As reported by the U. S. Attorney’s Office for the District of Maryland, twenty-year-old Kyell Bryan pled guilty to aggravated identity theft in connection with a SIM swap and bitcoin theft plot.
In June 2019, Bryan, then 19, allegedly conspired with Jordan K. Milleson, then 21, and others, according to the original indictment statement. Employees of an undisclosed wireless operator were duped into handing over their login details by the gang via phishing and vishing (voice phishing).
Following their arrest, Brian Krebs revealed that Bryan and Milleson had been involved in the OGUsers forum, which had inspired similar Twitter and other phishing campaigns with the goal of acquiring and swapping social media accounts. As evidenced by leaked OGUser chats, Bryan approached another member of the group in 2019 for help creating a website that looked like the T-Mobile login page for employees.
To circumvent the two-factor authentication process, they redirected their target’s phone number using the stolen credentials they obtained via the illicit SIM swap. SIM swapping assaults are the reason AT&T was hit with a now-dismissed negligence lawsuit in 2018 for failing to halt them, and the method opened a possibility to briefly hijack Twitter CEO Jack Dorsey’s handle in 2019.
Prosecutors claim that after the swap, Bryan gave Milleson instructions to withdraw $16,847.47 worth of cryptocurrencies from the victim’s account.
When Bryan and his fellow conspirators feared that Milleson had defrauded them of their portion of the money, their scheme morphed into a mission to discover his true identity. Bryan made an attempt to “swat” him after learning his aliases and personal information from a fellow conspirator.
Bryan made a 911 call to the Baltimore County Police Department, indicating he was at Milleson’s house with a firearm, saying he’d shot his father, and threatening to shoot himself. In the conversation, he threatened to shoot if confronted by cops, setting up a potentially fatal confrontation.
No gunman was found at the house, but Milleson’s cousin told officers about a phone call alleging Milleson had stolen $20,000 earlier.
When Milleson was convicted in May, he was given a two-year term and ordered to pay $34,329.01 in restitution. Following one year of home confinement, Bryan faces two years in federal prison and close supervision after his sentencing. Bryan has agreed to pay $16,847.47 in restitution as part of his plea deal.
Attention: Fraudsters are hacking online accounts of victims to steal their cryptocurrencies, including Bitcoin, using a technique known as “SIM swap.”
How To Avoid Sim Swap Attacks
1. The first rule is to never respond to messages that ask for personal information by email, phone call, or text message. In order to get personal information, hackers typically use phishing tactics, which work by creating a sense of trust with the target audience before requesting sensitive information.
2. You should also keep your internet presence to a minimum by not disclosing personal information such as your entire name, address, or phone number. This data gives thieves greater information with which to commit their crimes.
3. If scammers try to call phone companies as part of their SIM switching scams, set up PIN or password protection for your cellular accounts.
4. To make it even more difficult for hackers to gain access to your personal account, implement additional security measures such as multi-factor authorisation.
