Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Criminals Recruit Telecom Employees To Help Them Hijack SIM Cards (vice.com)

Posted by msmash on from the closer-look dept.

An anonymous reader writes: Sources who work for some of America's major cellphone carriers tell us how criminals are trying to recruit them to get help hacking victims. Normally, criminals approach them online, offering to pay them in Bitcoin (the equivalent of $100 for example). In exchange, the employee has to log into a company portal and process a so-called SIM swap. From the report: How criminals find the employees in the first place can vary. Some SIM hijackers I spoke to told me they approach them through shared friends in real life, others told me they just comb LinkedIn, Reddit or social media sites. AT&T and Sprint did not respond to requests for comment about whether or not it had any knowledge of insiders helping criminals. A T-Mobile spokesperson said in a statement that the company is "aware of these ongoing and ever-changing attempts to take advantage of consumers across the wireless industry and we'll keep fighting to ensure our customers' safety." A Verizon spokesperson said the company doesn't share details of internal security processes or investigations, but the company "has systems in place that work to detect employee/vendor misconduct."

4 of 28 comments (clear)

  1. Re:$100 by Anonymous Coward · · Score: 5, Funny

    Yeah but it's in bitcoin so it's closer to $300, no wait, now it's $25

  2. Re:and the consequences? by oldgraybeard · · Score: 4, Interesting

    They may only know who if their software tracks the user id doing a SIM card swap but then the criminal employee could be using the log in for another employee. Or if it is a Database admin doing it directly with a query there may not be a record.

    Just my 2 cents ;)

  3. It's not just cellphone carrier employees by timholman · · Score: 4, Interesting

    Sources who work for some of America's major cellphone carriers tell us how criminals are trying to recruit them to get help hacking victims.

    It's not just cellphone carrier companies - it's also the employees of banks, credit bureaus, doctors' offices, hospitals, HR departments, state and federal government tax departments, and just about any other organization that would have your personal information.

    My Mom was targeted by an identity theft ring last year. The only point of contact between her and the bank / credit card agencies was her home phone number. The gang sent someone with a fake driver's license to a Verizon store a hundred miles away, and that person transferred my Mom's phone number to a cell phone. Once they had control of the phone number, half a dozen crooks with fake ID hit various stores to purchase big-ticket items. Any calls for verification went straight to the cell phone. The gang even got into her personal Chase bank account. The only thing that stopped them was the credit freeze that my wife and I had persuaded her to activate the year before, otherwise she'd still be cleaning up the mess with her finances.

    But what amazed us was how much they knew about her. They had all the information on her credit card and bank accounts. They were able to create a fake driver's license. So where did it all come from? Our guess is that someone at a credit bureau was earning extra money on the side by passing on dossiers of elderly people with excellent credit ratings.

    It doesn't matter what security measures you put in place. The weakest link will always be the person who can be bought by a crook.

  4. LOL by dnaumov · · Score: 4, Interesting

    I work for a major Nordic telco. The controls are so strict youâ(TM)d need to be a total moron to agree to this unless you were offered enough money to leave the country while being set for life.