Hackers sent to jail for stealing over $2M USD in cryptocurrency with SIM hijacking attack. According to IICS’s web application security course, a group of hackers known as “The Community” has been accused by the U.S. authorities for allegedly having made a fraud known as “SIM card hijacking”, in complicity with three Employees of a mobile phone company.
The six members of the group of hackers would have participated in identity theft of the clients of the telephone company, abusing the stolen information to extract cryptocurrency (attack variant also known as SIM swap).
“The SIM hijacking/exchange is a variant of identity fraud that exploits a fragile point in cybersecurity, victims’ mobile phone numbers”, explains the web application security course experts.
Attackers take control of the victim’s phone number to redirect traffic generated by calls, SMS messages, etc., through devices under the control of hackers. A phone company support employee was tricked into transferring the victim’s phone number to a new SIM card owned by hackers.
Hackers used this SIM card to generate an access point to the victim’s online accounts (email, cloud storage, cryptocurrency wallets, etc.), mention the web application security courses.
After kidnapping the victim’s phone number, the hackers took control of the victim’s Criptomoneda portfolios, stealing about 2.5 million, 000. In addition, three employees of the company were identified as accomplices of the group of hackers.
According to U.S. law, defendants face a sentence of up to 20 years in prison for conspiracy to commit electronic fraud, mention specialists from the International Institute of Cyber Security (IICS).
The six hackers and three ex-employees of the telephone company, between 19 and 28 years old, are still waiting for the trial to begin to decide their future.