British law enforcers have arrested eight men on suspicion of running a SIM swapping ring targeting US celebrities and sports stars.
The National Crime Agency (NCA) led the investigation in the UK, working alongside agents from the US Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office.
SIM swapping is an increasingly popular way to hijack high-profile users’ social media and other accounts, and can also be used to steal cryptocurrency. Those behind the attacks typically either socially engineer carrier employees into porting the target’s number to a new SIM under their control, or use a malicious insider to do the same.
In this campaign, those arrested are suspected of targeting a range of “well-known influencers, sports stars, musicians and their families.” The NCA was tight-lipped on the identities of these victims.
However, it did reveal that the attackers used their access to victims’ phone numbers to takeover various accounts linked to their mobile devices and change the passwords. In such cases, reset codes are typically sent via SMS to the phone number linked to the account, landing it right in the lap of the cyber-criminal.
This enabled them to post on social media and send messages masquerading as the victims, and to steal money from bank and Bitcoin accounts and personal information including synced contacts.
The suspects arrested in England and Scotland were aged 18-26. Officers from Police Scotland, the Metropolitan Police Service, East Midlands and North East Special Operations Units, and the West Midlands Regional Organized Crime Unit supported the NCA.
Paul Creffield, head of operations at the NCA’s National Cyber Crime Unit, argued that the attackers singled out their victims as being lucrative targets.
“SIM swapping requires significant organization by a network of cyber-criminals, who each commit various types of criminality to achieve the desired outcome. In this case, those arrested face prosecution for offences under the Computer Misuse Act, as well as fraud and money laundering as well as extradition to the US for prosecution,” he added.
“As well as causing a lot of distress and disruption, we know they stole large sums from their victims, from either their bank accounts or Bitcoin wallets.”