Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets – including sports stars, musicians, and “influencers” – that had money and personal data stolen.
The suspects, aged between 18 and 26, were nabbed in an operation co-ordinated by Police Scotland, the Metropolitan Police, East Midlands and North East Special Operations Units, and the West Midlands Organised Crime Unit.
The arrests are part of an inquiry in the UK by the National Crime Agency, in conjunction with the US Secret Service, Homeland Security Investigations, the FBI, and the Santa Clara California District Attorney’s Office.
The agencies unearthed a UK-based criminal hive that pinched prominent American marks’ phone numbers to change their password and take control of their apps. Through this venture they stole money, Bitcoin, personal information, and were able to hijack social media accounts to post content and send messages posing as their victims.
Last year unauthorised third parties took over the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, and former US president Barrack Obama. The attackers – not linked to these latest arrests – accessed Twitter’s internal account management tools following a successful social-engineering exercise.
Reg readers know how SIM-swapping attacks work so we won’t pore over the details, as explained by the NCA here.
It’s Terpin time: Bloke who was SIM jacked twice by Bitcoin thieves gets green light to sue telco for millions
In November Microsoft warned that users must embrace multiple-factor authentication because accounts with an additional defence like this tend to get compromised at a rate less than 0.1 per cent of the general populace. And users should avoid SMS messages or voice calls to handle phone-based protocols due to their inherent insecurity.
Paul Creffield, head of operations within the NCA’s National Cyber Crime Unit, said in a prepared remark: “This network targeted a large number of victims in the US and regularly attacked those they believed would be lucrative targets, such as famous sports stars and musicians.”
The gang are facing their day in court for offences that fall under the Computer Misuse Act, in addition to fraud and money laundering charges, as well as extradition to the US for prosecution.
Creffield said the network “stole large sums from their victims, from either their bank accounts or Bitcoin wallets”.
Michael D’Ambrosio, assistant director of the US Secret Service Office of Investigations, thanked all the domestic and international agencies involved, saying law enforcement bods are “ready to combat transnational crimes and hold offenders accountable”.
We asked the NCA if the arrest was linked to last year’s Twitter attack and it confirmed “this case isn’t directly linked to the… incidents, though the methodology is the same.” ®