These hackers are part of the group called “The Community.”
According to an announcement made by the U.S. Department of Justice (DoJ), six men have been charged for SIM swapping fraud that resulted in the theft of nearly $2.5 million ($2,416,352) worth of cryptocurrency.
The six men are reportedly part of a hacking group called The Community. In the 15-count indictment that was unsealed today, the US DoJ revealed that The Community hacking group consists of five Americans and one Irish individual.
Three more individuals, who are of American origin and former employees of mobile phone providers, are suspected to be part of the wire fraud too, hence, in total nine individuals are accused of stealing cryptocurrency through SIM swapping fraud.
Charged in the indictment were: Conor Freeman, 20, of Dublin, Ireland, Ricky Handschumacher, 25 of Pasco County, Florida, Colton Jurisic, 20 of, Dubuque, Iowa, Reyad Gafar Abbas, 19, of Rochester, New York, Garrett Endicott, 21, of Warrensburg, Missouri, Ryan Stevenson, 26, of West Haven, Connecticut.
Charged in the criminal complaint were: Jarratt White, 22 of Tucson, Arizona, Robert Jack, 22 of Tucson, Arizona, Fendley Joseph, 28, of Murrietta, California.
“The indictment alleges that, once “The Community” had control of a victim’s phone number, the phone number was leveraged as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and cryptocurrency exchange accounts,” said the press release. “The Community” would use their control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes that allowed them to bypass security measures.”
SIM swapping is also known as SIM Hijacking. It is a kind of identity theft in which an attacker managed to create a new SIM card of any number fraudulently and use it for personal gains, without the knowledge or consent of the original user of the phone number.
To get the duplicate SIM card, the attacker usually calls the telecom firm and convinces their customer support service for being the actual owner of the phone number by providing the target’s personal information. Thus, the telecom firm ports the phone number to a new SIM card that is received by the attacker.
The Community hackers had the support of three mobile phone service providers’ employees therefore, they were able to pull the attack off successfully. The group managed to steal the identities of those individuals who were subscribers to that mobile phone service provider after they bribed the three employees.
After SIM swapping, the attacker used the phone numbers to change the passwords and access the victims’ online accounts, which included cryptocurrency exchange wallets and accounts, cloud storage, and email accounts, using the 2FA and other verification codes they received on the mobile numbers. The Community, allegedly, used the techniques nearly seven times.
It is worth noting that accessing someone’s phone number can lead to allowing scammers bypassing all kinds of security measures such as two-factor authentication and obtain full control of the victim’s online accounts.
As for the ongoing case, the hackers will be facing multiple charges of fraud and identity theft and the three mobile phone company employees are charged with accepting bribes to commit crimes and wire fraud. They might receive several decades in jail if found guilty.
The charges were announced by U.S. Attorney Matthew Schneider along with U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) Detroit Angie Salazar while the charges were announced in the Eastern District of Michigan.