Bitcoin SIM card scam ‘new way to commit old crime’
Hub man accused of cyberheist
A potentially dangerous new way for criminals to steal personal information and money is emerging amid accusations that a University of Massachusetts Boston student engaged in a multimilliondollar theft of cryptocurrency by taking over victims’ phone numbers, experts said.
“This is a new way to commit an old crime. This is a standard theft and it’s just being done in a new way,” said Erin West, a prosecutor with the Santa Clara County District Attorney’s office in California. “It’s sort of a lawless universe, it’s the Wild West.”
West is leading the case against Joel Ortiz, 20, of Boston, who is accused of stealing roughly $2 million in Bitcoin and other cryptocurrency. According to prosecutors, Ortiz targeted at least 40 potential victims, taking control of dozens of phone numbers.
Ortiz allegedly used the phone numbers to dupe phone carriers into transferring the numbers to SIM cards in Ortiz’s possession. Once he had the working SIM card, Ortiz was able to access online accounts. Google accounts, for example, allow users to verify their identity without a password by using a phone number connected to the account.
Michael Sulmeyer, director of the Belfer Center’s Cyber Security Project Director at the Harvard Kennedy School, said spoofing SIM cards is emerging as a new threat, prompting some to change how they secure their accounts.
“There is a reason why the identity management guys who think about this all day have moved to physical (authentication),” Sulmeyer said. “They’re aware that this is a problem.”
Ortiz, according to West, specifically targeted his victims because of their involvement with Bitcoin. Ortiz allegedly stole roughly $1.8 million, according to court documents, including $1.7 million from one victim.
Still, it is not likely attackers would randomly steal strangers’ phone numbers. Sulmeyer said basic security measures, including two-factor authentication, are often enough to keep attackers at bay.
“If you put up a good fight on defense, usually the other guy just moves on,” he said. “Unless you in particular are so important to the enterprise, then they want to keep coming back at you.”
Ortiz, a UMass Boston student majoring in information technology, was arrested at Los Angeles International Airport last month on his way back to Boston after a multi-day spending spree in the Los Angeles hills. Ortiz was outfitted in multiple Gucci clothing items when he was arrested. He is being held on $1 million bail.
“Our victims have experienced nearly a $2 million loss,” West said. “We believe he is a flight risk.”
West said additional victims have come forward since Ortiz’s arrest was first disclosed.
Verizon said it is working to improve its fraud protection. AT&T declined to comment, citing the active investigation. Sprint and TMobile did not respond to requests for comment.