On Friday (February 1), it was reported that 20-year-old American college student Joel Ortiz has recently pleaded guilty to stealing more than $5 million in cryptocurrency by SIM card swapping/hijacking dozens of victims, and will be sent to prison for ten years.
A SIM swap (or hijack) attack or hijacking is a type of scam that involves taking over someone else’s mobile phone number via social engineering methods such that the attacker gains access to the victim’s phone number through a different SIM card (either one that he has already, or one that he obtains as a replacement from the carrier). Once this has been done, the hacker can “intercept any one-time passwords sent via SMS or telephone calls sent to the victim,” thereby being able to circumvent any security features of accounts (be they bank accounts, social media accounts etc.) that rely on SMS or telephone calls.”
On 30 July 2018, Motherboard, a division of news outlet VICE, reported that on 12 July 2018 “police in California arrested a college student accused of being part of a group of criminals who hacked dozens of cellphone numbers to steal more than $5 million in cryptocurrency, and that “Joel Ortiz, a 20-year-old from Boston, allegedly hacked around 40 victims with the help of still unnamed accomplices.” At the time, Motherboard said that this was “the first reported case against someone who allegedly used the increasingly popular technique known as SIM swapping or SIM hijacking to steal bitcoin, other cryptocurrencies, and social media accounts.” Furthermore, this report said that “Ortiz and his associates specifically targeted people involved in the world of cryptocurrency and blockchain, allegedly hacking several people during the high-profile Consensus conference in New York City in May.”
This July 2018 report also said that Ortiz faced “28 charges: 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft, according to the complaint filed against him on the day before his arrest.”
Then, on Friday (February 1), Motherboard said that on Tuesday (January 29) it had been told by Erin West, the Deputy District Attorney in Santa Clara County, California, that Oritz had recently “pleaded guilty and accepted a plea deal of 10 years in prison.” Ortiz might be the first person to go to prison in the U.S. for SIM swapping.
West said to Motherboard:
“Each arrest that we made sent shockwaves through that community. That hey weren’t safe in their basement, they weren't safe in their room in their mom’s house, that they were being tracked down and arrested—one by one… in looking at Joel’s sentence—10 years—it shows that our community will not tolerate this type of crime. And we will continue to find everyone who’s responsible.”
Ortiz is due to be officially sentenced on March 14.
On January 27th, Dovey Wan, a prominent member of the crypto community who is a founding partner of crypto-focused investment firm Primitive Ventures, reported that she had become a victim of SIM swapping:
After a portfolio founder’s sim got stolen, mine got hacked too – sim swap has become so easy targeting crypto player@ATT @TMobile to be blame 🤬they are the few carriers on earth allow sim swap without in person KYC. Such policy shouldn’t exist at all https://t.co/sH6hJWjqKa
— Dovey Wan 🦖 (@DoveyWan) January 27, 2019
In a follow-up tweet, she gave this advice to her followers:
“𝐂𝐄𝐋𝐋 𝐏𝐇𝐎𝐍𝐄 𝐍𝐔𝐌𝐁𝐄𝐑 𝐈𝐒 𝐘𝐎𝐔𝐑 𝐖𝐄𝐀𝐊𝐄𝐒𝐓 𝐒𝐏𝐎𝐓 𝐒𝐎 𝐓𝐑𝐘 𝐍𝐎𝐓 𝐓𝐎 𝐔𝐒𝐄 𝐈𝐓 𝐈𝐍 𝐀𝐍𝐘 𝐕𝐄𝐑𝐈𝐅𝐈𝐂𝐀𝐓𝐈𝐎𝐍 𝐏𝐑𝐎𝐂𝐄𝐒𝐒 𝐈𝐅 𝐏𝐎𝐒𝐒𝐈𝐁𝐋𝐄”
Featured Image Credit: Photo via Pexels.com