How safe is your SIM card? PHOTO: Cybercrime Magazine.

Former Apple Engineer Is The Victim Of A Million Dollar SIM Card Hack

Mobile phone was the key to his cryptocurrency account

Steven T. Kroll

Northport, N.Y. – Mar. 18, 2019

Rob Ross watched $1 million disappear — almost his entire life savings — in about 20 minutes.

In October 2018, Ross was a victim of SIM crime, a process in which hackers gain access to your cell phone by tricking a mobile carrier employee into rerouting a subscriber’s phone number to a hacker’s SIM card.

“I was sitting at my desk at my home, and I saw a withdrawal request notification,” said Ross. “I looked up from my phone to my computer, and I noticed that I was literally being logged out of my Gmail in real time.” Then, Ross looked back at his phone and saw that he lost service.

Wonder how a SIM card can be swapped, since it’s physically inside of a person’s phone?

“The hackers often have all of your basic information because of the Yahoo hack, the Equifax hack, the Marriott hack,” Ross said. “They’re able to get enough of a profile about you to be able to convince the customer service rep that they are [you].”

A simple phone call to a carrier begins the process, and a few steps later, the crime is complete. Once the hackers had control of Ross’s phone, they were able to enter his accounts, request a password change, and then cause all kinds of damage. At this point, the hackers were Rob Ross, at least digitally.

Ross contacted REACT, a California cyber crime law enforcement agency comprised of state and county police and the Secret Service, and the perpetrator was arrested three weeks later, though he was only one member of a team. The rest are still at large.

Not one to lie about, Ross started as a central hub for victims of SIM crime. According to Ross, the website has three goals:

1) to raise awareness about SIM crime — what it is and how you can protect yourself.

2) to serve as a victim resource and advocate — helping people track their stolen money and cryptocurrency.

3) to effect change and stop this from happening.

Ross believes that it’s the carrier’s responsibility to ensure the security of their clients’ phones through “technical and administrative solutions.”

Sadly, Ross has not recovered his money. “What happened to me can happen to anyone,” said Ross.

Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.