Police have arrested 10 people in the UK, Belgium and Malta for allegedly hijacking mobile phones belonging to celebrities, internet influencers, sports stars and musicians to steal personal information and millions in cryptocurrency.
- Hackers were able to take control of apps or accounts by SIM swapping
- They were able to steal money, cryptocurrencies and personal information
- The celebrities who were victims to the hack were not identified
The European Union police agency Europol said the gang was believed to have stolen more than $100 million ($129 million ) in cryptocurrencies by using so-called SIM swap attacks.
These attacks involve deactivating a victim’s mobile phone SIM card, either by tricking the phone company or using a corrupt insider, so the number can be transferred to another card under the gang’s control.
The arrests were the result of a joint investigation by UK, US, Canadian, Belgian and Maltese police, Europol said.
Europol didn’t specify the nationalities of those caught in the sweep, but the UK’s National Crime Agency said a day earlier that eight men were arrested in England and Scotland.
Two others were arrested previously in Belgium and Malta, Europol said.
Neither agency identified the celebrity victims.
Investigators found that after accessing victims’ phone numbers, they were able to take control of apps or accounts by requesting password reset codes sent via SMS.
Then they were able to steal money, cryptocurrencies and personal information, including contacts synced online, Europol said.
They were also able to post content and send messages masquerading as the victim on social media.
Europol has warned that SIM swapping is a growing threat carried out by fraudsters.
What is SIM swapping?
SIM swapping involves cyber criminals taking over use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.
This is typically achieved by the criminals exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.
After gaining control of the phone number, they use the ‘change password’ function on apps, which leads to them receiving reset codes sent via SMS, or to subsequently compromised email accounts, to reset passwords.
After changing the passwords, the victim is denied access and the criminals have free reign over their contacts, banking apps, emails and social media accounts.
“SIM swapping requires significant organisation by a network of cyber criminals, who each commit various types of criminality to achieve the desired outcome,” Paul Creffield, head of operations in the NCA’s National Cyber Crime Unit said.