back to article What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges

Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts. 21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their …

  1. whoseyourdaddy

    This is too easy because most people don't have two-factor authentication on their mobile account.

    Like stick you with a phone handset upgrade financing that you didn't order.

    Google "AT&T and SIM Swap fraud".

  2. Sgt_Oddball Silver badge

    As an interesting thought..

    How did the scrotes get hold of which numbers to ask for in the first place? It would sort of imply that either the mobile providers where... Duped on a level that my primary school children could and would question you on now.

    Or that the marks used phones with public numbers for their 2FA?

    Not that I'm trying to victim shame but the first is gross negligence of the network, the second implies an ignorance of the risks of letting others know in public the number you use for 2FA.

    On the flipside, they start em' social engineering at a young age these days don't they?

    1. doublelayer Silver badge

      Re: As an interesting thought..

      Most people only have one personal device, used for 2FA and every other type of communication. Only a relatively large business or one quite paranoid about external security threats would have a separate device for 2FA purposes instead of using a corporate phone issued to whoever needs access or kept in the office of the relevant team. For nearly everything else, the cost of a separate mobile connection and possibly a separate device for a few SMS messages is considered of little value.

      1. EnviableOne Silver badge

        Re: As an interesting thought..

        anyone still thinking SMS is a secure method for 2FA is very much mistaken.

        Push messgaes are better, but an OAuth TOTP or a FIDO U2F token is better and can be kept more secure.

  3. Mayday

    This easy?

    "One of the two men would call the target's phone provider and, pretending to be the person, have the number transferred to a new SIM card."

    You can do that? Really? In Aussie this sort of thing needs to be done in person, in the provider's store AND have ID.

    1. Mongrel

      Re: This easy?

      My UK provider initiates every conversation with "We've just texted a code to the phone, what is it?"

      Not sure how that'd work if I had lost the phone but it's something...

    2. Danny Boyd

      Re: This easy?

      There is another moment: suppose, the perps somehow transferred victim's number to their SIM card; what happens with victim's SIM card? Why is it still operational? And if it isn't, wouldn't the victim notice their phone doesn't work anymore?

  4. Anonymous Coward
    Anonymous Coward

    which crime

    I don't see how they can be charged with the crypto currency theft, since none of the governments recognize it as a legal currency.

    How does that work?

    1. Anonymous Coward
      Anonymous Coward

      Re: which crime

      I assume you didn't read the last paragraph, to see what crimes they were actually charged with. Also, automobiles are not recognized as legal currency, but you can still be charged with auto theft.

    2. tony trolle

      Re: which crime

      You know the US taxman taxes crypto transactions

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019