Protect Your SIM Card: Hackers Are Targeting Your Cellphone
The Manhattan District Attorney Office announced on Feb. 1 the first prosecution of SIM swapping in New York state when it indicted a 20-year-old Ohio man for allegedly stealing roughly $10,000 in cryptocurrency from three victims.
February 08, 2019 at 11:00 AM
4 minute read
The original version of this story was published on Legal Tech News
Experts say that swapping SIM cards is on the rise as hackers try to gain access to a phone user's finances, unbeknownst to those users.
SIM (subscriber identity module or subscriber identification module) cards are the small smart cards that contain information identifying a specific phone network that allows the user to use most functions on their device. Hackers are contacting a target's cellphone carrier, answering simple security questions and swapping the phone number associated to a SIM card they control.
“Then the perpetrator has control of that phone number for however long it takes the victim to realize their phone number has been hijacked,” explained Scott Greene, founder of Evidence Solutions Inc., a digital forensics firm.
The rise in SIM swapping is in response to many organizations requiring multifactor authentication to access accounts, experts said. For instance, along with requiring a password, a bank may also require sending a temporary passcode or hyperlink to a phone number or email address to verify the user.
“More companies have been adding multifactor; now the attackers have to find a way to bypass that,” said Joshua Crumbaugh, CEO of PeopleSec. “The path of least resistance is SIM swapping and getting their hands on that code and getting into your account.”
As companies attempt to strengthen their cybersecurity, hackers' methods will evolve, Crumbaugh added. Likewise, prosecutors across the nation have responded and announced the arrest of alleged SIM hackers.
In San Francisco, the U.S. Department of Justice indicted two men accused of SIM swapping executives of cryptocurrency-related companies and cryptocurrency investors. In January, Santa Clara County, California, law enforcement were the first in the U.S. to convict a SIM swapper after a Boston-area man pleaded no contest to using SIM swapping to allegedly steal $1 million worth of bitcoin, according to media reports.
The Manhattan District Attorney Office announced on Feb. 1 the first prosecution of SIM swapping in New York state when it indicted a 20-year-old Ohio man for allegedly stealing roughly $10,000 in cryptocurrency from three victims. Manhattan District Attorney Cyrus Vance Jr. noted in the press release announcing the indictment, “We're also asking wireless carriers to wake up to the new reality that by quickly porting [transferring] SIMs—in order to ease new activations and provide speedy customer service—you are exposing unwitting, law-abiding customers to massive identify theft and fraud.”
Indeed, the multifactor authentication process required by most companies usually only entails answering personal questions that may be easily gleaned from social media or requires access to a phone number.
“That's why they are targeting telecommunication providers,” PeopleSec co-founder Crumbaugh said. “They will allow you access to the account, with minimal information about the person.”
SIM swapping targeting cryptocurrency has made the news recently, but those contacted by Legaltech News said anyone with access to finances or sensitive data can be targets, including those in high-profile occupations such as lawyers.
“Two trends I've seen here are people who are more financially affluent, either perceived or actual, are heavily targeted,” Crumbaugh noted. “They are already a target in that regard and on top of that, it tends to be people active on social media.”
As organizations find new ways to protect users' data and hackers find loopholes for those safeguards, the cybersecurity professionals suggested using voice over IP (VoIP) or Google Voice for accounts so those accounts aren't associated with a SIM.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All200 Hrs. of Partner Prep Guides Quinn Emanuel's Incredibly Detailed Mock Bankruptcy Trial
Davis Polk Capital Markets Attorney Heads to Morgan Lewis
NY Federal Judge Rules Online-Only Retailers Cannot Face ADA Claims
Trending Stories
Who Got The Work
Clark Hill members Vincent Roskovensky and Kevin B. Watson have entered appearances for Architectural Steel and Associated Products in a pending environmental lawsuit. The complaint, filed Aug. 27 in Pennsylvania Eastern District Court by Brodsky & Smith on behalf of Hung Trinh, accuses the defendant of discharging polluted stormwater from its steel facility without a permit in violation of the Clean Water Act. The case, assigned to U.S. District Judge Gerald J. Pappert, is 2:24-cv-04490, Trinh v. Architectural Steel And Associated Products, Inc.
Who Got The Work
Michael R. Yellin of Cole Schotz has entered an appearance for S2 d/b/a the Shoe Surgeon, Dominic Chambrone a/k/a Dominic Ciambrone and other defendants in a pending trademark infringement lawsuit. The case, filed July 15 in New York Southern District Court by DLA Piper on behalf of Nike, seeks to enjoin Ciambrone and the other defendants in their attempts to build an 'entire multifaceted' retail empire through their unauthorized use of Nike’s trademark rights. The case, assigned to U.S. District Judge Naomi Reice Buchwald, is 1:24-cv-05307, Nike Inc. v. S2, Inc. et al.
Who Got The Work
Sullivan & Cromwell partner Adam S. Paris has entered an appearance for Orthofix Medical in a pending securities class action arising from a proposed acquisition of SeaSpine by Orthofix. The suit, filed Sept. 6 in California Southern District Court, by Girard Sharp and the Hall Firm, contends that the offering materials and related oral communications contained untrue statements of material fact. According to the complaint, the defendants made a series of misrepresentations about Orthofix’s disclosure controls and internal controls over financial reporting and ethical compliance. The case, assigned to U.S. District Judge Linda Lopez, is 3:24-cv-01593, O'Hara v. Orthofix Medical Inc. et al.
Who Got The Work
Attorneys from Cadwalader, Wickersham & Taft and Pryor Cashman have entered appearances for Diageo Americas Supply d/b/a Ciroc Distilling Co. and Sony Songs, a division of Sony Music Publishing, respectively, in a pending lawsuit. The case was filed Sept. 10 in New York Southern District Court by the Bloom Firm and IP Legal Studio on behalf of Dawn Angelique Richard. The plaintiff, who performed as a member of producer Sean 'Diddy' Combs girl group Danity Kane and later his band, Diddy - Dirty Money, claims that she was financially exploited by Combs and subjected to inhumane working conditions. Among other violations, Richard claims that Combs required group members to remain at his residences and studios, deprived them of adequate food and sleep and forced them to rehearse for 36 to 48 hours without breaks. The case, assigned to U.S. District Judge Katherine Polk Failla, is 1:24-cv-06848, Richard v. Combs et al.
Who Got The Work
Mathilda McGee-Tubb and Kevin M. McGinty of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, as well as Jesse W. Belcher-Timme of Doherty, Wallace, Pillsbury & Murphy, have stepped in to defend Peter Pan Bus Lines in a pending consumer class action. The suit, filed Sept. 4 in Massachusetts District Court by Hackett Feinberg PC and KalielGold PLLC, accuses the defendant of charging undisclosed 'junk fees' on top of ticket prices during checkout. The case, assigned to U.S. District Judge Mark G. Mastroianni, is 3:24-cv-12277, Mulani et al v. Peter Pan Bus Lines, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250