US Hacker Jailed in Multimillion-Dollar SIM Swapping Scheme

Final ‘Community’ Hacker Sentenced in SIM Hijacking Scheme

The last operative associated with the international hacking collective known as ‘The Community’ has received a sentence for participation in a large-scale SIM hijacking operation, as reported by the U.S. Department of Justice (DOJ) this week.

Details of the Sentencing

Garrett Endicott, a 22-year-old resident of Missouri, represents the sixth member of the group to be sentenced. He received a 10-month prison term for his involvement in the scheme, which facilitated the theft of cryptocurrency valued at millions of dollars. Additionally, he is required to provide $121,549 in restitution to the victims.

Understanding SIM Hijacking

SIM hijacking, also referred to as SIM swapping, is a fraudulent technique where attackers gain control of a victim’s phone number. This allows them to intercept text messages and two-factor authentication (2FA) codes. These codes are then exploited to access the victim’s email accounts, cloud storage, and ultimately, their cryptocurrency exchange accounts.

How ‘The Community’ Operated

Prosecutors revealed that the SIM hijacking campaign employed various methods. Often, it involved bribing an employee of a mobile phone service provider. Alternatively, members of ‘The Community’ would impersonate victims when contacting customer service, requesting a transfer of the victim’s phone number to a SIM card under their control.

Financial Impact of the Scheme

The illicit activities of this group resulted in the theft of cryptocurrency totaling tens of millions of dollars. Victims across multiple states – including California, Missouri, Michigan, Utah, Texas, New York, and Illinois – experienced losses ranging from less than $2,000 to over $5 million.

The DOJ stated that the collective thefts attributed to the sentenced defendants ranged from approximately $50,000 to exceeding $9 million.

Varied Sentences for Group Members

Endicott received a comparatively lenient sentence when contrasted with other members of ‘The Community’. Ricky Handschumacher, from Florida, was sentenced to four years in prison and a fine exceeding $7.6 million. Colton Jurisic, of Iowa, is currently serving a 42-month prison sentence and must pay over $9.5 million in restitution.

Reyad Gafar Abbas, residing in South Carolina, was sentenced to two years in prison and fined more than $310,000.

International Reach and Previous Sentences

Conor Freedman, an Irish citizen, had previously been sentenced to three years in prison by an Irish court. Ryan Stevenson, from Connecticut, received a probationary sentence. Both Freedman and Stevenson were also ordered to pay restitution.

New Regulations to Combat SIM Hijacking

Endicott’s sentencing coincides with recent proposals from the FCC to implement new rules aimed at mitigating SIM hijacking scams. The federal regulator is advocating for providers to adopt more robust identity authentication procedures before authorizing service transfers. A proposed rule also mandates that providers notify customers whenever a SIM switch or port-out request is submitted for their accounts.