Police have arrested 10 individuals suspected of being part of an international gang that targeted U.S. celebrities by taking control of their phone numbers to steal large amounts of cash and cryptocurrency.
Authorities say the gang used SIM-swapping attacks to steal victims’ phone numbers, reset passwords and then seize control of their bank accounts and cryptocurrency wallets.
“The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sports stars, musicians and their families,” says Europol, the EU’s law enforcement agency.
“The criminals are believed to have stolen from them over $100 million in cryptocurrencies after illegally gaining access to their phones,” says Europol, which helped coordinate the year-long investigation that involved law enforcement agencies in the U.K., U.S., Belgium, Malta and Canada.
Britain’s National Crime Agency says eight men – aged 18 to 26 – were arrested in England and Scotland on Tuesday as part of the investigation. That followed the earlier arrest of two suspected members of the gang in Malta and Belgium.
Europol says the gang used SIM-swapping attacks, which “involve cybercriminals taking over use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.”
After that, the NCA says that criminals used the “change password” function on apps to change the password to one that they controlled, which then allowed them to receive reset codes sent via SMS to the phone. “After changing the passwords, the victim is denied access and the criminals have free reign over their contacts, banking apps, emails and social media accounts,” the NCA says.
Gang Sought ‘Lucrative Targets’
Police say the gang they disrupted chose their victims with an eye to maximizing their illicit returns.
“This network targeted a large number of victims in the U.S. and regularly attacked those they believed would be lucrative targets,” says Paul Creffield, head of operations in the NCA’s National Cyber Crime Unit. “As well as causing a lot of distress and disruption, we know they stole large sums from their victims, from either their bank accounts or bitcoin wallets.”
Police say they were able to alert some victims about their phone numbers being seized by the gang.
All of the suspects arrested in the U.K. face prosecution under the country’s Computer Misuse Act, as well as on fraud and money laundering charges. They also face extradition to face U.S. charges.
In the U.S., the FBI, Department of Homeland Security, Secret Service and California’s Santa Clara District Attorney’s Office all were part of the investigation.
“The multijurisdictional arrests announced today illustrate the importance of building strong partnerships,” says Michael D’Ambrosio, the assistant director of the Secret Service’s Office of Investigations. “The Secret Service would like to thank our domestic and international law enforcement partners for their steadfast commitment and cooperation in this case.”
SIM-Swapping Attacks on the Rise
Europol’s latest Internet Organized Crime Threat Assessment, released last October, singled out SIM swapping as a rising crime trend, warning that the tactic has been causing “significant losses” and also attracting much more attention from law enforcement agencies.
“As a highly targeted type of social engineering attack, SIM swapping can have potentially devastating consequences for its victims, by allowing criminals to bypass text message-based two-factor authentication measures gaining full control over their victims’ sensitive accounts,” the report stated.
Cryptocurrency-Enabled Crime Trends
News of the arrests comes in the wake of a new report from blockchain analysis firm Chainalysis, which found that the overall value of cryptocurrency tied to crime in 2020 decreased from 2019.
The pseudo-anonymous nature of bitcoin and other cryptocurrencies, as well as the increased privacy features that are a component of monero and some other types of cryptocurrency, have led to widespread adoption by criminals and nation-states – for example, for money laundering.
North Korean Hackers Seek Cryptocurrency
Cryptocurrency exchanges, many of which lack regulated financial services firms’ investment and expertise in security matters, have also been repeat hacking targets for criminals and nation-states alike.
Since at least mid-2017, for example, hackers affiliated with the government of North Korea have been targeting cryptocurrency exchanges and banks to fund the regime, which faces tough economic sanctions, many of which were imposed over the country’s nuclear weapons program.
The UN says from January 2017 to September 2018, North Korea carried out at least five successful attacks against cryptocurrency exchanges in Asia, resulting in the theft of $571 million in currency.
In late 2019, a UN report warned that “widespread and increasingly sophisticated” cyberattacks tied to North Korea continued to help fund the regime as well as drive an estimated $2 billion into developing weapons of mass destruction.
On Tuesday, Japan’s financial newspaper Nikkei reported that a new UN report prepared for the Security Council’s North Korea Sanctions Committee estimates that in 2019 and 2020, North Korea stole $316 million from cryptocurrency exchanges. The report said $218 million had been stolen by hacking a cryptocurrency exchange in September 2020. Timing-wise, that would be a fit for the hack of Singapore-headquartered exchange KuCoin, which lost an estimated $281 million via a hack on Sept. 26, 2020.
The UN report also notes that North Korean hackers in at least two cases used “chain hopping” – buying stolen cryptocurrencies using other types of cryptocurrency – to help launder stolen funds, using traders in China, Nikkei reports.