SIM swap hacker caught in Florida

Florida police have arrested a 25-year-old named Ricky Joseph Handschumacher. The young man is suspected of grand theft and money laundering. Handschumacher used SIM swapping techniques to steal thousands in Bitcoin and to “drain bank accounts,” according to security researcher Brian Krebs.

Handschumacher’s scam was simple: He called telecom operators and asked them to swap his SIM card for the victim’s SIM card. This, in turn, gave him access to two-factor authentication techniques via SMS and allowed him to access email accounts, bitcoin wallets and file storage systems. I experienced this firsthand a year ago when my phone stopped working and all of my Google passwords began changing without my control.

“In some cases, fraudulent SIM swaps succeed thanks to lax authentication procedures at mobile phone stores. In other instances, mobile store employees work directly with cyber criminals to help conduct unauthorized SIM swaps, as appears to be the case with the crime gang that allegedly included Handschumacher,” wrote Krebs.

The takedown happened after a mother overheard her son pretending to be an AT&T employee. Police found multiple SIM cards and a Trezor in the Michigan home of the first hacker, as well as logins for Telegram and Discord channels dedicated to SIM swapping. The police found that the hackers had stolen 57 bitcoins from one victim. Handschumacher was head of the group.

The hackers were allegedly targeting the Winklevoss twins before Handschumacher was arrested.

According to the police complaint, “Handschumacher and another co-conspirator talk about compromising the CEO of Gemini and posted his name, date of birth, Skype username and email address into the conversation. Handschumacher and the co-conspirators discuss compromising the CEO’s Skype account and T-Mobile account. The co-conspirator states he will call his ‘guy’ at T-Mobile to ask about the CEO’s account.”

Worried about getting hacked? Given the ease with which Handschumacher and his team worked, non-SMS-based two-factor authentication is still the best solution for ensuring you aren’t effected. There are also methods to add a SIM lock to your phone so outsiders can’t swap your SIM as easily, but remember: All the protection in the world can’t stop a dedicated hacker. Keep your important data and cryptocurrencies offline if possible.