Technology
First hacker convicted for SIM swapping gets 10 years in prison
A college student is facing 10 years in prison for stealing millions in cryptocurrency using a method called “SIM swapping.”
According to , 20-year-old Joel Ortiz of Boston accepted a plea deal for stealing more than $5 million in cryptocurrency from around 40 victims. Ortiz plead guilty to and was sentenced to 10 years in prison as part of his plea deal.
Ortiz was able to steal the cryptocurrency through a hacking method known as SIM swapping. Krebs on Security has reported on of SIM swapping throughout the past few months.
Over the last year, a number of brazen SIM hijackers have been arrested, such as 21-year old who allegedly stole a million dollars in cryptocurrency. However, authorities say Ortiz is the first person to be convicted of a crime involving SIM swapping.
SIM swapping is a technique that mainly involves the social engineering of a target’s mobile phone provider. Using personal information obtained on their target, a hacker will attempt to convince the target’s mobile phone provider to port their phone number over to a SIM card belonging to the hacker.
Once the swap occurs, the hacker has essentially hijacked their target’s mobile phone number. One-time passwords, verification codes, and two-factor authorization that goes through a user’s mobile device via phone call or text message gets sent to the hacker.
Email, bank, and cryptocurrency accounts have often been the targets of SIM swapping. Social media accounts have also see a rise in hijacking through this method. Over the past few months, there’s been a significant uptick in high-profile stolen through methods like SIM swapping.
Two-factor authorization has especially been upended by the practice of SIM card hijacking. Many forms of require a user to send an SMS message to their mobile devices when signing in to an account along with their password. The process was often sold as a must-enable security protocol which would eliminate most forms of hacking. SIM swapping has caused many security experts to re-strategize when it comes to authentication methods involving text messages.
The long-held assumption was that hackers may be able to guess your password, but they can’t remotely steal your physical mobile device too. Hackers proved that line of thinking wrong by showcasing how they don’t need to steal the actual device — just the mobile number will do.
-
Entertainment7 days ago
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
-
Business6 days ago
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
-
Business5 days ago
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
-
Business4 days ago
Tesla layoffs hit high performers, some departments slashed, sources say
-
Entertainment6 days ago
‘The Sympathizer’ review: Park Chan-wook’s Vietnam War spy thriller is TV magic
-
Business5 days ago
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
-
Entertainment4 days ago
ChatGPT vs. Gemini: Which AI chatbot won our 5-round match?
-
Business3 days ago
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal