Posted 3 years ago | by Ben Armstrong
Two Hackers Get Nailed in SIM Swapping Scam
SIM swapping is a dirty way to gain access to a persons digital life. Two men from Massachusetts were recently indicted on a number of charges related to a multi-state SIM swapping spree that also included allegedly making direct threats to crypto holders, and their families.
Eric Meiggs, 21, and Declan Harrington, 20, both Massachusetts natives, have allegedly been going after crypto holders across a number of states over the last few years.
A SIM swap involves convincing a mobile carrier to swap the SIM information from one card to another. The newfound SIM access that is created for the bad actor will then be used to force resets on social media platforms, as well as crypto exchanges.
Social Media Can be Risky
The two baddies allegedly used social media to identify their victims.
According to the indictment:
“When a social media handle is an especially short, common, or well-known word of phrase,"the indictment helpfully explains, "e.g. '@John,' or '@awesome,' the handle carries a particular cachet, because the ability to capture such a common word for individual use suggests that the user was an especially early adopter of that social media network."
People may not think about social media as a security threat, but when a platform is accessable to the public, it can be used to isolate victims, and gain information about their lives, both online, and in the physical world.
New Dangers for a Digital Life
In this SIM swapping case, Meiggs and Harrington did more than allegedly steal access to devices via SIM swapping, they used the access they had to their victims to reach out, and say horrible things to their families.
The indictment alleges that someone involved with the conspiracy contacted a Michigan man in late 2015 and told him that his wife would be killed if he didn't give up his Instagram handle. The indictment also alleges that the daughter of a California man was told "TELL YOUR DAD TO GIVE US BITCOIN," via a text message.
While the level of technological know-how that the alleged crew behind this digital crime spree was rather low, modern mobile technology is made to give up loads of personal data to the carrier, as well as the platforms that are used online.
It is nice to think that these systems work, and that there are safeguards in place to protect user data, but as a number of recent data breeches shows, public trust in data security is often misplaced. For hackers who know how to use the system, all those oversights represent a very real opportunity for abuse.