The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the “The Community”; the indictment says the telco employees helped their confederates undertake “port-out” scams (AKA “SIM-swapping” AKA “SIM hijacking”), which allowed criminals to gain control over targets’ phone numbers, thereby receiving SMS-based two-factor authentication codes.
Once in possession of these codes, attackers could take control of targets online accounts, including their banking and cryptocurrency exchange accounts (and also web-based email accounts that could serve as a gateway to many other systems). The returns could be massive, and several cryptocurrency users suffered losses in the millions.
SIM-swapping benefits from the overall lax security at phone companies, but the DOJ says that the insiders made it much easier to undertake these attacks against high-value targets. According to the DOJ, sometimes the insiders simply reached into the system and changed ownership of phone numbers; other times, they provided confederates with the information needed to trick customer service reps at the telcos into making the switch.
Insiders have been implicated in SIM-swapping since the beginning, and criminals cultivated “plugs” (insiders) who would augment their low wages with bribes to help with SIM-swaps. The indictment paints a picture of plugs who made a few hundred dollars for helping with frauds that netted millions.
The security economics are pretty straightforward here: phone numbers used to be low value, then they were repurposed to protect high-value assets, and the assumptions about how far attackers would go to steal phone numbers remained the same, while the actual lengths increased considerably.
The two former AT&T contractors in Tucson, Arizona were Robert Jack and Jarratt White.
White allegedly received bribes from one of the criminals who was part of “The Community,” according to a criminal complaint. White, according to the feds, helped the criminals steal more than $2 million from several victims by performing 29 fraudulent SIM swaps. White communicated with the criminals via Telegram, according to the document.
Jack, who was an associate of White, allegedly performed twelve fraudulent SIM swaps in May of 2018. White allegedly paid Jack $585.25 for his help in the SIM swapping conspiracy, according to the complaint.
AT&T Contractors and a Verizon Employee Charged With Helping SIM Swapping Criminal Ring [Lorenzo Franceschi-Bicchierai/Motherboard]
Warren Buffet is famous for identifying the need for businesses to have “moats” and “walls” around their profit-centers to keep competitors out, and data-centric companies often cite their massive collections of user-data as “moats” that benefit from “network effects” to make their businesses good investments.
NSO Group is a notorious Israeli cyber-arms dealer whose long trail of sleaze has been thoroughly documented by the University of Toronto’s Citizen Lab (which may or may not be related to an attempt to infiltrate Citizen Lab undertaken by a retired Israeli spy); NSO has been implicated in the murder and dismemberment of the […]
Tenants in New York City have reached a settlement with their landlord requiring the landlord to install actual locks with actual keys on demand, rather than insisting that all tenants use locks from Latch, the leading Internet of Things “smart lock” vendor, whose products conduct fine-grained surviellance on their users, which the company reserves the […]
Tired of bulging pockets? It seems crazy that we’re carrying around tiny AI computers in one pocket, while the other one is overstuffed with cash, cards and old receipts held together by a flimsy piece of cloth or leather. The bad news is, most of us still need those cards (and occasionally, even the cash). […]
Ask any webmaster, photographer or graphic designer: Adobe Photoshop is about so much more than touching up pictures. If you want to learn a wide array of marketable skills in this essential software, there’s no better way than to dive in with the Complete Photoshop Master Class Bundle 2019. Even if you’ve never so much […]
Plastic straws are on their way out. Big cities and entire states have realized this, and more are sure to join Seattle, California and a growing number of others in curbing the use of single-serve straws in the months and years to come. The thing is, there’s already 175 billion of them going into our […]