Investigators say fraudsters purchased codes to unlock SIM cards from phone company employees.
After nearly a year of investigation, French police have busted a ring of mobile phone hackers, whose members included employees of cellular phone companies. The ring had been operating for five years, selling about 30,000 stolen cell phone codes a month, and netting at least $675,000 a month, according to French authorities. Investigators said that fraudsters purchased codes to unlock SIM cards for about $4 each from phone company employees who had access to company databases. The codes were sold online for about $40. Why were the codes worth so much?
With the codes, criminals could access any SIM card, including foreign cards, with their mobile phones, creating a cascade of fraud from unauthorized calls to outright identity theft. A Subscriber Identity Module or SIM card contains a unique serial number, an internationally unique number of the mobile user, security authentication and ciphering information, and a list of the services the user has access to.
Stolen SIM cards can lead to identity theft
A stolen SIM card ― whether that's the physical card or simply the code ― gives the holder all of the privileges of the phone's owner and access to passwords that could unlock more than just the phone. The digital theft is often difficult to detect.
"The first sign that you are not in control of your SIM card is usually when someone else contacts you that fraud is being committed using your phone," John Sileo, author of "Think Like a Spy: Identity Theft Protection and Recovery," who has advised the U.S. Department of Defense and the FDIC, said. And the damage can be extensive.
"It's as if the thief owns the phone, but none of the responsibility that goes with it," Sileo said. "He can make calls as if he is you, load surveillance software onto the phone, charge calls, and commit crimes with your phone number. The consequences fall securely in your innocent lap."
"There is no accurate reporting on this problem in the U.S. as the phone companies face no requirements to report this type of breach as far as I know," Sileo said.
What to do if you suspect your SIM card has been hijacked
Mobile phone users should regularly monitor their accounts for any irregularities like calls to unfamiliar numbers. If you suspect your SIM card has been compromised, Sileo recommends the following steps:
- Take the card out of the phone immediately so that it can no longer be used.
- Take the card and the phone to your wireless service provider and tell them what you suspect.
- Even if it's not conclusive, make sure that you obtain a new SIM card.
- If you sync the phone with a piece of software, make sure that you don't reintroduce malware when you sync your new SIM card (and phone) back to the old software.