Telecom store manager pleads guilty to selling SIM swaps for $1,000

A telecom store manager in New Jersey pled guilty to participating in a SIM swapping operation that netted him $5,000 in Bitcoin payments from five different victims.

The case, announced by the US Department of Justice last week, is based on an FBI investigation into the alleged crime. It's an important topic for the wireless industry as operators like T-Mobile, Verizon and AT&T have been working to protect their customers against such hacks. Late last year, the FCC implemented new rules designed to protect cellphone consumers from SIM swaps and port-out fraud, two practices that can be used to hack into consumers' cellphones.

As noted by BleepingComputer, the DoJ's investigation into the SIM swapping operation highlights the security threats involved in SIM swapping.

The scam

According to documents in the case, Jonathan Katz was a resident of New Jersey and was employed as a manager by an unnamed company (identified in the documents only as "Company-1"). In May 2021, an unnamed individual (identified only as "Individual-1") offered Katz $1,000 per swap to use Katz's access to the unnamed telecom company's computer network to perform SIM swaps.

"Katz agreed to conduct SIM swaps on several Company-1 accounts that Individual-1 provided to Katz," according to the documents, which noted that Katz was offered $1,000 per swap. "Katz used his managerial credentials to access Company-1's computer network to conduct unauthorized SIM swaps."

"In exchange for perpetrating these SIM swaps, Katz received payment in the form of Bitcoin," according to the documents.

SIM swaps allow hackers to gain access to social media accounts, bank accounts and other sensitive data. They do so primarily by allowing hackers to intercept "two-factor authentication" codes sent to victims' phones.

According to the DoJ, conspiracy to gain unauthorized access to a computer carries a statutory maximum of five years in prison and a fine of up to $250,000. Katz's sentencing is scheduled for July 16, 2024.

New rules to combat fraud

The FCC's new rules aim to combat fraud by requiring wireless providers to immediately notify customers whenever a SIM change or port-out request is made on their accounts, and to take additional steps to protect customers from SIM swap and port-out fraud.

"The Federal Bureau of Investigation reports SIM-swapping scams are on the rise. But they are not alone. Because we see it here, too. At the Federal Communications Commission we are getting more and more complaints from consumers who have suffered losses due to SIM-swapping fraud," FCC Chairwoman Jessica Rosenworcel said in a statement last year after the passage of the agency's new rules.