The Ministry of Justice of USA found guilty 9 people for 2,5 theft of millions of dollars. Six of the perpetrators belonged to a group of hackers, called "Community". The other three were former employees in mobile telephony companies. According to the indictment, 3 former employees helped hackers steal cryptocurrency worth of 2,5 million dollars through "SIM swapping" attacks.
Five of the six members of the Community group are of American origin, and the sixth member is from Ireland. 15 has been accused of criminal offenses, including theft of money and theft identity.
The former employees of the companies are Americans.
The defendants' information has been published:
Team hackers «Community »
Conor Freeman, 20 years old, from Ireland
Ricky Handschumacher, 25 years old, from Florida
Colton Jurisic, 20 years old, from Iowa
Reyad Gafar Abbas, 19 years old, from New York
Garrett Endicott, 21 years old, from Missouri
Ryan Stevenson, 26 years old, from Connecticut
Jarratt White, 22 years old, from Arizona
Robert Jack, 22 Years, from Arizona
Fendley Joseph, 28 years old, from California
In SIM swapping attacks, attackers transfer the victim's phone number to a SIM card they manage themselves.
Initially, the perpetrators get user data either using the phishing technique or by buying them at Dark webwhere stolen user data is found. Having this information, communicating with mobile operators and pretending victim users, they are asking for a replacement of the old SIM card with a new one, on the grounds that the old one was lost or stolen.
Companies ask a few questions to be sure they are talking to the holder of the number, but the hackers, with the information they have, can answer them correctly. Then, they are able to cancel the old SIM card and activate a new one.
Once the new SIM is activated, the perpetrators can handle the victim's account, make calls, read and send messages, access codes, trade, and more.
"SIM Hijacking" or "SIM Swapping" is a technique of identity theft. It does not exploit any particular one vulnerability. Virtually exploits the cell phone number.
So, in this case, the "Community" team took control of the victims' mobile phones, using the number and some personal data.
According to the court, the former employees of the companies helped the hackers to acquire the new SIM.
According to the charges, the perpetrators made seven attacks and stole 2,5 millions of dollars from the victim's cryptocurrency exchange wallets. The money was transferred to purses handled by the perpetrators.
The sentence imposed on them by the court is 20 years of imprisonment. Those who participated in the theft of personal data (and not just money) will be punished for two more years.