A sixth member of the international hacking ring “The Community” was sentenced this week in connection with a multi-million-dollar Sim Hijacking conspiracy.
Garrett Endicott, 22, of Warrensburg Missouri, pleaded guilty to charges alleging his role in identity-theft and cryptocurrency theft. He was sentenced to 10 months in prison and ordered to pay restitution of more than $120,000, according to the DOJ.
The crew bribed or tricked telecoms employees into porting victims’ numbers to SIM cards controlled by them, the DOJ said. The tactic, known in infosec as SIM hijacking, letthe threat actors intercept multi-factor authentication codes, change victims' passwords, and break into their digital wallets.
“Once ‘The Community’ had control of a victim’s phone number, the phone number was leveraged as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and—ultimately—cryptocurrency exchange accounts," according to the DOJ. "The Community would use their control of victims’ phone numbers to reset passwords on online accounts and/or request two-factor authentication (2FA) codes that allowed them to bypass security measures."
The multi-year operation targeted victims across the United States, including in California, Missouri, Michigan, Utah, Texas, New York and Illinois. The scheme looted tens of millions of dollars’ worth of cryptocurrency, with sums rangin from $2,000 to over $5 million, depending on the victim’s balance.
Endicott’s sentence is peanuts compared to those of his co-conspirators. According to the DOJ:
· Ricky Handschumacher, 28, of Pasco Country, Florida, was sentenced to 48 months in prison and has to pay restitution of $7,681,570.03.
· Colton Jurisic, 22, of Dubuque, Iowa was sentenced to 42 months in prison and ordered to pay restitution in the amount of $9,517,129.29.
· Reyad Gafar Abbas, 22, of Charleston, South Carolina, was sentenced to 24 months in prison and owes restitution of $310,791.90
· Conor Freeman, 22, of Dublin, Ireland, pleaded guilty in front of an Ireland court to parallel charges and was sentenced to three years in prison and an (undisclosed) sum in monetary restitution.
A member identified as Ryan Stevenson, 29, of West Haven, Connecticut, got off easy. Likely having played a less-critical role in the scheme, Stevenson only got probation and (undisclosed) monetary restitution, according to the announcement.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024