Numerous Arrests in 2 SIM-Swapping SchemesEuropean Authorities Say Gangs Responsible for Millions in Thefts
Europol, along with local police in Spain, Romania and Austria, arrested about two dozen alleged members of two criminal gangs that are accused of stealing millions in euros from bank accounts in several countries by using SIM swapping techniques to steal credentials and passwords.
In the first case, Europol investigators and Spanish police arrested a dozen individuals who allegedly used various SIM swapping techniques, as well as banking Trojans, to steal about 3 million ($3.4 million) from victims' bank accounts.
In addition, police in Austria and Romania, along with Europol, arrested another 14 people and shut down another alleged SIM swapping operation that had stolen more than 500,000 ($560,000) since the spring of 2019, according to Friday's announcement. The two cases were overseen by Europol’s European Cybercrime Center.
In both cases, Europol investigators believe that the two gangs used SIM swapping techniques to steal passwords and other credentials that would give them access to bank accounts and other personal data. These attacks typically start by persuading a mobile operator's customer service employee to move a cell phone number to different SIM card - a swap - or port it to another carrier.
Once attackers have control of the victim's smartphone or mobile device, they can then intercept one-time passwords or PIN resets that are used as part of a multifactor authentication process, which then allows them to rest passwords and gain access to accounts.
Over the last year, law enforcement officials in Europe and the U.S. have reported a number of investigation into cybercriminals using SIM swapping. In November 2019, the U.S. Justice Department charged two Massachusetts men with allegedly running a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency (see: DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency).
In October 2019, the FBI issued an alert noting that cybercriminals has started bypassing security measures, such as multifactor authentication, such as through SIM swapping (see: FBI: Cybercriminals Are Bypassing Multifactor Authentication).
Operation Quinientos Dusim
In the first recent investigation, called, Operation Quinientos Dusim, Europol investigators, along with Spanish police, began an investigation in January that eventually involved 12 people operating an alleged SIM swapping operation in Spain across three different regions.
While no names were released, Europol describes the suspects as ranging in age from 22 to 52 and residents of Italy, Romania, Colombia and Spain. Authorities say the gang targeted over 100 victims using SIM swapping techniques and stole between 6,000 and 137,000 ($6,700-$153,000) from accounts.
In addition to SIM swapping, this gang planted malware, such as banking Trojans, on devices as well, according to Europol.
"Once they had these credentials, the suspects would apply for a duplicate of the SIM cards of the victims, providing fake documents to the mobile service providers. With these duplicates in their possession, they would receive directly to their phones the second factor authentication codes the banks would send to confirm transfers," Europol notes.
Once the transfer had been made, the gang used "money mules" to collect the funds. All these transferred happened within one to two hours – or before victims knew their accounts had been changed, according to Europol.
Operation Smart Cash
A second recent eight-month investigation, called Operation Smart Cash, led to the arrests of 14 individuals who operated a criminal gang mainly from Romania, according to Europol. None of the suspects' names were released.
The investigation found that this gang allegedly targeted victims in Austria starting in the spring of 2019 and used SIM swapping to steal credentials and passwords.
"Once having gained control over a victim's phone number, this particular gang would then use stolen banking credentials to log onto a mobile banking application to generate a withdraw transaction, which they then validated with a one-time password sent by the bank via SMS allowing them to withdraw money at cardless ATMs," Europol notes.
Stopping SIM Swapping
One reason why SIM swapping has increased is that many wireless carriers have inadequate authentication procedures. In January, Princeton University researchers released a report than found numerous sites that use phone-based authentication techniques could easily be compromised (see: How Wireless Carriers Open the Door to SIM Swapping Attacks).
That report offered a number of recommendations for how carriers and banks could improve their security for mobile customers, including discontinuing using personal information, account information, device information, usage information and security questions as part of the authentication process. In addition, it recommended companies use website or application login with a one-time password sent through a voice call.
Managing Editor Scott Ferguson contributed to this report.