Security

Cyber-crime

Florida man jailed after draining $1M from victims in crypto SIM swap attacks

Not old enough to legally rent a car, old enough for a 30-month term


A 20-year-old Florida man has been sentenced to 30 months behind bars for his role in a SIM-swapping ring that stole nearly $1 million in cryptocurrency from dozens of victims.

Jordan Persad, of Orlando, was also ordered to pay $945,833 in restitution. He pleaded guilty to conspiracy to commit computer fraud on May 1. 

According to a plea agreement reached with US prosecutors [PDF], between at least March 2021 and September 2022, Persad and his co-conspirators, some he only knew by their online handles, used SIM swapping to siphon funds from their marks.

What's interesting is that this kind of thing is usually done by convincing a victim's mobile carrier to reassign the mark's cellphone number to the SIM in the scammer's phone. With that done, the criminal can request password resets for the victim's various online accounts; the one-time verification codes in text messages to authenticate and change the login details are sent to the thief rather than the victim's handheld, allowing the accounts to be hijacked.

The crook typically gets control of a victim's email first via this method, and once in their inbox, resets more account passwords via email (or SMS) until the thief can get into things like their victim's cryptocurrency wallets hosted by exchanges.

In Persad's case, his process was described in a slightly different albeit not necessarily sequential order. In a statement, prosecutors said he "hacked into victims’ email accounts, hijacked their cell phone numbers, and gained unauthorized access to their online cryptocurrency accounts."

And in the plea agreement, Persad said he obtained log files of people's email address and password combinations; logged into people's webmail; took control of the numbers associated with those marks' SIM cards; and then raided their crypto-wallets. So not quite the same order, though the result is the same: money being drained from accounts.

"For example, on or about April 4, 2022, my co-conspirators and I accessed, without authorization, an internet-based cryptocurrency account belonging to Arizona resident JD," Persad, who was sentenced last week, confessed in one court document. "At my direction, one of my co-conspirators transferred approximately $28,000 worth of cryptocurrency from JD's cryptocurrency account to a cryptocurrency wallet used or controlled by my co-conspirator."

The crew then divided the illicit proceeds from the scam among themselves. 

In total, the crooks stole at least $950,000 from their victims, and Persad says he personally kept about $475,000 from the fraud. According to the US Justice Department, FBI investigators recovered some of these funds when they executed search warrants at Persad's Orlando home.

This type of scam, as well as its timing, seems to follow the Scattered Spider playbook. The Register asked the US Attorney's Office in Phoenix, Arizona, which prosecuted the case, if Persad is connected to this loose-knit group of cybercriminals and did not receive a response.  

Scattered Spider is the Lapsus$-like, English-speaking gang of teens and early 20-somethings that got their cybercrime start with SIM swapping and email and SMS phishing attacks in 2022 before branching into ransomware and extortion.

The group is now thought to be an AlphV affiliate — AlphV aka BlackCat is a ransomware-as-a-service (RaaS) crew — and in September claimed responsibility for the extortion attacks against Caesars Entertainment (that paid the ransom) and MGM Resorts (that did not negotiate with the crooks). ®

Send us news
16 Comments

Orgs are having a major identity crisis while crims reap the rewards

Hacking your way in is so 2022 – logging in is much easier

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways?

Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud

Some useful indicators of compromise right here

China's Volt Typhoon spies broke into emergency network of 'large' US city

Jeez, not now, Xi. Can't you see we've got an election and Ukraine and Gaza and cost of living and layoffs and ...

ALPHV blackmails Canadian pipeline after 'stealing 190GB of vital info'

Gang still going after critical infrastructure because it's, you know, critical

Ivanti devices hit by wave of exploits for latest security hole

At this point you might be better off just shutting the stuff down

Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members

Honor among thieves about to be put to the test

The spyware business is booming despite government crackdowns

'Almost zero data being shared across the industry on this particular threat,' we're told

AnyDesk revokes signing certs, portal passwords after crooks sneak into systems

Horse, meet stable door

Crims found and exploited these two Microsoft bugs before Redmond fixed 'em

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android

Apple promises to protect iMessage chats from quantum computers

Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like

Congress told how Chinese goons plan to incite 'societal chaos' in the US

American public is way ahead of them