The method for stealing SIM cards has been reinvented and used in crypto robbery.
The estimate of the damage is about two million dollars.
Joel Oritz, a student at Massachusetts University, has been accused of having stolen about 40 SIM cards and taken over their telephone numbers.
It is not yet clear how the hacker came into possession of the cards, but the most affected victim said he attended the Consensus conference in New York last May and immediately suspected of being a victim of a hacker because the rumours talking about this method were already circulating in the crypto world.
According to official documents, the victim immediately went to a point of sale of the telephone company across the street in an attempt to prevent the theft, but the hacker had already managed to steal $1.7 million from him.
In addition to taking the cryptocurrencies from the so-called hot wallets, that is from those connected to the Internet, Oritz was able to collect the cryptocurrencies also kept in cold storage (deposits without the need for an Internet connection). The prosecutor is still investigating the method of execution.
After taking possession of the users’ SIM cards and accessing their phone number, the 20-year-old student was able to enter the victims’ online accounts.
Many online accounts, such as Google’s, can be used without a password: just have the phone number linked to the account in question.
Illegally appropriating SIM cards is an emerging threat that forces some to change the way their accounts are insured.
“There is a reason why the identity management guys who think about this all day have moved to physical (authentication),” said Michael Sulmeyer, director of Belfer Center’s Cyber Security Project Director at Harvard Kennedy School. “They’re aware that this is a problem.”