Declan Harrington, a Massachusetts man charged two years in the past for his alleged involvement in a sequence of SIM swapping assaults, pleaded responsible to stealing cryptocurrency from a number of victims and hijacking the Instagram account of others.
SIM swapping (aka SIM hijacking) assaults make it potential for malicious actors to take management of their targets’ cell phone numbers by tricking or bribing workers of cell phone service suppliers to reassign the numbers to attacker-controlled SIM playing cards.
This permits the crooks to utterly take management of victims’ telephone numbers and use them to bypass SMS-based multi-factor authentication (MFA), steal credentials, and hijack on-line accounts.
Swim swap and dying menace combo
Harrington was charged with Eric Meiggs in November 2019 for concentrating on the homeowners of high-value (‘OG’ or ‘Authentic Gangster’) Instagram and Tumblr accounts.
In addition they went after cryptocurrency corporations’ executives and a number of other different targets with vital portions of cryptocurrency of their Coinbase or Block.io wallets.
In all, by a number of SIM swapping assaults and dying threats, the 2 defendants stole greater than $530,000 value of cryptocurrency from a minimum of ten victims throughout the US and took management of a number of OG social media accounts.
According to court documents, techniques and strategies allegedly utilized by the 2 defendants throughout their assaults included:
- Figuring out potential victims who possible had vital quantities of cryptocurrency and researching the potential victims utilizing on-line instruments.
- Partaking in “SIM swapping” in an effort to take management of victims’ cellphone numbers.
- Leveraging the victims’ hijacked telephone numbers to realize unauthorized entry to their on-line accounts, together with electronic mail accounts, social media accounts, and cryptocurrency accounts.
- Utilizing their entry to victims’ accounts to take over and steal their account handles and their cryptocurrency.
- Promoting or in any other case transferring victims’ log-in credentials, account handles, and cryptocurrency.
- Utilizing victims’ hacked on-line accounts to ask for cash and cryptocurrency from victims’ buddies and households.
- Utilizing a number of on-line accounts to cover their identities and evade detection by legislation enforcement.
Meiggs, Harrington’s co-conspirator, additionally pleaded responsible on April 28, 2021, and is scheduled to be sentenced subsequent 12 months, on Could 24. A sentencing date for Harrington is but to be scheduled by the Courtroom.
How one can shield towards SIM swapping assaults
The US Federal Commerce Fee (FTC) issued guidance on how to protect against SIM swapping attacks in October, itemizing the next record of safety measures:
- Do not reply to calls, emails, or textual content messages that request private info. These might be phishing attempts by scammers seeking to get private info to entry your mobile, financial institution, credit score or different accounts.
- Restrict the private info you share on-line. If potential, keep away from posting your full identify, tackle, or telephone quantity on public websites.
- Arrange a PIN or password in your mobile account. This might assist shield your account from unauthorized modifications.
- Think about using stronger authentication on accounts with delicate private or monetary info. If you happen to do use multi-factor authentication (MFA), understand that textual content message verification could not cease a SIM card swap. If you happen to’re involved about SIM card swapping, use an authentication app or a safety key.
The FBI issued a SIM swapping alert with steering on defending towards such assaults after warning of a rise within the variety of SIM jacking assaults.