European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking.

European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking.

In SIM hijacking attacks (aka SIM swapping attacks) crooks are able to port the phone number of the victims to a new SIM card under their control.

A SIM swap fraud is a type of fraud that overwhelms the additional security measures introduced by organizations to protect their customers.

Attackers obtain victims’ information by launching a phishing campaign, or by purchasing them in the underground market.

Crooks use the information gathered on the victims in the attempt to impersonate them in front of a telco operator and ask it to provide a new SIM to replace the old one that was lost or stolen.

They can prove their identity by answering basic security questions and requesting the cancellation of the old SIM and the activation of a new one. Once obtained a new SIM, crooks can operate with the victim’s mobile account, intercepting or initiating calls, accessing SMSs (including authorizations codes sent by bank and cryptocurrency exchanges) and to authorize transactions.

Now Europol announced the success of its operation aimed at dismantling the criminal activities of two cybercrime groups that focus on SIM hijacking. The authorities arrested tens of individuals in Spain and Romania.

According to the authorities, in Spain only, 12 suspects believed to have stolen over €3 million ($3.3 million). The suspects, aged 22 to 52, were arrested in Benidorm, Granada, and Valladolid. The gang was composed of Italian, Romanian, Colombian, and Spanish individuals. They group is suspected to have launched over 100 attacks, stealing between €6,000 and €137,000 per attack.

“Investigators from the Spanish National Police (Policía Nacional) together with the Civil Guard (Guardia Civil) and Europol targeted back in January suspects across Spain believed to be part of a hacking ring which stole over €3 million in a series of SIM swapping attacks. 12 individuals were arrested in Benidorm (5), Granada (6) and Valladolid (1).” reads the press release published by the Europol.

“Composed of nationals between the ages of 22-52 years old from Italy, Romania, Colombia and Spain, this criminal gang struck over 100 times, stealing between €6,000 and €137,000 from bank accounts of unsuspecting victims per attack.”

Crooks obtained online banking credentials from the victims using banking Trojans or other techniques, then presented fake documents to the victim’s mobile service provider to receive a duplicate of their SIM card.

Crooks used the duplicates to receive directly to their phones the second-factor authentication codes used by banks to confirm fraudulent transfers to accounts under theirs control.

Timing of the operations is essential for this kind of scams, crooks attempt to monetize their efforts with fraudulent money transfers within a one- to two-hour period of time before being discovered by the victims.

Authorities also arrested 14 members of a crime gang in Romania, law enforcement raided their homes in Bucharest, Constanta, Mures, Braila, and Sibiu.

“An eight-month long investigation between the Romanian National Police (Poliția Română) and the Austrian Criminal intelligence Service (Bundeskriminalamt) with the support of Europol has led to the arrest of 14 members of a crime gang who emptied bank accounts in Austria by gaining control over their victims’ phone numbers.” continues the press release.

“The thefts, which netted dozens of victims in Austria, were perpetrated by the gang in the spring of 2019 in a series of SIM swapping attacks.”

Crooks used stolen credentials and hijacked phone numbers to stole money from multiple bank accounts in Austria in early 2019.

“Once having gained control over a victim’s phone number, this particular gang would then use stolen banking credentials to log onto a mobile banking application to generate a withdraw transaction which they then validated with a one-time password sent by the bank via SMS allowing them to withdraw money at cardless ATMs.”continues Europol.

“Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM highjackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe,” said Fernando Ruiz, acting head of Europol’s European Cybercrime Centre.

Pierluigi Paganini

(SecurityAffairs – SIM Hijacking, cybercrime)