While they may not be the most popular scam method, SIM swapping attacks can be highly lucrative for successful operators. Sadly, they’re usually not too good for victims or their mobile service carriers, as T-Mobile is now about to find out.
Negligence on T-Mobile’s Part
Earlier this month, the telecommunications giant was sued in the Southern District of New York by Calvin Cheng, a plaintiff, who claimed that its negligence had led to the loss of $450,000 in Bitcoin following a SIM swapping attack.
In the lawsuit, Cheng explained that the attack took place in May 2020 against Brandon Buchanan, one of T-Mobile’s customers. Buchanan is the founder and head of Iterative Capital, a crypto-focused investment fund based in New York.
The plaintiff explained that he had conducted several transactions with Iterative to purchase Bitcoin some months before the attack, all the while communicating with Buchanan and other officials at the company.
Following the attack, the perpetrators appeared to have impersonated Buchanan on Telegram – Cheng’s preferred communication platform with the investment expert. They reached out to Cheng, offering him an attractive premium to sell his Bitcoins to Iterative.
He eventually agreed to the deal and transferred his assets to a digital wallet that was, in fact, controlled by the hackers.
A few days later, Buchanan contacted Iterative’s clients, warning that he had been the victim of a SIM swapping attack. Since then, the pair have been communicating with investigators and T-mobile, hoping to get to the bottom of the problem.
However, all efforts proved abortive. In the suit, Cheng accused T-Mobile of negligence and failing to implement the proper security standards – including account protection and staff training.
SIM Swapping Reaches Everyone
T-Mobile is definitely not the only mobile carrier to get a lawsuit for possible negligence in a SIM swapping attack. In 2018, AT&T, one of its top competitors, found itself embroiled in a nasty legal case against entrepreneur and crypto investor Michael Terpin.
Terpin had sued AT&T for negligence after a SIM swapping attack cost him $24 million. His suit requested $200 million in punitive and other damages, with the plaintiff also bashing the telecoms giant for their willful negligence and inability to protect investors.
The case between AT&T and Terpin has dragged on for years, with both parties filing counterclaims and hedging in and out of court.
SIM swapping has also reached the highest echelons of government. Last year, six Democratic members of the House of Representative wrote to Ajit Pai, then the Chairman of the Federal Communications Commission (FCC), asking his agency to impose stricter standards on mobile carriers to prevent SIM swapping attacks.
The lawmakers presented data from the Federal Trade Commission, which showed that complaints about SIMs wapping attacks had jumped from 215 in 2016 to 728 in 2019. Considering that there are even more cases without complaints or follow-ups, this number would undoubtedly be much more. To wit, it would be fitting to ensure that mobile carriers have a uniform standard for security infrastructure to help protect their customers.