British, Scottish Charged with Stealing Online Accounts, Money
Eight men were arrested in England and Scotland for their roles in SIM swapping attacks. The victims were all celebrities in the United States. The suspects range in age from 18 to 26 years old.
The victims are well-known influencers, sports stars, famous musicians, and their families in the United States. The attackers chose these targets because of their perceived wealth.
The attackers gained access to the victims’ phones via a type of cyberattack known as SIM swapping. They then used the devices to gain access to online accounts associated with that phone number.
The victims were relieved of large sums of money from either their bank accounts or bitcoin wallets.
The suspects were charged under the Computer Misuse Act, as well as fraud and money laundering charges. Also, they may be extradited to the States for prosecution says the US Secret Service in their announcement.
The United Kingdom’s National Crime Agency (NCA) led the UK investigation on the attacks.
“NCA Cyber Crime officers, working with agents from the U.S. Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office, uncovered a network of criminals in the UK working together to access victims’ phone numbers and take control of their apps or accounts by changing the passwords,” states an announcement from the US Secret Service.
The operation was coordinated by the NCA and involved officers from Police Scotland, the Metropolitan Police Service, East Midlands and North East Special Operations Units, and the West Midlands Regional Organised Crime Unit.
What is SIM Swapping?
SIM swapping attacks occur when the attacker steals access to a victim’s phone by changing the SIM card the victim’s wireless account is attached to.
After gaining control of the phone number, criminals use the ‘change password’ function on installed apps. This lets them receive password reset codes sent via SMS text messages.
Once the user’s phone number and device ID are attacked to another SIM card) the attackers used it to steal online accounts. The suspects could use the phone to reset passwords, intercept text message used for two-factor authentication (2FA) and hijack social media accounts.
The fraudsters can also access email accounts to find out which online accounts are connected to it. They use SMS text messages and emails to reset passwords and steal money,
“Cyber criminality is not restricted by borders and our efforts to tackle it reflect that. This investigation is the result of successful collaboration with international partners in the U.S. and Europol, as well as our law enforcement colleagues here in the UK,” said Paul Creffield, head of operations in the NCA’s National Cyber Crime Unit.
Some attacks were intercepted and the targets notified with enough time to stop any theft.