SIM-Swapping: Is It Becoming More Common?
The two people accused of the SIM-swapping are 21-year-old Eric Meiggs and 20-year-old Declan Harrington, who reportedly went after two very high-ranking social media executives. When they were caught, they allegedly spewed out threats to the victims’ family members.
SIM-swapping appears to be growing in popularity amongst cryptocurrency thieves and malicious actors. The situation can work in one of two ways. The first involves a hacker gaining access to a person’s private information, such as their social security number or their birthdate. They’re then able to contact the person’s cell phone provider and request that the number they have be switched over to a SIM card that they control.
Given that they possess all the necessary data and likely know answers to certain questions, the person helping them on the other end is likely not to suspect anything. The transfer occurs and the hacker now has access to the victims’ accounts and password information.
The second way happens when the hacker simply bribes the employee of the cell phone provider into giving out the necessary information. One such case allegedly occurred between a hacker and an AT&T employee, who was potentially bribed into performing such a switch. As a result, the victim – Michael Terpin – claims he lost several million dollars in cryptocurrency funds. He is now suing AT&T for allegedly not doing enough to keep his information more secure.
The internet giant is facing another, separate lawsuit filed by Seth Shapiro, who also claims that the company’s employees were bribed into handing his private information over to a cyberthief. Shapiro claims he lost more than $2 million in crypto funds as the result of a SIM-swap, though AT&T says it is not responsible for Shapiro’s losses, and is now preparing to fight the suit in federal court.
The two cyberthieves in this case have been accused of targeting multiple people over the course of many years and garnering email addresses and cell phone accounts for the purpose of stealing hundreds of thousands of dollars in crypto funds. Overall, it is believed that the hackers may have targeted as many as ten people, and that they may have tried to steal as much as $550,000.
Threats Followed Those Who Proved Difficult
Several times, however, the people that were targeted attempted to avoid paying up. In these cases, the hackers made attempts to contact their family members and even threatened violence if they proved too resistant.
At press time, Meiggs and Harrington have been charged with several counts of computer fraud, identity theft, conspiracy and wire fraud.