A former sales representative of a mobile carrier has been sentenced after accepting bribes to perform SIM-swapping attacks.
This week, the US Department of Justice (DoJ) said that Stephen Defiore, a Florida resident, accepted “multiple bribes” of up to $500 per day to perform the switches required to reroute phone numbers in SIM-swapping.
SIM-swapping is quickly becoming a serious issue for telecommunications firms — made worse when employees, who have access to internal systems — are involved.
These attacks require either internal help or the use of social engineering to convince a carrier to reroute calls and text messages from one handset to another. SIM-swapping is often performed to circumvent security controls including two-factor authentication (2FA) and to compromise accounts for services including banking and cryptocurrency wallets.
The victims may only have a small window of time to rectify the situation once they realize that phone calls and messages are not being received — but by the time they reach their service provider, attackers may have already secured the second-level security codes required to hijack other accounts.
Rather than go through the effort of obtaining enough information on a target to successfully manage to pretend to be the victim on a