What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges

Account takeovers allegedly used to plunder digital wallets


Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts.

21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their alleged roles in a crime spree stretching from November of 2017 to May of 2018, which resulted in the theft of $550,000 worth of cryptocoins.

Prosecutors say that Meiggs, of Brockton, and Harrington, of Rockport, specifically targeted executives of cryptocurrency firms and other known high-rollers for account takeovers, with the aim of draining the targets' cryptocurrency wallets.

Additionally, the pair sought to take ownership of highly-valuable "OG" social media accounts created in the early days of their respective networks when common names were still available.

To do this, it is alleged that Meiggs and Harrington systematically took control of their marks' smartphone and email accounts via SIM-swapping. One of the two men would call the target's phone provider and, pretending to be the person, have the number transferred to a new SIM card.

That hijacked SIM would then be used to contact the email provider and receive account reset and two-factor login codes for the target's address. Police say this allowed them to crawl the target's messages for login details on other services, usually social networks and cryptocurrency exchanges. In other cases, they are accused of requesting password resets be sent to the email accounts.

According to the 11-count indictment (PDF), the scheme produced mixed results for the alleged crooks. Prosecutors say that the first two attempts at accessing a target's cryptocurrency wallet failed when, after swapping the SIM and taking over email accounts, the pair were unable to get access the victim's cryptocoin wallet.

In four other cases, however, police say the duo were able to either take over the victim's cryptocurrency wallet or exchange accounts and extract money. In one of those cases, the stolen account was used to socially engineer a contact of the victim into sending over $100,000 worth of digital currency.

Twitter logo

JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters

READ MORE

Aside from the 2017-2018 coin thefts, prosecutors allege that from 2015 to 2017 Meiggs also dabbled alone in takeover of valuable "OG" social media accounts via SIM-swapping. In those cases, it is charged that Meiggs took over the victim's phone number then held it for ransom in exchange for access to the social media account.

In another case, it is charged that rather than bother swapping the SIM, Meiggs simply threatened to kill the victim's wife if they did not hand over the account.

In total, Meiggs faces one count of conspiracy to commit computer fraud and abuse and wire fraud, four counts of wire fraud, one count of identity theft, and one count of violating the computer fraud and abuse act.

Harrington is charged with one count of conspiracy to commit computer fraud and abuse and wire fraud, five counts of wire fraud, one count of violating the computer fraud and abuse act, and one count of aggravated identity theft. ®

Broader topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022