Canton child, 6 men part of international group using bribes, phone hacking to steal millions in Bitcoin


    CANTON TOWNSHIP, Mich. – A juvenile in Canton Township and six other men have been identified as members of “The Community,” an international group that hacks into people’s cellphones — often bribing or tricking mobile phone companies — to steal millions of dollars in Bitcoin and other cryptocurrency, officials said.

    How the scheme worked

    Beginning in 2017 and through May 2018 in Michigan, a group of people known to investigators as “The Community” conspired to use “SIM hijacking” or “SIM swapping” to steal cryptocurrency such as Bitcoin, Litecoin and Ethereum, according to federal officials.

    Members of The Community would get control of a person’s cellphone number by linking it to a subscriber identity module (SIM) card under The Community’s control, authorities said.

    The victim’s phone calls and messages would be routed to a device controlled by someone in The Community, according to court records.

    Ad

    When The Community got control of someone’s phone number, they could use it to access online accounts such as email, cloud storage and cryptocurrency exchange accounts, court documents show.

    Once they gained control of someone’s cryptocurrency wallet or online exchange account, members of The Community could steal the funds, officials said.

    Stolen funds from an attack were divided among the members of The Community who participated in that attack, according to authorities.

    Member of ‘The Community’ identified

    In March 2018, officers at the Canton Police Department alerted Homeland Security about a person involved in a complex SIM-swapping scheme, court records show.

    HSI Detroit launched an investigation into The Community and identified a participant in the scheme. On May 9, 2019, authorities said they executed a search warrant at the house and seized a Trezor device, or Bitcoin hardware wallet.

    Trezor devices are used to store cryptocurrency. This device had about 60.20371501 Bitcoins — valued at around $629,854, according to the complaint.

    Ad

    At the time of the search warrant, the owner of the Trezor device was a juvenile, according to officials.

    Authorities believe the Bitcoins on the Trezor device was obtained through The Community’s wire fraud conspiracy. The juvenile had earned more than $1 million worth of cryptocurrency as a result of his fraudulent activity with the group, according to court documents.

    Juvenile speaks with officials

    On Aug. 22, 2019, the juvenile appeared for an interview with Homeland Security at his attorney’s office and voluntarily provided the PIN code for his Trezor device, according to authorities.

    He described being involved in about 50 SIM swaps between October 2017 and February 2018 with three men named Colton Jurisic, Ricky Handschumacher and Conor Freeman, as well as others, court records show.

    The juvenile told authorities that he, Jurisic and Freeman were involved in a May 2018 SIM swap that resulted in the theft of about $160,000 worth of cryptocurrency.

    Ad

    He said a second SIM swap with Jurisic, Handschumacher and Freeman netted them about $6 million worth of cryptocurrency, court records show.

    The juvenile entered into an agreement with the United States Attorney’s Office consenting to the civil judicial forfeiture of the Bitcoins, according to officials.

    6 men named in federal indictment

    Jurisic, Handschumacher and Freeman are three of six men named in a federal indictment against The Community. The others are Reyad Gafar Abbas, Garrett Endicott and Ryan Stevenson.

    Here’s more information on the defendants:

    • Freeman, 20, is from Dublin Ireland.

    • Handschumacher, 25, is from Pasco County, Florida.

    • Jurisic, 20, is from Dubuque, Iowa.

    • Abbas, 19, is from Rochester, New York.

    • Endicott, 21, is from Warrensburg, Missouri.

    • Ryan Stevenson, 26, is from west Haven, Connecticut.

    All six men listed above were identified as members of The Community, according to federal authorities.

    In the indictment, they are accused of executing seven attacks, during which they stole $2,416,352 in cryptocurrency.

    Three other people were charged in the criminal complaint: Jarratt White, 22, of Tucson, Arizona; Robert Jack, 22, of Tucson, Arizona; and Fendley Joseph, 28, of Murrietta, California.

    Ad

    White, Jack and Joseph were employees of mobile phone providers charged in relation to the conspiracy, officials said. According to court records, they helped members of The Community steal the identities of subscribers to their employers’ services in exchange for bribes.

    “Mobile phones today are not only a means of communication, but also a means of identification,” U.S. Attorney Matthew Schneider said. “This case should serve as a reminder to all of us to protect our personal and financial information from those who seek to steal it.”

    February 2018 attack

    On Feb. 15, 2018, members of The Community worked together to activate a SIM card and link it to the mobile phone number of a person they were targeting, according to authorities.

    That person’s mobile provider was deceived by social engineering into transferring his mobile number to a device controlled by The Community, court records say.

    Using the phone number as a starting point, The Community used the person’s identity to gain control over his email address, a Dropbox account, a cryptocurrency exchange account and a cryptocurrency wallet, according to the indictment.

    Ad

    The Community transferred cryptocurrency owned by the victim — valued at $114,705 — to one or more cryptocurrency wallets controlled by the group, officials said.

    Abbas is specifically named as someone who participated in an online chat planning the attack, officials said. Abbas is accused of accessing the victim’s exchange account and transferring stolen funds.

    March 2018 attack

    On March 6, 2018, members of The Community collaborated to link another SIM card to the mobile phone number of a different victim, according to the indictment.

