Former telecom manager admits to doing SIM swaps for $1,000

  • March 15, 2024
  •  
  • 11:26 AM
  •  
  • 0

SIM

A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts.

SIM swapping is an unauthorized porting of a targeted person's phone number to another physical SIM card or eSIM chip controlled by the attacker. These types of attacks are usually conducted via social engineering attacks against customer support agents or through insiders at mobile companies.

This attack aims to take control of the target's phone number to receive SMS-based one-time passwords (OTPs) sent as part of two-factor authentication protection on online accounts.

Receiving these codes allows attackers to take over the target's accounts using stolen credentials, typically acquired through phishing or other data leaks.

Telecom service providers have now implemented measures to prevent such arbitrary number porting events without the involvement or authorization of the owner.

However, the former IT manager, Jonathan Katz, abused his managerial position and highly privileged account at a mobile telecommunications store to overcome security measures and perform unauthorized number ports.

An announcement and court documents published earlier this week by the U.S. Department of Justice (DoJ) explain that Katz (aka "Luna") performed the SIM swaps between May 10 and 20, 2021, while he was a manager for a telecom firm.

Court documents from December 2021, released following Katz's arrest, indicate five victims in Wyoming, New Jersey, California, and Tennessee.

Katz's actions enabled his accomplice to hijack victims' mobile phone numbers and subsequently gain access to accounts, including email, social media, and cryptocurrency wallets.

For carrying the unauthorized number porting, Katz received $1,000 in Bitcoin per SIM swap (total of $5,000), plus an (unspecified) percentage of the profits earned from the illicit access to the victims' devices.

For his actions, Katz faces a statutory maximum of five years in prison and a fine of up to $250,000 or twice the financial gain or loss from the crime. 

The sentencing is scheduled for July 16, 2024.

Căutare
Categorii
Citeste mai mult
Windows 11 tips and tricks
Windows 11 comes with built-in capabilities that make your life easier. Learn how to use...
By AFFA 2024-03-11 17:04:55 0 102
Windows 10 KB5035845 update released with 9 new changes, fixes
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2,...
By AFFA 2024-03-13 15:59:19 0 99
Citrix warns admins to manually mitigate PuTTY SSH client bug
May 9, 2024   03:27 PM   0 Citrix notified customers this week to...
By AFFA 2024-05-10 18:22:51 0 2
Malicious Visual Studio projects on GitHub push Keyzetsu malware
April 10, 2024   07:00 AM   0 Threat actors are abusing GitHub...
By AFFA 2024-04-10 17:07:35 0 43
Microsoft is killing off the Android apps in Windows 11 feature
March 5, 2024   02:23 PM   6 Microsoft has unexpectedly announced...
By AFFA 2024-03-07 16:29:00 0 112