Hide your crypto, hide your SIM cards. SIM swapping is on the rise, but so are arrests—and even criminal sentencing.
Last week, two 20-year-old men made headlines for allegedly stealing cryptocurrency through this shockingly simple hacking method, in which perpetrators take control over their victim’s phone by connecting the number to a new SIM card. Dawson Bakies of Ohio was indicted for hijacking the cell numbers of “at least 50 different individuals,” according to an announcement from the Manhattan district attorney’s office. Bakies allegedly stole about $10,000 in cryptocurrency from three New York-based victims, demanding a bitcoin ransom from one of them. His prosecution is the first for SIM swapping in New York.
Across the country, college student Joel Ortiz pleaded guilty in Santa Clara County, Calif. to hijacking close to 40 phone numbers and stealing more than $5 million in cryptocurrency. A report by Motherboard stated that authorities believe Ortiz is the first person to be convicted for the offense of SIM swapping, for which he’ll be spending up to 10 years in prison. His sentencing will take place on March 14.
In order to successfully carry out a SIM swapping scam (also known as SIM porting, or SIM hijacking), a person has to know their target’s phone number. Next, they must contact the target’s wireless carrier to redirect that number to a SIM card belonging to the swapper. The swapper is then able to impersonate the victim by calling and texting from the victim’s number, which also gives the swapper power to reset the victim’s passwords. This can be especially concerning when it comes to two-factor authentication, a commonly used security measure for safeguarding crypto wallets and, well, all kinds of things. Like your Twitter account, perhaps (shhhh).
Get the BREAKERMAG newsletter, a weekly roundup of blockchain business and culture.
According to a Q4 2018 Cryptocurrency Anti-Money Laundering Report by CipherTrace, a company that makes anti-money laundering software, SIM swapping was the hot, new trend for cybercriminals last year. And plenty of crypto holders have reason for concern.
“If you’ve got a crypto wallet that is using your mobile phone as an authentication device, you should be very worried, especially if you hold sizable sums of crypto,” CipherTrace CEO David Jevans tells BREAKERMAG.
Not everyone should be equally concerned. The types of people most likely to hijack SIM cards are “the guys who decide to specialize in crypto theft, so they tend to profile [their victims],” says Jevans. For example, they might find someone who’s very active on the Bitcointalk forum, or whose LinkedIn profile says they’re an higher up at a cryptocurrency company. The Manhattan DA’s office suggested that this was Bakies’s method for choosing victims. (Fun fact: Manhattan investigators searched the iPhone 6 Bakies allegedly used to perpetrate his theft, which included a file titled, “Hacker Shit!”)
Though neither Bakies nor Ortiz appear to be part of organized groups, such groups are common in SIM swapping. SIM swappers who target crypto holders “tend to use groups of lower-paid people to do the SIM porting,” says Jevans. “They’re a group that manages these people and pays them to port over the phones.”
How can you keep your cryptocurrency safe from SIM jackers? You can avoid using two-factor authentication that is connected to your phone number. Jevans recommends using authentication apps like Google Authenticator or Authy since hijacking through a SIM port won’t give a scammer access to your apps.