Joel Ortiz, a young hacker (20) who stole more than $5 million worth of cryptocurrency by hijacking victims’ phone numbers has pleaded guilty for “SIM swapping” attacks.
The college student accepted a sentence of 10 years in prison for SIM hijacking attacks against at least 40 victims.
Ortiz was arrested last year on charges of hijacking victims’ phone numbers and stealing millions of dollars in cryptocurrency.
In SIM swap frauds crooks are able to port the phone number of the victims to a new SIM card under their control.
A SIM swap fraud is a type of fraud that overwhelms the additional security measures introduced by organizations to protect their customers.
Attackers obtain victims’ information by launching a phishing campaign, or by purchasing them in the underground market.
Crooks use the information gathered on the victims in the attempt to impersonate them in front of a telco operator and ask it to provide a new SIM to replace the old one that was lost or stolen.
They can prove their identity by answering basic security questions and requesting the cancellation of the old SIM and the activation of a new one. Once obtained a new SIM, crooks can operate with the victim’s mobile account, intercepting or initiating calls, accessing SMSs (including authorizations codes sent by bank and cryptocurrency exchanges) and to authorize transactions.
Joel Ortiz is the first hacker that was condemned to the jail for SIM swapping.
“The authorities think the slow but constant drip of arrests, and Ortiz’s
“Each arrest that we made sent shockwaves through that community,” West said. “That hey weren’t safe in their basement, they weren’t safe in their room in their mom’s house, that they were being tracked down and arrested—one by one.”
The sentence aims to send a clear message to SIM swappers, authorities will not tolerate this kind of crime and will persecute them with severe penalties.
According to Deputy District Director Eric West of Santa Clara County, California, Ortiz accepted a plea deal for 10 years last week, the official sentencing is set to take place on March 14th.
The case is not isolated, other hackers responsible for SIM swapping are waiting for the sentence.