Reading Time: 2 minutes

The Department of Justice (DOJ) of America announced this week that the sixth member (the only one remaining) of an international cybercriminal gang called ‘The Community’ has been convicted due to his part in the multimillion-dollar SIM-swapping scam.

The 22-year-old Garrett Endicott, a citizen of Missouri, is the 6th hacking group member to be convicted. He was confined with 10 months of imprisonment due to his participation in the campaign, during which cryptocurrency worth millions of dollars was stolen from the victims and was demanded $121,549 in restitution.

SIM hijacking, popularly comprehended as SIM swapping, is a tactic that enables a cyberattacker to get hold of the phone number of its target. This way, the attacker starts receiving messages and two-factor authentication (2FA) codes that can be used to sign in to the target’s cloud storage, emails, and cryptocurrency accounts.

As per the prosecutors of The Community case, the campaign of SIM swapping “was often facilitated by bribing an employee of a mobile phone provider.” They further declared:

“Other times, SIM hijacking was accomplished by a member of The Community contacting a mobile phone provider’s customer service — posing as the victim — and requesting that the victim’s phone number be swapped to a SIM card (and thus a mobile device) controlled by The Community.”

The campaign ended in tens of millions of dollars of cryptocurrency being stolen. The victims of this campaign who were identified as residing in cities all over the United States, including Texas, Missouri, New York, California, Michigan, Illinois, and Utah, lost cryptocurrency estimated around $2,000 to over $5 million at the time of theft.

The Department of Justice stated that the offenders were involved in total thefts whose values ranged from around $50,000 – $9 million.

Amongst all defendants of The Community, Endicott was given a lighter sentence. Ricky Handschumacher, a Florida resident, received a sentence including a fine of over $7.6 million with 4 years of imprisonment, Colton Jurisic, a resident of Iowa, was demanded a fine of over $9.5 million with 42 months of imprisonment, Reyad Gafar Abbas, a resident of South Carolina, was ordered a fine of over $310,000 with 2 years of imprisonment.

Conor Freedman, an Irish resident, was earlier given a sentence of three years of imprisonment by the Irish court, while Ryan Stevenson, a resident of Connecticut, was also sentenced to probation after pleading guilty by the District of Connecticut.

Endicott’s verdict came right after two weeks after the Federal Communications Commission (FCC) proposed some new laws to battle SIM-swapping operations. The FCC requires providers to opt for better security methods for authentication of a person’s identity before transferring their service to a new carrier or cellphone.

FCC also proposed a rule that the providers notify their customers every time a port-out or SIM switch request is made from their accounts.

This isn’t the first SIM swapping campaign to be highlighted. Earlier in September, a multi-million SIM hijacking scam resulted in the breach of users’ mobile phone and social media accounts. Even though Europol arrested over 100 cybercriminals involved in SIM swapping and money laundering, there are many more to go.