None of the paperwork says what company he worked for, which is strange.
Former telecom manager admits to doing SIM swaps for $1,000
Submitted 8 months ago by IllNess@infosec.pub to securitynews@infosec.pub
Comments
pelespirit@sh.itjust.works 8 months ago
IllNess@infosec.pub 8 months ago
I didn’t notice that. All documentation just refers to the company as “Company-1”.
I’m guessing the company made a deal they would cooperate if their name isn’t included in.
Not sure how accurate but I found someone with the same name and age in Marlton, NJ on Spokeo.
His two cell phone numbers say “AT&T Mobility”. His landline says Verizon. I’m going to guess he worked for AT&T. Could be wrong though.
pelespirit@sh.itjust.works 8 months ago
If it’s seems a little shady, probably AT&T.
hoshikarakitaridia@feddit.de 8 months ago
Isn’t this also going into cyberattack / responsible disclosure territory? They might be opening themselves up to a class action with this.
pelespirit@sh.itjust.works 8 months ago
Right, I think the clients of the telecom company should know if someone was sim swapping their accounts. Then again, they might have already been told.
MonsiuerPatEBrown@reddthat.com 8 months ago
According to the article there were five victims. That is not a class actionable deal, methinks.
ResoluteCatnap@lemmy.ml 8 months ago
There was a darknet diaries episode on swim swaps recently that some of you might find interesting. Ep 112: Dirty Coms.
from the episode: You also have to worry about current/former employees knowing how to use manager tablets, because those tablets can get stolen and then passed off to someone who knows what they’re doing to do a swim swap before the tablet gets locked out
IllNess@infosec.pub 8 months ago
Thank you. I never listened to Darknet Diaries.
For anyone else reading this, Sim-swapping starts at 36:00 but I suggest you listen to the first part too. Very interesting.
OppositeOfOxymoron@infosec.pub 8 months ago
If a website you’re using uses SMS for 2FA, then you seriously need to switch companies.
__ghost__@lemmy.ml 8 months ago
As someone who worked in mobile phone sales: there are tons of people making 30k/yr that have the same “highly privileged account” this guy did. An example is being made out of him, but I guarantee this issue is more systemic
If someone is willing to potentially trade their employment for $5k, the pay is probably low and the turnover is high. Aiding in identity theft is wrong, but five years in prison seems overkill
IllNess@infosec.pub 8 months ago
The amount he made is $5,000 minumum.
I think 1 year for every instance is fair. This could really ruin someone. At least stolen credit cards have protection. Stealing someone’s crypto wallet could mean that money is gone for good.
gaylord_fartmaster@lemmy.world 8 months ago
I don’t know about that, I can’t think of a single company where a rogue employee could cause more harm with access to my data than my phone provider with a SIM swap. I’d rather have my email provider give open access to my account to someone than having my number ported to someone that can exploit it.
MonkderZweite@feddit.ch 8 months ago
The issue is that you need an ID for a phone number.