In a method known as “SIM swapping,” 21-year-old hacker Nicholas Truglia stole $1 million from a San Francisco executive and hacked the phones of a number of other Silicon Valley and blockchain executives.
A felony complaint filed this month in California’s state court reveals details of the ongoing case against Nicholas Truglia. Truglia has been charged with 21 crimes that include theft, fraud, embezzlement, and attempted grand theft.
The grand theft charge faced by Truglia relates to the hacker’s SIM swap attack on a San Francisco resident named Robert Ross. The unsuspecting victim, Ross, suddenly lost phone signal and headed to an Apple store for help before contacting his service provider AT&T. He was too late, Truglia had already managed to steal $500,000 from the accounts Ross held with cryptocurrency exchanges Coinbase and Gemini.
To perform the SIM swap and access the executive’s phone, Truglia would likely have contacted AT&T and persuaded them he was Ross. Convincing them to reassign the man’s phone number to one of his own devices. From there, Truglia would have been able to bypass two-factor authentication security processes, in which a code is sent by text to a phone to` access the accounts of his victim.
Truglia’s Manhattan apartment was searched and officials revealed they had recovered $300,000 from a computer hard drive.
A New Wave of Crime
Erin West, deputy district attorney of Santa Clara County, described the theft as part of a “new wave” of crime, speaking to CNBC, adding:
It’s a new way of stealing of money: They target people that they believe to have cryptocurrency.
The involvement of cryptocurrency in the theft had both a benefit and a drawback, it helped somewhat in clearly identifying the transaction of the theft, but may not have revealed where the funds had been sent. West said:
In some ways, it’s helpful because we can see where the money is going — that’s the beauty of the blockchain.
Truglia also hacked the phones of Saswata Basu, CEO of 0Chain, a blockchain storage service. Gabrielle Katsnelson, co-founder of the startup SMBX, and another executive Myles Danielson, were also hacked The perps were unable to access the accounts in order to steal their funds.
Another Californian man, Michael Terpin, sued mobile service provider AT&T for negligence and $224 million when hackers SIM swapped his number to steal $24 million worth of cryptocurrency.
SIM swapping is difficult to prevent if hackers have obtained mobile phone numbers and enough personal information — often available on the dark web — to gain the means of bypassing mobile communications security whilst arranging the phone number swap. Add another reason to the list of why personal information ought to be guarded as safely as possible. Not to mention balances of crypto and other currencies that should be stored offline.
Have you been hacked? Tell us your story in the comments below.
Images courtesy of Shutterstock.