Californian Authorities have arrested and charged a 20-year old college student Joel Ortiz for being part of a mobile phone hijacking group who hacked SIM cards. According to reports the detainee managed to hijack over 40 phone numbers and stole $5 million as well from high-profile targets including cryptocurrency investors.
The Boston resident Ortiz was arrested on July 12 from California. The accused admitted to stealing cryptocurrency worth millions. He will be facing 13 counts of identity theft, two counts of grand theft and 13 counts of hacking.
Detectives at the Regional Enforcement Allied Computer Team were tipped by one of the victims, a blockchain investor, informing that his cellphone number has been hijacked. He was targeted multiple times between February and March.
According to Motherboard, his cellphone number was hijacked twice and the hacker not only reset the password of his email ID and cryptocurrency accounts but also replaced the 2FA Google authenticator app with another one. Hacker, claims the victim, also harassed his daughter. On 20th March, the hacker allegedly called his wife from the stolen phone number and also messaged his daughter and friends to send him Bitcoin.
To track him down, the detectives sent a warrant to the investor’s cellphone service carrier AT&T to provide all the call records of the days when the hackers owned the number. It was revealed from the records that the stolen number was used from two Samsung Android mobile phones, investigators acquired their IMEI numbers. Since the victim never used Samsung mobile phone, so, the investigators believed it was the hackers.
Afterward, Google was sent a search warrant to obtain data connected to those IMEI numbers, which revealed three email IDs one of which was a Gmail account and another a Microsoft Live account. Investigators sent another warrant to Google and got evidence that linked the Gmail account to Ortiz. They scrolled through his emails and found an email containing information about SIM hijacking technique, one had his selfie holding Massachusetts ID card and some emails showed that he bought various domains like “tw-tter.com”.
When investigators sent warrants to those cryptocurrency exchanges that were being used by Ortiz, including Binance, Coinbase, and Bittrex, they learned that the accused has transferred over $1m worth of various cryptocurrencies via these exchanges. $250,000 worth cryptocurrency owned by Ortiz has been seized by authorities.
Reportedly, Ortiz pulled off this feat using SIM swapping technique, which allowed him to access the numbers and execute port out scams. His targets were the attendees of the cryptocurrency/blockchain conference Consensus held in New York in May 2018. With help from some of his accomplices and using SIM swapping, Ortiz could trick cellular service providers into sending out phone numbers to SIM cards owned by them.
Court documents reveal that Ortiz was running a website titled OGUsers that offers stolen Twitter and Instagram accounts. Apart from the stolen money, Ortiz also sold the social media accounts of the victims and earned more Bitcoins.
After gaining control of the phone numbers, they were able to access the target’s social media and other online IDs. Once they gained the access, they carried out Port Out scam, in which they reset the passwords to prevent the original owner from accessing the account. Port Out scam is very effective in dodging 2FA authentication as well. Ortiz managed to victimize 40 persons; authorities are not yet sure how he selected his targets and why he focused on the cryptocurrency industry. He is being regarded as a prolific SIM hijacker.
The accused was apprehended at the Los Angele International Airport while he was heading to Europe holding a Gucci bag. His bail is set to $1m and at the moment Ortiz is awaiting his plea hearing, which is scheduled for August 9.
SIM swapping is a special technique that is primarily being used for stealing cryptocurrency mainly Bitcoins. It can be prevented if you add a PIN code to your smartphone account. But, the process of doing so is different for every carrier, so you need to contact the related carrier in order to do it. You may also set up a verbal password to further complicate the verification process.
Image credit: Depositphotos