The Justice Department recently, quietly unsealed an indictment that some mainstream and crypto media platforms quickly picked up and reported as charges that “solved” the mystery of a $400 million theft of cryptocurrency previously held by the collapsed crypto-exchange FTX.
The indictment was not that. But it does reflect a growing regulatory and economic concern facing both on- and off-shore cryptocurrency companies. The “SIM swap” fraud that allegedly targeted FTX, in November 2022, is almost a rudimentary “hacking” tool – one based on identity theft and false impersonation of a financial account holder – that largely targets companies that provide increasingly antiquated two- or multi-factor identification (“2FA” and “MFA,” respectively) privacy protections for their clients and account holders.
Federal regulators in the U.S. are increasingly attuned to the dangers posed by systems that rely on privacy protection procedures that are vulnerable to SIM swaps. The Federal Communications Commission is pursuing new rules while the SEC’s recent cybersecurity regulations will likely require companies to up their privacy game in the face of this specific threat. Indeed, the SEC is all the more motivated now, perhaps, given its own recent SIM swap fiasco.
New charges and the FTX hackers
On January 24, 2024, the United States Attorney’s Office for the District of Columbia unsealed an indictment, captioned United States v. Powell, et al., following the arrest of certain of the defendants named in that case. As alleged, Robert Powell, Carter Rohn, and Emily Hernandez worked together to obtain stolen personal identifying information (“PII”) of more than 50 victims.
The trio subsequently used that stolen information to create false identification documents for the purpose of duping telecom providers into swapping the identity theft victim’s cellular telephone account onto a new device held by the defendants or by unnamed “co-conspirators” to whom the trio of defendants sold stolen PII.
The scheme relies on the reassignment of the victims’ phone number to a physical phone controlled by a criminal actor, which entails the transfer or porting of the victims’ number (and, in essence, identity) to the Subscriber Identity Module, or “SIM,” card physically held…
Click Here to Read the Full Original Article at Cryptocurrencies Feed…
