T-Mobile communications service provider has recently been criticized for alleged negligence and failure to protect customer information, indirectly resulting in a “SIM swap” resulting in a successful theft of $ 450,000 or 15 Bitcoin (BTC) ……
SIM swap attacks – also called transfer scams – have become a popular tactic among criminals in recent years. Such an attack involves theft of the victim’s mobile phone number, which can then be used to hack the victim’s financial accounts on the Internet and social networks by eavesdropping on automated messages or phone calls used for security measures using two-factor authentication.
A lawsuit filed on February 8 against T-Mobile in the Southern District of New York by plaintiff Calvin Cheng – a victim who claimed to have lost $ 450,000 in bitcoin in the attack – explains exactly how telecom companies played this game. Important role in this particular type of fraud:
A third-party criminal convinces a wireless operator such as T-Mobile to transfer access to the mobile phone number of one of its legitimate clients from the SIM card registered for the legitimate client […] to a SIM card controlled by a third criminal. …] This type of account theft is not an isolated criminal act, as it requires the active participation of the wireless operator to replace the SIM card with the phone of an unauthorized person. ”
The related incident in the lawsuit, according to Cheng, followed a successful SIM swap in May 2020 against a T-Mobile customer and co-founder of Iterative Capital, an investment fund focused on cryptocurrency Iterative Capital.
Cheng had made several successful transactions with Iterative to buy bitcoins in the months leading up to the accident, communicating with Buchanan and others on Iterative via Telegram and using a crypto exchange managed by the fund.
After exchanging the SIM card, the criminals reportedly forgave Buchanan in a Telegram conversation with Cheng, contacting him and asking him if he wanted to sell Bitcoin to a repeat customer at an attractive premium. Fooled into the idea that the messages came from Buchanan, Cheng agreed to the agreement and transferred Bitcoin to a digital wallet that he believed was controlled by Buchanan and / or Teratif – a misunderstanding that he soon discovered.
A few days later, Buchanan contacted repeat customers to inform them that some of his accounts had been compromised by SIM exchanges, who had incorrectly assigned his identity and used it to initiate transactions with the alleged duplicate name. The rest of the complaint describes Cheng’s appeal to the FBI, which is investigating the accident and trying to identify the perpetrators. Buchanan also tried to intervene directly with T-Mobile on Cheng’s behalf, but failed to secure equity on his behalf.
As confirmed in the lawsuit, SIM swapping is not a new phenomenon, and it has been actively discussed by federal agencies since 2016. This is not the first time that T-Mobile has participated in SIM swap lawsuits involving cryptocurrency investors.
The lawsuit accuses T-Mobile of failing to enforce adequate security policies to prevent unauthorized access to customer accounts, lack of training or supervision of its employees to prevent successful fraud, and behavior of “ruthless negligence” of various obligations and responsibilities. In accordance with federal and state law. As such, the carrier is accused of violating the Federal Communications Act, the Computer Fraud and Abuse Act, the New York State Protection Act and two cases of neglect.