A recent arrest saw a 20 year old college student use Sim jacking to steal over $5 million in cryptocurrencies.
Sim swapping or jacking is surprisingly simple. The main idea behind it is to convince the phone carrier to transfer a number to a new sim.
This is usually done over the phone, with the hacker claiming to be the original owner and saying that their phone was lost. The new sim is under the hackers control and when the number is transferred, the hackers get to work.
Millions of mobile users have their smartphone linked to a wide variety of online accounts. For example, Google verifies secure access by sending a verification code to a phone number that is registered to an account. Sim swappers easily pass this hurdle and can even reset the password using this method.
The $5 Million Heist
Police in California arrested Joel Ortiz, a 20-year old college student from Boston in July for allegedly being part of a criminal syndicate that hacked the phones of over 40 people. His crime spree resulted in an alleged $5 million in cryptocurrencies being stolen from his victims with the help of unidentified accomplices.
This is the first arrest involving the increasingly popular crime of sim jacking or sim swapping as it is sometimes referred to. According to police, Ortiz was arrested at the Los Angeles International Airport while he was trying to make his way to Europe. The charges against Ortiz include 13 charges of identity theft, 13 for hacking, and two for grand theft. When he was arrested, Ortiz supposedly claimed that he and his accomplices had access to millions of dollars in cryptocurrencies.
According to authorities, Ortiz's modus operandi consisted of taking over sims so that they could be used to steal the owner's bitcoins. Additionally, he would also hack into their social media accounts and sell them for cryptocurrencies. During the recent Consensus bitcoin conference, Ortiz supposedly hacked a cryptocurrency entrepreneur's phone and got away with $1.5 million worth of bitcoins.
The victim noticed this the following day, but by then Ortiz had already taken control of the phone number and reset his Gmail password. The criminal then used this to access the victim's cryptocurrency accounts and empty them.
In a statement, Erin West, the Santa Clara County deputy district attorney, said
This is happening in our community and unfortunately there are not a lot of complaints to law enforcement about it. We would welcome the opportunity to look into other complaints of this happening. We think that this is something that's underreported and very dangerous.