Eight cybercriminals have been arrested in England and Scotland for their involvement in a series of SIM Swapping attacks by hijacking phone numbers of high-profile individuals in the U.S. The recent arrests follow the earlier detentions in Malta and Belgium (1 arrest in each country) of other members belonging to the same criminal group.
The international investigation was jointly conducted by law enforcement authorities from the U.K., the U.S., Belgium, Malta, and Canada, with coordination from Europol. The investigation found that the attackers targeted thousands of victims in 2020, including popular sports stars, musicians, internet influencers, and their family members. It is suspected that the criminals may have stolen over $100 million in cryptocurrencies after illegally gaining access to the celebs’ mobile devices.
What’s a SIM Swapping Attack?
A SIM Swapping attack is one of the simplest ways for cybercriminals to bypass users’ 2FA protection. In a SIM Swap attack, the attacker calls service providers and tricks them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to victims’ sensitive data.
The National Crime Agency (NCA) in the U.K. stated that the cybercriminal group worked together to take control of the victims’ mobiles and changed passwords of their applications and accounts. This allowed the attackers to compromise victims’ social media accounts and steal cryptocurrencies and sensitive information, including contacts synced with online accounts.
Authorities warned mobile users to be vigilant about suspicious activities. Besides, the officials recommended security measures to avoid such security incidents. These include:
- Keep your devices up to date.
- Do not reply to suspicious emails or engage over the phone with callers that request your personal information.
- Limit the amount of personal data you share online.
- Use two-factor authentication (2FA) for your online services, rather than having an authentication code sent over SMS.
- Avoid associating your phone number with sensitive online accounts.
“SIM swapping requires significant organization by a network of cybercriminals, who each commit various types of criminality to achieve the desired outcome. This network targeted a large number of victims in the U.S. and regularly attacked those they believed would be lucrative targets, such as famous sports stars and musicians. In this case, those arrested face prosecution for offenses under the Computer Misuse Act, as well as fraud and money laundering as well as an extradition to the USA for prosecution,” said
Paul Creffield, Head of Operations at the NCA’s National Cyber Crime Unit.
“As well as causing a lot of distress and disruption, we know they stole large sums from their victims, from either their bank accounts or bitcoin wallets. Cyber criminality is not restricted by borders and our efforts to tackle it reflect that. This investigation is the result of successful collaboration with international partners in the U.S. and Europol, as well as our law enforcement colleagues here in the U.K.,” Creffield added.