Boston Herald

Bitcoin SIM card scam ‘new way to commit old crime’

Hub man accused of cyberheist

- By JORDAN GRAHAM

A potentiall­y dangerous new way for criminals to steal personal informatio­n and money is emerging amid accusation­s that a University of Massachuse­tts Boston student engaged in a multimilli­ondollar theft of cryptocurr­ency by taking over victims’ phone numbers, experts said.

“This is a new way to commit an old crime. This is a standard theft and it’s just being done in a new way,” said Erin West, a prosecutor with the Santa Clara County District Attorney’s office in California. “It’s sort of a lawless universe, it’s the Wild West.”

West is leading the case against Joel Ortiz, 20, of Boston, who is accused of stealing roughly $2 million in Bitcoin and other cryptocurr­ency. According to prosecutor­s, Ortiz targeted at least 40 potential victims, taking control of dozens of phone numbers.

Ortiz allegedly used the phone numbers to dupe phone carriers into transferri­ng the numbers to SIM cards in Ortiz’s possession. Once he had the working SIM card, Ortiz was able to access online accounts. Google accounts, for example, allow users to verify their identity without a password by using a phone number connected to the account.

Michael Sulmeyer, director of the Belfer Center’s Cyber Security Project Director at the Harvard Kennedy School, said spoofing SIM cards is emerging as a new threat, prompting some to change how they secure their accounts.

“There is a reason why the identity management guys who think about this all day have moved to physical (authentica­tion),” Sulmeyer said. “They’re aware that this is a problem.”

Ortiz, according to West, specifical­ly targeted his victims because of their involvemen­t with Bitcoin. Ortiz allegedly stole roughly $1.8 million, according to court documents, including $1.7 million from one victim.

Still, it is not likely attackers would randomly steal strangers’ phone numbers. Sulmeyer said basic security measures, including two-factor authentica­tion, are often enough to keep attackers at bay.

“If you put up a good fight on defense, usually the other guy just moves on,” he said. “Unless you in particular are so important to the enterprise, then they want to keep coming back at you.”

Ortiz, a UMass Boston student majoring in informatio­n technology, was arrested at Los Angeles Internatio­nal Airport last month on his way back to Boston after a multi-day spending spree in the Los Angeles hills. Ortiz was outfitted in multiple Gucci clothing items when he was arrested. He is being held on $1 million bail.

“Our victims have experience­d nearly a $2 million loss,” West said. “We believe he is a flight risk.”

West said additional victims have come forward since Ortiz’s arrest was first disclosed.

Verizon said it is working to improve its fraud protection. AT&T declined to comment, citing the active investigat­ion. Sprint and TMobile did not respond to requests for comment.

?? ??
?? PHOTO COURTESY OF SANTA CLARA POLICE DEPT.; AP FILE IMAGE, ABOVE ?? ‘IT’S THE WILD WEST’: Joel Ortiz, top, a 20-year-old student at University of Massachuse­tts Boston, allegedly stole $1.8 million in Bitcoin, above, by using a system of duplicatin­g SIM cards.
PHOTO COURTESY OF SANTA CLARA POLICE DEPT.; AP FILE IMAGE, ABOVE ‘IT’S THE WILD WEST’: Joel Ortiz, top, a 20-year-old student at University of Massachuse­tts Boston, allegedly stole $1.8 million in Bitcoin, above, by using a system of duplicatin­g SIM cards.

Newspapers in English

Newspapers from United States