- Two teenagers who conducted sim swap attacks to steal $16,000 worth of cryptocurrency have been charged with wire fraud, identity theft and more
- Jordan Milleson and Kelly Bryan were arrested earlier this year
- Sim swap attacks allow an individual access to someone else’s phone
Two teenagers arrested earlier this year for trying to steal cryptocurrency through sim swapping have been charged by the Department of Justice (DoJ) with a range of offences including fraud and identity theft. Jordan Milleson and Kyell Bryan were caught after using sim swapping attacks the tactic to try $16,000 worth of cryptocurrencies and break into social media and email accounts.
Hackers Stole User Info From Telecoms Companies
The DoJ alleges that Milleson undertook a near two-and-a-half-year campaign of wire fraud and identity theft, operating between September 23, 2017 and January 27, 2020. The DoJ accuses him of registering fraudulent internet domains, sending phishing emails, and taking over cell phone numbers in order to steal cryptocurrency and “valuable” social media accounts via sim swap attacks.
Bryan seems to have been the lesser involved of the pair and has only been charged with participating with some of the sim swaps in June 2019.
Milleson, Bryan, and others used account credentials stolen from employees of wireless providers to gain access to those companies’ computer networks. After obtaining access, the pair allegedly used a sim swap hack to take over individual victims’ accounts.
Sim Swap Attacks Netted Perpetrators $16,000 in Crypto
Once control of the phone was gained, the defendants were then able to get unauthorized access to victims’ e-mail, social media, and cryptocurrency wallets, with Milleson and Bryan able to steal more than $16,000 in cryptocurrency after a series of successful sim swapping attacks.
If convicted of their sim swap hacks, Milleson and Bryan face a maximum sentence of 30 years in federal prison for each count of wire fraud and wire fraud conspiracy; up to five years in federal prison for each count of unauthorized access of a protected computer in furtherance of fraud; and two years in prison, consecutive to any other sentence imposed, for each count of identity theft.
Milleson also faces a maximum of 10 years in federal prison for each count of intentional damage to a protected computer.