SIM Swapping the ‘Highest Priority’ in California’s Cryptofraud Fight

The Cybercrime Task Force focuses on SIM swapping in its fight against cryptocurrency fraud.

California law enforcement considers “SIM swapping” to be one of its “highest priorities” in the fight against cryptocurrency fraud.

The California-based REACT Task Force, a group of law enforcement officers and prosecutors, was initially created to combat cybercrime, but is now looking into SIM swapping activities as well. KrebsonSecurity, a blog dedicated to security news and investigations, interviewed REACT Task Force supervisor and Santa Barbara police sergeant Samy Tarazi regarding the rising number of SIP swapping incidents.

“It’s probably REACT’s highest priority at the moment, given that SIM swapping is actively happening to someone probably even as we speak right now,” Tarazi said to the publication. “It’s also because there are a lot of victims in our immediate jurisdiction.”

SIM swapping is a type of account takeover fraud that exploits two-factor authentication protection by hijacking the SIM card in a mobile device. Criminals usually obtain access by exploiting mobile operators’ ability to port any mobile number onto a blank SIM card. This method allows hackers to gain hold of otherwise well-protected personal data such as social media profiles, email addresses, and even cryptocurrency wallets.

Even though the practice has become more common in recent months, with the number of reported incidents on the rise, according to Taraz,i REACT believes only a few dozen individuals to be behind the attacks.

“For the amounts being stolen and the number of people being successful at taking it, the numbers are probably historic,” Terazi said to KrebsonSecurity. “We’re talking about kids aged mainly between 19 and 22 being able to steal millions of dollars in cryptocurrencies.

$100,000 Worth of Bitcoin Stolen

REACT was prompted to investigate SIM swapping attacks in June after thieves stole more than $100,000 worth in Bitcoin from Christian Ferri, CEO of cryptocurrency company BlockStar. Ferri was on a business trip when he discovered his mobile phone no longer received service. Later he learned his SIM card had been deactivated after criminals successfully issued a ‘duplicate’ of it, and stole a significant amount of BTC from his personal wallet.

Although initially T-mobile, Ferri’s mobile services provider, claimed criminals obtained access to Ferri’s number by presenting a fake ID at one of their stores, it soon became clear the real culprits were more likely working from within the company.

“[REACT Task Force] said there were employees of the company who had built a special software tool that they could use to connect to T-Mobile’s customer database, and that they could use this software from their home or couch to log in and see all the customer information there,” Ferri told KrebsonSecurity. “The investigator didn’t explain exactly how it worked, but it was basically a backdoor entrance that they were reselling on the Dark Web, and it bypassed whatever security there was and let them go straight into the customer database.”

When asked by KrebsonSecurity about the backdoor that was allegedly available for purchase on the Dark Web, REACT detective Caleb Tuttle refused to provide any details.

“We’re not going to talk about that,” Tuttle scorned the interviewee. “Deal with it.”

Reading now