Declan Harrington from Massachusetts admitted stealing cryptocurrency from many victims and hijacking their Instagram accounts. He was charged with SIM swapping attacks two years ago, and he pleaded guilty for his crimes.
As part of SIM swapping (also known as SIM hijacking) assaults, bad actors deceive or bribe personnel of mobile phone service providers into reassigning their targets’ mobile phone numbers to attacker-controlled SIM cards.
These criminals can then utilize the victims’ phone numbers to defeat SMS-based multi-factor authentication (MFA), steal passwords, and hijack internet accounts.
The combination of Sim Swapping and Death Threats
Owners of high-value (‘OG’ or ‘Original Gangster’) Instagram and Tumblr profiles were targeted by Harrington and Eric Meiggs in November 2019.
These criminals also hunted out CEOs and executives of cryptocurrency companies, along with many others with substantial cryptocurrency in their Coinbase and Block.io wallets.
In total, the two defendants stole more than $530,000 worth of cryptocurrencies from at least ten victims across the United States and gained control of multiple OG social media accounts through multiple SIM switching attacks and death threats.
These strategies and procedures were reportedly used by the two defendants during their attacks, according to court filings:
- It involves identifying possible victims who are likely to be in possession of large amounts of cryptocurrency and then studying them using web resources.
- Sim-swapping victims’ cell phone numbers in order to gain control of their numbers.
- To acquire illegal access to victims’ internet accounts, including email accounts, social media accounts, and cryptocurrency accounts by using the victims’ hijacked phone numbers
- Use of victim’s account access to take over and steal victim’s usernames, as well as their cryptocurrency.
- Trading victims’ log-in passwords, account handles, and cryptocurrency.
- Asking friends and family for money and bitcoin via the victims’ stolen online accounts.
- Multi-accounting on the Internet to hide their identities and avoid detection by police enforcement
Meiggs, Harrington’s co-conspirator, also pleaded guilty on April 28, 2021, and is due to be sentenced on May 24, 2022, according to the court’s calendar. The Court has not yet set a date for Harrington’s sentence.
Defending against Sim Swapping Attacks
Our internal experts suggest the following protection measures –
- Keep your personal information private. It’s possible that these are phishing attempts by scammers looking for personal information in order to gain access to your cell phone, bank account, credit card, and other accounts.
- Don’t divulge too much about yourself online. It’s best if you don’t reveal your entire name, address, or phone number on public sites.
- Your cell phone account should be protected by a PIN or password. Protect your account from unauthorized changes by using this method.
- Accounts with sensitive personal or financial information may benefit from better authentication. Text message verification may not prevent a SIM card switch if you utilize multi-factor authentication (MFA). Use an authentication app or a security key if you’re worried about SIM card switching.
To read more, please check eScan Blog
