A sixth member associated with an international hacking group known as The Community has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said.

Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was sentenced to 10 months in prison and ordered to pay an amount totaling $121,549.37 in restitution.

Cybersecurity

SIM swapping, also called SIM hijacking, refers to an identity theft scheme wherein malicious parties persuade phone carriers into porting their victims' cell services to SIM cards under their control, often facilitated by bribing an employee of a mobile phone provider or by contacting the service provider's customer support by posing as the victim and requesting that the phone number be swapped to a SIM card operated by the group.

The goal is to leverage the phone numbers as a gateway to hijack different online services used by the targets, such as email, cloud storage, and cryptocurrency exchange accounts, by resetting their passwords and one-time verification codes that are sent via SMS messages as part of the two-factor authentication (2FA) process, enabling the cybercrime crew to circumvent security measures.

"Members of The Community engaged in Sim Hijacking to steal cryptocurrency from victims across the country, including California, Missouri, Michigan, Utah, Texas, New York, and Illinois," the DoJ said, resulting in the theft of cryptocurrency valued, at the time of the theft, ranging anywhere between $2,000 to more than $5 million, from different affected parties.

Cybersecurity

Endicott is also the sixth and the last of the group members from the case to be sentenced between two to four years in prison, including four other people in the U.S. and one in Ireland — Ricky Handschumacher (28), Colton Jurisic (22), Reyad Gafar Abbas (22), Conor Freeman (22), and Ryan Stevenson (29).

"The actions of these defendants resulted in the loss of millions of dollars to the victims, some of whom lost their entire retirement savings," said Acting U.S. Attorney Saima Mohsin for the Eastern District of Michigan. "This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it."


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.