What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges

Account takeovers allegedly used to plunder digital wallets

shutterstock_mobile_theft_648

Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts.

21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their alleged roles in a crime spree stretching from November of 2017 to May of 2018, which resulted in the theft of $550,000 worth of cryptocoins.

Prosecutors say that Meiggs, of Brockton, and Harrington, of Rockport, specifically targeted executives of cryptocurrency firms and other known high-rollers for account takeovers, with the aim of draining the targets' cryptocurrency wallets.

Additionally, the pair sought to take ownership of highly-valuable "OG" social media accounts created in the early days of their respective networks when common names were still available.

To do this, it is alleged that Meiggs and Harrington systematically took control of their marks' smartphone and email accounts via SIM-swapping. One of the two men would call the target's phone provider and, pretending to be the person, have the number transferred to a new SIM card.

That hijacked SIM would then be used to contact the email provider and receive account reset and two-factor login codes for the target's address. Police say this allowed them to crawl the target's messages for login details on other services, usually social networks and cryptocurrency exchanges. In other cases, they are accused of requesting password resets be sent to the email accounts.

According to the 11-count indictment (PDF), the scheme produced mixed results for the alleged crooks. Prosecutors say that the first two attempts at accessing a target's cryptocurrency wallet failed when, after swapping the SIM and taking over email accounts, the pair were unable to get access the victim's cryptocoin wallet.

In four other cases, however, police say the duo were able to either take over the victim's cryptocurrency wallet or exchange accounts and extract money. In one of those cases, the stolen account was used to socially engineer a contact of the victim into sending over $100,000 worth of digital currency.

Twitter logo

JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters

READ MORE

Aside from the 2017-2018 coin thefts, prosecutors allege that from 2015 to 2017 Meiggs also dabbled alone in takeover of valuable "OG" social media accounts via SIM-swapping. In those cases, it is charged that Meiggs took over the victim's phone number then held it for ransom in exchange for access to the social media account.

In another case, it is charged that rather than bother swapping the SIM, Meiggs simply threatened to kill the victim's wife if they did not hand over the account.

In total, Meiggs faces one count of conspiracy to commit computer fraud and abuse and wire fraud, four counts of wire fraud, one count of identity theft, and one count of violating the computer fraud and abuse act.

Harrington is charged with one count of conspiracy to commit computer fraud and abuse and wire fraud, five counts of wire fraud, one count of violating the computer fraud and abuse act, and one count of aggravated identity theft. ®

Sponsored: Beyond the Data Frontier

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019