this post was submitted on 16 Mar 2024
141 points (99.3% liked)

Security News

2458 readers
1 users here now

founded 2 years ago
MODERATORS
jerry@infosec.pub
141
Former telecom manager admits to doing SIM swaps for $1,000 (www.bleepingcomputer.com)
submitted 8 months ago by IllNess@infosec.pub to c/securitynews@infosec.pub
14 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] __ghost__@lemmy.ml 21 points 8 months ago* (last edited 8 months ago) (3 children)

However, the former IT manager, Jonathan Katz, abused his managerial position and highly privileged account at a mobile telecommunications store to overcome security measures and perform unauthorized number ports.

As someone who worked in mobile phone sales: there are tons of people making 30k/yr that have the same "highly privileged account" this guy did. He seems to be on the IT side which would make it easier to track. Retail employees do this all the time and usually for less money. People come in with a fake ID and someone's social and they walk out with a new phone activated with their phone number. An example is being made out of him, but I guarantee this issue is more systemic

If someone is willing to potentially trade their employment for $5k, the pay is probably low and the turnover is high. Aiding in identity theft is wrong, but five years in prison seems overkill

[–] IllNess@infosec.pub 10 points 8 months ago

For carrying the unauthorized number porting, Katz received $1,000 in Bitcoin per SIM swap (total of $5,000), plus an (unspecified) percentage of the profits earned from the illicit access to the victims' devices.

The amount he made is $5,000 minumum.

I think 1 year for every instance is fair. This could really ruin someone. At least stolen credit cards have protection. Stealing someone's crypto wallet could mean that money is gone for good.

[–] gaylord_fartmaster@lemmy.world 6 points 8 months ago* (last edited 8 months ago)

but five years in prison seems overkill

I don't know about that, I can't think of a single company where a rogue employee could cause more harm with access to my data than my phone provider with a SIM swap. I'd rather have my email provider give open access to my account to someone than have my number ported to someone that can exploit it.

[–] MonkderZweite@feddit.ch 1 points 8 months ago

The issue is that you need an ID for a phone number.