    Starting with the victim’s phone number, The Community seized control of multiple online accounts, including an email account, Twitter account, cryptocurrency exchange accounts and a cryptocurrency wallet, officials said.

    Authorities said they transferred cryptocurrency valued at $4,929.37 from the victim’s cryptocurrency wallet to one or more wallets controlled by the group.

    Ad

    Endicott is accused of being part of this attack. His role in The Community was to research victims and provide personally identifiable information associated with them to help the group steal identities, feds said.

    May 7, 2018, attack

    On May 7, 2018, Freeman, Handschumacher and Jurisic were involved in an attack targeting a third victim, officials said.

    An employee of a mobile phone provider was bribed by an unnamed member of The Community to transfer a person’s mobile phone number onto a SIM card controlled by the group, according to court documents.

    That member of The Community paid the bribe via LocalBitcoins.com and PayPal, authorities said.

    Using the victim’s phone number, The Community took control of an email account, a Twitter account, a cryptocurrency exchange account and a cryptocurrency wallet, federal officials said.

    Cryptocurrency valued at $1,669.56 was transferred from the victim’s wallet to one or more controlled by The Community, according to authorities.

    Ad

    Freeman and Jurisic provided personally identifiable information of the victim to The Community to help facilitate the attack, officials said.

    Handschumacher coordinated with the other member of The Community and told that member to bribe the mobile phone provider employee, according to court records.

    May 9, 2018, attack

    The same member of The Community who bribed a phone provider employee in the May 7, 2018, attack did so again for an attack executed two days later, officials said.

    A bribed employee transferred the mobile phone number of a new victim to a SIM card controlled by The Community, and that allowed the group to steal that person’s identity. They took control of an email account, a Skype account and a cryptocurrency exchange account, court records show.

    The Community transferred $55,493.76 worth of cryptocurrency into wallets controlled by the group, the indictment says.

    Abbas accessed the victim’s email account to facilitate the attack and transferred the stolen funds, authorities said.

    Ad

    May 15, 2018, attack

    An employee of a mobile phone provider was once again bribed by the same member of The Community to target a third victim in May 2018, officials said.

    On May 15, 2018, that employee provided personally identifiable information about the victim, which allowed The Community to impersonate the victim and convince a customer service representative to transfer that person’s mobile phone number to a SIM card controlled by the group, court records show.

    Using the phone number, The Community took control of an email account, cloud storage accounts and a cryptocurrency wallet, the indictment alleges.

    The group took cryptocurrency valued at $100,000 from the victim’s wallet, according to authorities.

    Freeman, Handschumacher and Jurisic were all involved in this attack, court documents say.

    Freeman and Jurisic provided personally identifiable information about the victim, and Freeman also transferred the stolen funds, according to records.

    Ad

    May 16, 2018, attack

    The following day, The Community activated a SIM card targeting another victim and bribed a mobile phone provider employee to have a phone number transferred onto it, officials said.

    Using the phone number, The Community took control of an email account, an Evernote account, cryptocurrency exchange accounts and cryptocurrency wallets, federal officials allege.

    In this attack, The Community transferred $1,921,335.80 worth of cryptocurrency from the victim’s wallet into one or more wallets controlled by the group, the indictment says.

    Freeman is accused of transferring the stolen funds, and Handschumacher is also named as a participant in this attack, authorities said.

    May 18, 2018, attack

    The Community bribed a mobile phone provider employee to transfer another phone number onto their SIM card on May 18, 2018, officials said.

    That phone number was used to seize control of an email account and cryptocurrency exchange accounts, the indictment says.

    Ad

    Officials said The Community transferred $164,972.47 worth of cryptocurrency into their possession.

    Jurisic provided personally identifiable information about the victim to set up the attack, and Freeman accessed the victim’s email and cryptocurrency exchange wallets to transfer the stolen funds, according to authorities.

    Charges

    Freeman is charged with conspiracy to commit wire fraud, four counts of aiding and abetting wire fraud and four counts of aiding and abetting aggravated identity theft.

    Handschumacher and Jurisic are each charged with conspiracy to commit wire fraud, three counts of aiding and abetting wire fraud and three counts of aiding and abetting aggravated identity theft.

    Abbas is charged with conspiracy to commit wire fraud, two counts of aiding and abetting wire fraud and two counts of aiding and abetting aggravated identity theft.

    Endicott is charged with conspiracy to commit wire fraud, aiding and abetting wire fraud and aiding and abetting aggravated identity theft.

    Ad

    Stevenson is charged with conspiracy to commit wire fraud.

    “The allegations against these defendants are the result of a complex cryptocurrency and identity theft investigation led by Homeland Security Investigations, which spanned two continents,” said acting special agent in charge Angie Salazar, of HSI Detroit. “Increasingly, criminal groups are turning exclusively to web-based schemes to further their illicit activities, which is why HSI has developed capabilities to meet these threats head on.”

    Copyright 2021 by WDIV ClickOnDetroit – All rights reserved.



    Source link

    Previous articleWall Street consensus on Apple Q3 performance ‘conservative,’ says analyst
    Next articleIs The Rally In Dogecoin Knockoffs Over For Good?