DOJ: Pair Used SIM Swapping Scam to Steal CryptocurrencyTwo Men Targeted 10 Executives Who Had Cryptocurrency Connections
A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday.
Most of the 10 executives who were targeted worked for blockchain companies or cryptocurrency exchanges or published guides and advice about virtual currencies and digital wallets, according to the U.S. Attorney's Office for the District of Massachusetts, which is overseeing the case.
The reason that these types of victims were targeted, according to the indictment, is they "likely had significant amounts of cryptocurrency," prosecutors say. Many of the victims had significant social media followings, they note.
According to the unsealed indictment, Eric Meiggs, 21, and Declan Harrington, 20, hacked into and took over the social media and email accounts of several of these victims and also threatened their families in an attempt to extort more virtual currency.
Meiggs and Harrington, who were arrested Thursday, each face charges of conspiracy, wire fraud, computer fraud and abuse and aggravated identity theft, according to the indictment.
Over two years, starting in November 2017 and ending earlier this month, Meiggs and Harrington allegedly used a number of hacking techniques to compromise victims' email accounts, including Yahoo Mail and Gmail, as well as social media accounts, such as Facebook, Twitter and Instagram, according to the indictment.
Federal prosecutors allege that Meiggs and Harrington favored a hacking technique known as SIM swapping. These attacks started by convincing a mobile operator's customer service employee to move a cell phone number to different SIM card - a swap - or port it to another carrier.
Once they swapped SIM cards, Meiggs and Harrington would pose as one of the victims and then contact the online service provider and request a password reset be sent to the compromised phone number, prosecutors allege.
"The cybercriminals can then reset the victim's account log-in credentials and can then use the log-in credentials to access the victim's account without authorization, or 'hack into' the account," according to the Justice Department.
Once Meiggs and Harrington received the password resets, the two allegedly began taking over various email and social media accounts, according to federal prosecutors.
In one case, the two men used these compromised accounts and credentials to hack into one victim's Coinbase accounts - a type of digital wallet that can be used to buy, sell and store cryptocurrency such as bitcoin and ethereum - to steal about $200,000 in virtual currency, according to the indictment.
In another case, the two men allegedly used one victim's compromised Facebook account to send messages to a number of his contacts and businesses associates. Once these messages were sent, Meiggs and Harrington were able to convince one of these contacts to transfer about $100,000 in cryptocurrency to an account that they controlled, according to the indictment.
In yet another incident, one of the men allegedly called one victim and threatened to kill his wife if he didn't divulge the password for his Instagram accounts, according to the indictment.
In October, the FBI sent out a warning that cybercriminals were developing new techniques, including SIM swapping, as a way to bypass multifactor authentication (see: FBI: Cybercriminals Are Bypassing Multifactor Authentication).
Over the last year, more of these types of SIM swapping cases have come to light. In May, for example, the Justice Department charged nine men in connection with an alleged SIM card swapping scheme that led to the theft of $2.4 million in cryptocurrency (see: Alleged SIM Swappers Charged Over Cryptocurrency Thefts).
In September, Twitter acknowledged that CEO Jack Dorsey's personal account was compromised and used to send out racist messages. In that case, some security analysts suggested that the attackers may have used a SIM swapping technique to compromise the account (see: Hey Jack, How Was Your Account Hacked?).