Skip to main content

Police make arrest in SIM-hacking ring responsible for stolen identities & crypto

A few weeks ago, a report highlighted how hackers were gaining access to Instagram accounts by stealing a phone number and reassigning it to a different SIM card. Now, authorities have made an arrest as part of a multi-state SIM card hacking ring…

Court records unearthed this week by Brian Krebs (via The Verge) show that Florida authorities arrested a man last month after discovering he had stolen SIM cards from victims in seven states.

Authorities learned of the scheme when a mother overheard her son acting as an AT&T employee and alerted law enforcement. Law enforcement arrived at the house and searched the son’s room, the documents reveal, and discovered “a list of names and phone numbers, along with SIM cards and cell phones.”

Ultimately, authorities were able to trace SIM cards to seven victims in seven states. The victims had their identities stolen as part of the scheme, while also losing “hundreds of thousands of dollars” worth of cryptocurrency.

Officers interviewed the son, who said that the ring consisted of “about” eight other people, including a man named Ricky Handschumacher – who who discussed and organized the SIM-hacking through Discord conversations:

Officers said Handschumacher and others in on the plan would steal personal information, then either impersonate or pay off a cellular service employee to receive a new SIM card with the target’s stolen information.

Using that, they could crack any passwords tied to the phone number, including cryptocurrency accounts. Police say Handschumacher told them he had laundered more than $100,000 through cryptocurrency exchanges, although he has pleaded not guilty to the charges.

SIM-impersonation, also referred to as SIM-jacking or SIM-hacking, is an incredibly easy way for “hackers” to gain access to online accounts such as cryptocurrency wallets and online banking. It’s one of the reasons two-factor SMS authentication is considered the weakest form of two-factor, and has pushed some companies – such as Instagram – to promise additional forms of two-factor.

Read more in the full Krebs on Security piece right here.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications