U.S. prosecutors have indicted a British national for allegedly running a SIM card exchange program that resulted in the theft of cryptocurrency.
On Wednesday, the US Department of Justice (DoJ) named Joseph O’Connor, also known as “PlugwalkJoe,” as the subject of the indictment. Prosecutors say O’Connor and his co-conspirators plotted to steal $ 784,000 in cryptocurrency from an unnamed, Manhattan-based crypto exchange.
At the time, the company “provided wallet infrastructure and software associated with cryptocurrency exchanges around the world,” the DoJ said.
According to the indictment (.PDF), O’Connor carried out SIM swap attacks to target company executives.
The SIM card swap uses social engineering techniques – including impersonating a targeted victim or, in some cases, hiring inside help – to transfer a phone number to a handset controlled by an attacker.
In this often short window, the victim can no longer receive calls or SMS. Instead, calls and messages are redirected to another device beyond their control.
Cybercriminals can then recover two-factor authentication (2FA) codes and account details, giving them access to financial services and cryptocurrency wallets linked to the compromised phone number.
U.S. law enforcement says that between around March and May 2019, O’Connor and others involved in the program used SIM swaps to target at least three company employees.
One particularly successful attempt gave attackers access to many corporate accounts and systems, including corporate G-Suite services.
“In the hours following this SIM swap attack, O’Connor and his co-conspirators used Executive 1’s phone number control to gain unauthorized access to the accounts and computer systems of the company 1 “, indicates the indictment.
The group then allegedly looted wallets belonging to two of the company’s clients, resulting in the theft of 770.784869 Bitcoin Cash (BCH), 6,363,490509 Litecoin (LTC), 407.396074 Ethereum (ETH) and 7.456728 Bitcoin (BTC).
The 22-year-old has been arrested in Spain and the US government is currently requesting his extradition.
O’Connor is charged with Conspiracy to Commit Computer Trespassing, Electronic Fraud, Aggravated Identity Theft and Conspiracy to Commit Money Laundering. If convicted on all charges, the UK resident could face decades behind bars.
Prior and related coverage
Do you have any advice? Contact us securely via WhatsApp | Call +447 713 025 499, or Keybase: charlie0