in the safe of the legitimate owner.” Terpin seeks $ 24 million in compensation from AT & T, as well as $ 200 million in punitive damages.

This would not be the first demand directed towards a telecommunications company. Other cases have been filed against T-Mobile, where Silver Miller, a cryptocurrency-focused law firm, alleges that two customers were robbed of $ 400,000 and $ 250,000, respectively, through SIM swaps “allowed” by the company. telecommunications firm.

The firm alleges: “By leaving gaps in their security protocols and by not adequately training and monitoring their employees, cell phone providers have helped thieves to remotely take SIM cards from people’s smartphones, Access the financial records and account information of the victims and empty the accounts of the victims. “

We must prevent it!

As we have expressed, this is a criminal method that has won enough space so it is relevant that people are aware that their existence represents an important threat to their privacy, data and, above all, to their digital currencies. However, only the knowledge of the subject can not do much to stop the amount of these crimes that are carried out; actions are required.

Many believe that these actions should come mainly from mobile operators and financial institutions to protect the credentials of their customers.

There is a method that is applied in Russia where, in case a SIM is exchanged, the mobile operator blocks communications through SMS for a short period of type in order to protect the user.

In addition, telecommunications companies must implement strict identity controls and ask users to confirm certain details and information before a SIM exchange is made.

The banking sector can also participate in the prevention of theft and fraud through the exchange of SIM.

In this way, conventional institutions have a great role to play when it comes to combating SIM exchange crimes. However, the cryptocurrency space offers a unique challenge that requires people to take care of their information and data.

Given the decentralized and unreliable nature of cryptocurrencies, and the lack of stricter security measures offered by some exchanges of cryptocurrencies and wallet services. Basically when it comes to digital currencies, what is stolen will continue to be stolen since there is no way to reverse transactions.

In this way we invite all our readers to be cautious in a world in which criminal activity is becoming more intelligent and accurate, in addition to calling on institutions to develop security programs that manage to defeat dark forces.