Police in California arrested a 20 year old from Boston at Los Angeles International Airport on his way to Europe. The individual, Joel Ortiz, was accused of targeting cryptocurrency entrepreneurs by compromising their two factor authentication hosted on their mobile phone number by a method called SIM swapping. The results of his activities are rumored to have resulted in the theft of five million dollars and forty phone numbers hijacked.
According to multiple sources, it is suspected that Joel along with a group of accomplices were able to socially engineer cell phone providers to send them a replacement SIM card for victims that enabled them to hijack the phone number to a device of their choice. Once this is in place, the attackers are able to receive text messages related to two factor authentications and account resets.
The attacker took some obvious actions in some instances tipping his hand that he had hijacked the device. One of the victim’s daughter got a text message requesting to “TELL YOUR DAD TO GIVE US BITCOIN.”
Seeing that the attacker group was led by a 20 year old that took some careless actions against victims and on his social media regarding his spending habits, it is possible that this method of attack could be used by more sophisticated threat actors against organizations that use two factor authentication with mobile devices.
Proficio Threat Intelligence Recommendations:
- For personal and corporate devices, take actions with the cell phone provider for an extra layer of security to prevent SIM Swapping (ex: Implement T-Mobile “care password”).
- Assess and secure any two factor authentication used by the organization around text messages or phone call verification procedures.
General Information – Click Here