European police have arrested 10 people for the their alleged role in a series of SIM swapping attacks targeting high-profile victims in the US. UK authorities arrested eight people on Tuesday in England and Scotland, while two others had been previously detained in Belgium and Malta.
The suspects were allegedly part of a criminal network that was believed to have stolen personal information and more than $100 million in cryptocurrencies by hijacking mobile phones belonging to celebrities, internet influencers, sports stars and musicians.
“Initiated in the spring of 2020, the investigation uncovered how a network composed of a dozen criminals worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords,” Europol said in a press release. “This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.”
A SIM swap attack (also known as SIM porting or SIM hijacking) involves an attacker tricking a mobile phone service provider into transferring a customer’s phone number from the customer’s SIM card, to the attacker’s SIM card. To achieve that, an attacker pretends to be the customer, often using information gleaned from social media to answer security questions that the provider asks. Once the attacker has the target’s mobile phone number transferred to their SIM card, they can then stealthily access the target’s SMS messages or voice mails.
The arrests were the result of a joint investigation by UK, US, Canadian, Belgian and Maltese police, Europol said. The agency did not specify who the celebrity victims were.