Feeds

Eight accused in AT&T, T-Mobile $22m ID theft scam

Customer databases illegally accessed

Choosing a cloud hosting partner with confidence

Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers.

The defendants assumed the identities of these customers and obtained cellular gear by calling the companies and ordering new devices or claiming their current devices were lost or defective. When the carriers had new devices delivered, the defendants paid drivers for Federal Express and DHS to divert the packages to the defendants but report them as being properly delivered.

The alleged scammers then sold the devices to others. The charges incurred on the stolen handsets were billed to AT&T and T-Mobile customers. When the customers complained, the carriers had to absorb the costs of the devices, insurance payments, shipping costs and wireless and calling charges.

Earlier this week, convicted hacker turned security consultant Kevin Mitnick said AT&T asked him to take his business elsewhere after he hired an attorney to complain about repeated breaches of the cellular account he's had for about nine years.

AT&T has called Mitnick's claims "unfounded," but schemes like the one detailed in the indictment support his contention that it's relatively easy for criminals to penetrate customer databases that are supposed to be confidential.

AT&T said in a statement: "As the investigation unfolded, AT&T put several additional security measures and practices in place to provide further protection of our customers' personal information. We continue to add security safeguards to protect customer data." The statement didn't say whether information in the customer databases included unencrypted passwords.

A T-Mobile spokeswoman said the incident appeared to be isolated to a limited number of customers. "That said, T-Mobile is continuously implementing new security measures to protect customer information." The company, which also declined to say whether passwords are encrypted in such databases, plans to offer free credit monitoring services to customers whose personal information was stolen.

The suspects named in the indictment were: Courtney Beckford, 49, Gabe Beizem, 34, Rawl Davis, 36, Lennox Lambert, 37, Marsha Montayne, 28, Saul Serrano, 37, Ron Shealey, 36, and Rohan Stewart, 34. All have pleaded not guilty, according to Robert Nardoza, a spokesman in the US Attorney's office in Brooklyn.

If convicted on conspiracy to commit mail fraud and wire fraud, the defendants each face a maximum of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences if convicted on aggravated identity theft. Prosecutors are also seeking the forfeiture of the $22m worth of goods. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.