Sophos Home protects every Mac and PC in your home
A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000.
The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in the trade as SIM swapping, also known as number porting.
As you’ll know if ever you’ve lost a phone, or damaged a SIM card, mobile phone numbers aren’t burned into the phone itself, but are programmed into the subscriber identity module (SIM) chip that you insert into your phone (or perhaps, these days, that you install electronically in the form of a so-called eSIM).
So, a crook who can sweet-talk, or bribe, or convince using fake ID, or otherwise browbeat your mobile phone provider into issuing “you” (meaning them) a new SIM card…
…can walk out of the mobile phone shop [a] with your number in their phone, and [b] with your SIM card invalidated and thus unable to connect to the network to receive calls or get online.
Simply put, your phone goes dead, and theirs starts receiving your calls and text messages, notably including any two-factor authentication (2FA) codes that might get sent to your phone as part of a secure login or a password reset.
The SIM-swap problem, namely that the right to reissue replacement SIM cards is vested in too many different people at too many different seniority levels in too many mobile phone companies to control reliably), is why the US public service no longer recommends SMS-based 2FA for general use, and has disapproved it for government staff.
In this case, it seems that someone in the cybergang went after login details for the victim’s accounts, shared them with numerous other participants, and then got Truglia to act as a receiver for cryptocurrency funds drained from the victim.
Truglia then apparently disbursed the stolen funds back out to numerous other cryptocoin wallets owned by the other participants, keeping an unknown cut as his share of the deal.
The US Department of Justice (DOJ) notes that “[the] Scheme Participants stole over $20 million worth of the Victim’s cryptocurrency, with the defendant keeping at least approximately $673,000 worth of the stolen funds.”
Truglia received an 18 month prison term plus three years of supervised release to follow it, forfeited $983,010.72 right away, and has been ordered to pay back a whopping $20,379,007.
Quite how he will do that without the co-operation of the others in the scam, who seem to have divided most of that $20 million between themselves, and what happens if he doesn’t manage to convince them to do so, is not mentioned in the DOJ’s report.
Follow @NakedSecurity on Twitter for the latest computer security news.
Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m – Naked Security
Posted under Cibercommunity, Technology On By James Steward