Police Arrest SIM Swap Hacker in Florida

By Paige Burke — Published August 13, 2018

Police Arrest SIM Swap Hacker in Florida

Carrying out a SIM swap is a pretty standard procedure. Whether you are looking to replace a faulty SIM card or need to switch over from a nano-SIM to a micro SIM, you probably wouldn't think twice about the potential security threats.

Unfortunately, it has been reported that a circle of Florida crooks has been using SIM swapping tricks to steal cryptocurrency from cellphone users. Law enforcement discovered evidence of this and subsequently arrested Ricky Handschumacher on the grounds of grand theft, money laundering (stealing thousands in Bitcoin) and unauthorized computer access charges.

It is reported that at least eight other criminals called telecom operators to request they swap his SIM card for the victim's SIM. This, in turn, means that access to SMS password authentication, email accounts, file storage and access to the bitcoin wallet. The first piece of evidence against the scam occurred in Michigan where a mother reported overhearing her son impersonating an AT&T employee to law enforcement. Multiple SIM cards and a Trezor were then found in the home of the accused as well as login information for free cross-platform messaging apps including Telegram channels that were focused on SIM swapping. This then led police to Handschumacher who was at the head of the operation.

It was reported that that the hackers succeeded in stealing 57 bitcoins from one victim and were targeting the Winklevoss twins before the arrest of Handschumacher. Following his arrest, Handschumacher has pleaded not guilty. He has however apparently confessed to the act of laundering over $100,000 in digital currency using his phone.

Security researcher Brian Krebs has commented that "In some cases, fraudulent SIM swaps succeed thanks to lax authentication procedures at mobile phone stores. In other instances, mobile store employees work directly with cyber criminals to help conduct unauthorized SIM swaps, as appears to be the case with the crime gang that allegedly included Handschumacher".

We have since seen companies such as Instagram forced to look into additional forms of two-factor authentication to keep users feeling secure. We look forward to seeing how other companies protect will protect the security of their customers by moving towards non-SMS based two-factor authentication in the future.

 

Related Articles