An international law enforcement operation arrested ten suspected hackers who are accused of targeting U.S. celebrities with SIM swapping attacks that netted them $100 million in cryptocurrency.
“Well-known sports stars, musicians, and influencers” were targeted in the scheme, which involved exploiting phone service providers to deactivate a victim’s SIM and transfer the number to one owned by a member of the criminal network. This let the attackers intercept messages directed to the victims, allowing them to hijack accounts, steal money, and masquerade as the victims on social media, authorities said.
Eight men between the ages of 18 and 26 were arrested in England and Scotland on Wednesday, following arrests in Malta and Belgium of other members belonging to the same criminal network. The identities of both the victims and the suspects weren’t made public as of Wednesday morning.
The operation was announced by Europol and consisted of law enforcement agencies from the U.S., United Kingdom, Belgium, Malta, and Canada.
Paul Creffield, head of operations at the National Cyber Crime Unit of the U.K.’s National Crime Agency, said those arrested face extradition to the U.S., and face prosecution in the U.K. for fraud, money laundering, and offenses under the Computer Misuse Act.
“This network targeted a large number of victims in the U.S. and regularly attacked those they believed would be lucrative targets, such as famous sports stars and musicians… As well as causing a lot of distress and disruption, we know they stole large sums from their victims, from either their bank accounts or bitcoin wallets.”
An Unrelated Arrest
The Europol announcement came two days after the U.S. Justice Department announced an apparently unrelated arrest that also involved SIM swapping.
According to an indictment from the U.S. District Court for the Eastern District of Louisiana, 36-year-old Stephen Daniel Defiore of Brandon, Florida was working as a sales representative at a phone company when he took multiple bribes to perform SIM swaps on the company’s customers.
The scams targeted at least 19 people, including a physician who operated a medical practice in New Orleans and had multiple cryptocurrency accounts.
“As a result of the SIM Swap, [the physician’s] email accounts and Binance, Bittrex, Coinbase, Gemini, Poloniex, ItBit, and Neo Wallet crypto currency accounts were compromised without [the victim’s] knowledge or authorization. [The victim] suffered an actual loss of a substantial portion of his cryptocurrency,” the charging documents read.
Both incidents highlight how criminals are increasingly turning to SIM swap attacks to steal cryptocurrency and sensitive information from unsuspecting victims. The scam doesn’t necessarily involve any complicated technical knowledge—criminals generally rely on social engineering or a corrupt insider to carry out the swap, according to the NCA.
Lawmakers in the U.S. have pushed the Federal Communications Commission and other agencies to come up with ways to curb the problem. A letter sent last year to the FCC and signed by Senators Ron Wyden, Sherrod Brown, Edward Markey, and Representatives Ted Lieu, Anna Eshoo, and Yvette Clarke highlighted how SIM swapping is a national security threat—hackers could use the technique to break into a public safety official’s email account and use that access to set off emergency warning systems, they said.
“Consumers have limited options to protect their wireless accounts from SIM swaps and are often not informed about these options by carriers until after they have been victimized,” the letter said.