A SIM swap attack occurs when a cybercriminal tricks their victim's mobile phone service provider into porting the victim's phone number over to a new SIM card embedded in a device which the hacker controls. If you think about all the services we access on our phones - email addresses, social media platforms, bank accounts, cryptocurrency wallets - you can quickly see how damaging these attacks can be. Once a cybercriminal controls their victim's phone, they can easily use it to access their email, reset all their login information and run wild. 

In one notable attack, a 15-year-old New York high school student stole nearly $24 million worth of cryptocurrency from an entrepreneur using SIM swapping. The attackers behind the July Twitter hack appear to have been active on underground forums devoted to SIM swapping according to security researcher Brian Krebs, though they didn't employ this technique for the Twitter hack itself.

That last example raises a crucial point about SIM swaps - they don't require much technical hacking skill and are relatively easy to carry out. All the cybercriminal needs to do is convince the victim's mobile service provider to port their number to a new phone under the cybercriminal's control. Typically, this only requires the attacker to hand over a few of the victim's personal details, which can often be obtained through social engineering or sometimes purchased online if the victim's information has been compromised in a data breach. Princeton University researchers recently published a study in which they made 50 total attempts to have employees at five different mobile service providers (ten attempts per provider) complete SIM swaps that shouldn't have been authorised, each time armed with varying degrees of authentication information on hand to test how low the provider's threshold to wrongly port a number truly was. The researchers were successful in pulling off the SIM swap 39 of those 50 times, and in many cases were only asked to provide the easiest authentication details. City of London Police recently reported that known cases in the city rose from 144 in 2015 to 3,111 in 2018, resulting in total victim losses of over £9 million. The true numbers are likely to be higher due to underreporting. The bottom line is that SIM swap attacks are growing, and customers of major mobile service providers are likely to be more vulnerable than they may realise.

How can compliance professionals and financial investigators fight back against SIM swap attacks? In cases involving stolen cryptocurrency, they can use blockchain analysis to trace stolen funds to a cryptocurrency service they can subpoena for information on the attacker. An example of this is on our blog, from a recent SIM swapping attack we investigated in which the victim had roughly $25,000 worth of cryptocurrency stolen. The attacker moves the funds through several intermediary wallets before depositing them across several different cryptocurrency services including exchanges, merchant services providers and darknet markets. Learn more about this case study and SIM swapping in general on our blog here. 

Learn more about Chainalysis here. You can also email scott.johnston@chainalysis.com to schedule a learning session with a Chainalysis expert, who will walk you through the case study we cover in our full article.