A California court on Friday sentenced 21-year-old Joel Ortiz, a high school valedictorian, to 10 years in jail for stealing 7.5 million dollars in bitcoin through a “SIM swapping” hack. This is the only conviction related to SIM swap hack that has ever happened in the United States.
Ortiz was taken into custody by the REACT task force at the Los Angeles Airport last year. His arrest was one of the 10 high profile arrests made by the REACT task force related to mobile phone scams. REACT is a task force created mostly by Bay Area law enforcement agencies that deal primarily with high tech cyber crimes and frauds. Ortiz pleaded guilty on 10 theft charges in January. Two of his victims were there to testified how their lives were destroyed when they scammed them off all their money. In his closing remarks the prosecutor Erin West said:
These are not Robin Hoods; these are crooks who use a computer instead of a gun. They are not just stealing some ethereal, experimental currency. They are taking college funds, home mortgages, people’s financial lives.
Sim Swapping is a practice in which the criminals transfer phone number details onto their phones, and then use these details to access accounts connected to the phone number. There are several ways in which these criminals orchestrate a SIM swap. For example, the criminals call the cellular provider posing as the victim and claim that their SIM has been lost, they get a new SIM with same phone number and use it to gain access to the person’ s social media and bank accounts.
Ortiz was a master SIM swapper, and he targeted victims by taking control of their social media accounts and took ransom in the form of bitcoin. His biggest catch was a cryptocurrency entrepreneur, Robert Ross, based in Cupertino. Ross lost more than one million dollars to Ortiz’s SIM swap scam. Ortiz took control of Ross’s crypto exchange accounts and took all of his bitcoin savings. Ross says that he had never heard about SIM swapping before this. He is now raising awareness for other people through a campaign Stop Sim Crime. Ross is also running campaigns to force mobile phone companies to implement more safeguards to prevent these attacks. He said
This is a significant problem that’s growing fast. I believe the carriers are enabling this.
Multiple Incidents of SIM Swapping in the United States
Recently, there has been a spike in SIM swapping crimes in the United States. Just last year a US-based bitcoin influencer Michael Terpin sued AT&T claiming 200 million dollars in damages. Terpin lost more than 24 million dollars in two SIM swapping hacks in 2018. Michael filed a complaint with AT&T after his first hack, after which he was assured that another attack wouldn’t be possible and a SIM could only be issued in his name if he was physically present at the store to pick it up. However, despite assurances from AT&T, Michael was hacked again after which he filed a lawsuit against AT&T.
Cellular companies in the United States say that they are now taking these incidents seriously and putting safeguards in place to protect their users from such threats. AT&T now requires its customers to enter a passcode, in addition to the general passwords for serious activities like porting the number to another SIM card. Verizon and T-Mobile have also introduced port validation features for their customers.