Authorities have taken down a criminal network of 10 individuals across various countries for allegedly running a scheme that resulted in millions stolen from US celebrities, including sport stars, social media influencers and musicians.
A total of 10 individuals have been arrested in the UK, Scotland, Malta and Belgium for allegedly orchestrating a mass attack on thousands of victims throughout 2020. Authorities report that over $US100 million ($AU129 million) in cryptocurrency was stolen and various social media accounts and apps belonging to well-known celebrities were hacked. The victims have not publicly been identified.
The cyber attack was part of a key trend on the rise known as ‘SIM swapping’, which enables an attacker to have complete access to a victim’s phone by deactivating their sim card and then porting the number to a SIM that they control. The number transfer is done though phone service providers, made possible by corrupt employees or using what the authorities call “social engineering techniques.”
After control of a phone is gained, passwords are changed, the victim is locked out, and the hackers have access to the accounts – including banking apps and emails.
The takedown of the group, whose alleged members are said to be aged between 18 to 26, was an international joint effort by England’s National Crime Agency, Europol’s European Cybercrime Centre, the US Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office.
“SIM swapping requires significant organisation by a network of cyber criminals, who each commit various types of criminality to achieve the desired outcome,” Paul Creffield, head of operations in the NCA’s National Cyber Crime Unit, said in a statement.
“This network targeted a large number of victims in the US and regularly attacked those they believed would be lucrative targets, such as famous sports stars and musicians.
“In this case, those arrested face prosecution for offences under the Computer Misuse Act, as well as fraud and money laundering as well as extradition to the USA for prosecution.”
Europol shared the following tips to stay as safe as possible from SIM swapping:
- Keep your devices’ software up to date
- Do not reply to suspicious emails or engage over the phone with callers that request your personal information
- Limit the amount of personal data you share online
- Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
- When possible, do not associate your phone number with sensitive online accounts