Last minute geek

last minute tech news from around the net

Wednesday, Jul 08th

Last update12:00:00 AM

You are here: English BoingBoing ibag DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

User Rating: / 0
The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Once in possession of these codes, attackers could take control of targets online accounts, including their banking and cryptocurrency exchange accounts (and also web-based email accounts that could serve as a gateway to many other systems). The returns could be massive, and several cryptocurrency users suffered losses in the millions. SIM-swapping benefits from the overall lax security at phone companies, but the DOJ says that the insiders made it much easier to undertake these attacks against high-value targets. According to the DOJ, sometimes the insiders simply reached into the system and changed ownership of phone numbers; other times, they provided confederates with the information needed to trick customer service reps at the telcos into making the switch. Insiders have been implicated in SIM-swapping since the beginning, and criminals cultivated "plugs" (insiders) who would augment their low wages with bribes to help with SIM-swaps. The indictment paints a picture of plugs who made a few hundred dollars for helping with frauds that netted millions. The security economics are pretty straightforward here: phone numbers used to be low value, then they were repurposed to protect high-value assets, and the assumptions about how far attackers would go to steal phone numbers remained the same, while the actual lengths increased considerably. Read the rest

Read all
Comment Policy:
We pre-moderate any comments and welcome all kinds of thoughts, supportive, dissenting, critical or otherwise. We delete or censor comments that are:

* abusive
* off-topic
* contain personal attacks, or against any company or organization
* promote hate of any kind
* use excessively foul language
* is blatantly spam or advertising

We do not discriminate based on the person who is posting, and we never censor comments for political or ideological reasons. We never delete an appropriate comment because we disagree with its viewpoint or ideology, and we never publish an inappropriate comment because we agree with or support its viewpoint or ideology.

Attention spammers: we manually approve all comments. Spamming and blatant advertising will NOT be published on this site and is deleted immediately, you've been warned, do not waste your time here.

Add comment

Security code