A man aged 20 from Dublin, was arrested and brought before the High Court on Thursday on foot of an extradition warrant. During a brief appearance, he indicated he understood the charges. He was remanded in custody until May 22.
The US Attorney General for the Eastern State of Michigan said that their investigation had the “assistance of Irish law enforcement authorities”. These included the Garda Drugs and Organised Crime Bureau and the Criminal Assets Bureau, with the Garda Extradition Unit involved in the extradition request.
The GDOCB and CAB conducted searches under Section 74 of the Criminal Justice (Mutual Assistance) Act 2008. On Thursday, the US Attorney unsealed an indictment against nine people. It claimed the individuals, with an average age of 22, were “connected to a hacking group known to its members as ‘The Community’”.
The nine accused were charged on 15 counts with “conspiracy to commit wire fraud, sim swap attacks, wire fraud and identity-theft. In addition, three of them, former employees of mobile phone providers, were charged with wire fraud in relation to the alleged conspiracy. It is alleged the group exploited security weaknesses of mobile phones to gain control of people’s online accounts.
The Attorney General’s Office said that, according to the indictment, the defendants are members of “The Community” and are alleged to have “participated in thefts of victims’ identities in order to steal cryptocurrency via a method known as ‘SIM Hijacking’.
It is said that cryptocurrencies, also known as virtual currencies or digital currencies, were an online media of exchange, the most famous of these currencies is Bitcoin. The indictment explains that “SIM Hijack” or “SIM Swap” is an identity theft technique that exploits a common cyber-security weakness – mobile phone numbers.
It alleges that this tactic enabled “The Community” to gain control of victims’ mobile phone number, resulting in the victims’ phone calls and short message service (SMS) messages being routed to devices controlled by “The Community”.
It claims that “SIM Hijacking” was often facilitated by bribing an employee of a mobile phone provider.
Other times, the indictment states that SIM Hijacking was accomplished by a member of “The Community” contacting a mobile phone provider’s customer service —posing as the victim — and requesting that the victim’s phone number be swapped to a SIM card (and thus a mobile device) controlled by “The Community”.
The members of “The Community” charged in the indictment endeavored to gain control of victims’ cryptocurrency wallets or online cryptocurrency exchange accounts and steal victims’ funds. It is alleged in the indictment that the defendants executed seven attacks that resulted in the theft of cryptocurrency valued at approximately $2,416,352.