SIM-swapping Cybercriminals Steal Over $100 Million From Celebrities

SIM card

Nowadays the meshing of the real world and the virtual world is very apparent when a malicious attacker’s simple keystrokes can invoke considerable damage and disruption, as well as gain the attention of the highest levels of authority.

As the internet becomes more accessible to everyone, it is becoming a regular occurrence for authorities to be involved in cybercrime cases. This can include anything from local pranksters accessing internet-of-things devices in what is called ‘swatting’, to far-reaching international malware campaigns that are a matter of national security. In some cases, even the most basic human facilities are not safe from cybercriminals.

Cybercrime always follows ROI, or return on investment -the criminal operation should ideally result in as much a lucrative conclusion as possible. In this recent investigation, cybercriminals have used the ‘SIM-Swapping’ technique to orchestrate a very lucrative cybercrime involving countless celebrities.

What is SIM-Swapping?

SIM-swapping is not a new occurrence in cybercrime. As its name suggests, cybercrime involves phone numbers, the victim’s mobile carrier information, and a method of swapping. To get into more detail about SIM-swapping and what it entails, it is critical to note that;

  • SIM-swapping involves stolen or phished mobile phone numbers
  • The technique involves using the phone numbers for impersonation

It is a rather simple scheme that is socially engineered, in that a cybercriminal individual or group will first acquire the credentials listed above, and work on the following;

  • Breaching/hacking directly into data of the victim
  • Use phishing techniques
  • Do social media research on the victim
  • Use malware intrusions

Following these steps, and once the most crucial data is gathered (that is, the phone number and carrier of the target) the cybercriminal will contact the mobile carrier and trick the operator into ‘porting’ that number to a SIM card in his/her possession. With that completed, the details are now ‘swapped’, and the cybercriminal has complete access to the victim’s SIM card. This means that accessing the private SMS messages and bank account details of the target will be simple for the cybercriminal, as well as the ability to impersonate them.

International SIM-Swapping Investigation Led to Several Arrests

In this recent case, an ongoing Europol investigation has led to the arrest of 8 individuals. The case concerns a widely distributed group of SIM-hijacking cybercriminals. The investigation revealed that they were operating across Europe, 8 individuals were arrested in the U.K. and there were more individuals which were caught in Malta and Belgium, according to information from Europol.

According to more information from The National Crime Agency (NCA), the criminals that were caught were targeting “high-profile” people in the United States. The criminal ring was targeting thousands of people throughout the past year which included celebrities and their families. The type of celebrities targeted ranged from internet influencers to musicians and sports figures. According to official information, it is believed that the gang has stolen over 100 million dollars in total.

The theft also involved “cryptocurrency and personal information, including contacts synced with online accounts”. Furthermore, “They also hijacked social media accounts to post content and send messages masquerading as the victim”.

Law enforcement agencies from the United Kingdom, United States, Belgium, Malta, and Canada were involved in this operation. The operation was monitored and coordinated by Europol.

The Investigation is Ongoing

The investigation has not been concluded, and suspected ring members still remain hidden. Europol recommends the following points to stay safe from SIM-swapping;

  • Keep software updated
  • Always use multi-factor authentication
  • Take care with social media
  • Never open suspicious links or files
  • Update passwords regularly
  • Set a custom PIN for the SIM card
  • Check financial statements regularly
  • Never associate phone numbers with online accounts

Europol also recommends that should one lose phone reception, to report it to the service provider immediately. If a SIM-swap is confirmed at that stage, reporting it to the police is the only option.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.