10 years in jail for stealing millions from fake phone numbers

In 2018, U.S. authorities arrested several men suspected of using “SIM swapping,” a form of identity theft, to steal millions of dollars.

The practice has long been known but will be condemned by the courts for the first time. In late January, U.S. citizen Joel Ortiz pleaded guilty to stealing millions of dollars using SIM swaps, a practice of stealing someone’s mobile phone number.

The young student has reached an agreement with the court and will be formally sentenced to 10 years in prison on March 14, according to Santa Clara Assistant Attorney Erin West, quoted by the dedicated website Motherboard. He was arrested by California authorities last July and overwhelmed with multiple charges (hacking, identity theft, theft).

What is “SIM Swap”?
The term refers to the act of “stealing” someone’s cell phone number, usually just a phone call away. In fact, your number is associated with the SIM card. This little chip in the phone can identify you. In short, you can connect to phone networks 3G and 4G.

In most cases of “SIM swapping,” the hacker contacts your carrier’s customer service to pretend it’s you. Claims that your SIM card (in your phone) is lost, faulty or stolen, then he asks to activate your number on a new card (which he has). To convince the customer service on the phone, he used personal information (date of birth, address, customer number, etc.) that he could find on the Internet or by other means. Once the operation is successful, the hacker can receive calls and text messages on your behalf.

The extent of this usurpation is unknown. In France, this type of fraud was mentioned in the latest report by the Interior Ministry on cybercrime, but no data was provided to estimate the extent of this fraud.

Why do hackers use this method?
In a case of interest to U.S. justice, Joel Ortiz stole about 40 phone numbers. They are then used to steal accounts on social networks, especially virtual wallets that access cryptocurrencies such as Bitcoin. In one case, the student stole $1.5 million from an entrepreneur who had just invested in cryptocurrency.

In fact, in order to protect their accounts on social networks and other sites, Internet users are invited to activate two-factor authentication: once you have entered your password, you must go through an additional verification stage and enter the temporary code you receive on your phone, for example. So if a hacker cracks or guesses your Facebook or other password, they won’t be able to access your account without this temporary code.

However, by stealing the phone number, hackers can receive this verification code. In some cases, it can even reset your password, so you don’t even need to crack it to take control of your account.

How were pirates discovered?
According to Motherboard, the investigation was conducted by a branch of California authorities specializing in computer crime. Investigators tracked him down thanks to an alert from Joel Ortiz’s investor victim.

In fact, after stealing the victim’s phone number, he used it to make calls. Phone discovered by US carrier AT&T, which identifies both phones by their IMEI number, a unique identifier assigned to each phone. The numbers go back to Joel Ortiz.

They then asked Google for information so they could track down the hacker, who used several mailboxes, one of which contained a selfie taken with his ID.

Last year, U.S. investigators arrested several pirates for allegedly stealing millions of dollars, especially based on “SIM swapping.” On February 1, New York prosecutors announced the indictment of a man suspected of stealing the phone numbers of about 50 people in the United States.

In 2018, U.S. authorities arrested several men suspected of using “SIM swapping,” a form of identity theft, to steal millions of dollars.