The American telecommunication company AT&T received a blow this week, as a US judge rejected a motion to dismiss a lawsuit against the firm. Last year, a California resident filed a complaint alleging AT&T of wittingly assisting hackers in a SIM Swap attack that robbed him of 1.8m worth of various cryptocurrencies.
AT&T’s Motion Rejected
Seth Shapiro filed a complaint last year against the large telecommunication company. It claimed that employees from AT&T had helped hackers perform several SIM-swap attacks that ultimately stole $1.8m worth of cryptocurrencies from him.
“On at least four occasions between May 16, 2018, and May 18, 2019, AT&T employees obtained unauthorized access to Mr. Shapiro’s AT&T wireless account, viewed his confidential and proprietary personal information, and transferred control over Mr. Shapiro’s AT&T wireless number from Mr. Shapiro’s phone to a phone controlled by third-party hackers in exchange for money.
The hackers then utilized their control over Mr. Shapiro’s AT&T wireless number – including control secured through cooperation with AT&T employees – to access his personal and digital finance accounts and steal more than $1.8 million from Mr. Shapiro.” – the complaint reads.
AT&T quickly moved to dismiss several of Shapiro’s allegations. Earlier this week, US District Judge Consuelo Marshall granted two of the motions to dismiss. However, he denied another two, including for negligence and negligent supervision and entrustment.
The court also denied another motion from AT&T to strike Shapiro’s claim for punitive damages. Shapiro now has until May 29, 2020, to take action if he “seeks to amend the Complaint to plead additional facts addressing the deficiencies set forth in this Order.”
SIM Swap attacks typically start by gathering personal information about the victim, contacting the mobile telephone company, and convincing employees of porting his phone number to a new SIM card, belonging to the perpetrators. If successful, they gain control that allows them to reset passwords, change 2FA verification codes, and ultimately access protected accounts.
FinCEN Awards Crypto Seizing Agencies
The US Financial Crimes Enforcement Network (FinCEN) annually awards law enforcement agencies that used the Bank Secrecy Act (BSA) reporting to pursue and prosecute criminal investigations successfully.
This year, FinCEN awarded the following agencies: Immigration and Customs Enforcement-Homeland Security Investigations, United States Secret Service, and the United States Postal Inspection Service.
The investigation they handled “identified dark web vendors sending illicitly earned Bitcoin with a physical receiving address via an encrypted email to conduct this cash-out scheme. This cash-out vendor charged anywhere from 12-16 percent depending on the amount of digital currency being cashed out.”
Ultimately, the agencies arrested 42 individuals and seized “22 million in various digital currencies, 3.5 million in cash, 120 firearms, 15 pill press machines, and a wide range of controlled substances.”