The $24 Million SIM-Swapping Hack
Вставка
- Опубліковано 2 сер 2024
- When Michael Terpin loses $24 million to a SIM-swapping hack, he fights back against the young hackers and takes on AT&T in a legal battle for $224 million. This cautionary tale exposes the rise of SIM-swapping incidents and the vulnerabilities of service providers in the face of digital identity theft.
--------
Like this video? Subscribe: ua-cam.com/users/Bloomberg?sub_...
Become a Quicktake Member for exclusive perks: ua-cam.com/users/bloombergjoin
Bloomberg Originals offers bold takes for curious minds on today’s biggest topics. Hosted by experts covering stories you haven’t seen and viewpoints you haven’t heard, you’ll discover cinematic, data-led shows that investigate the intersection of business and culture. Exploring every angle of climate change, technology, finance, sports and beyond, Bloomberg Originals is business as you’ve never seen it.
Subscribe for business news, but not as you've known it: exclusive interviews, fascinating profiles, data-driven analysis, and the latest in tech innovation from around the world.
Visit our partner channel Bloomberg Quicktake for global news and insight in an instant. - Наука та технологія
Can't believe the suit against AT&T was dropped by the judge. Seems like they should be held liable. They allowed the SIM swap, according to this piece, by bribery.
That is the fault of the individual not the company. The company most likely has liability clauses that prohibit illegal activity from their employees which said employees sign. We have this ridiculous notion that a large corporation should be accountable for every tiny thing that happens within the walls of the company, but unless there is negligence or intent on the part of the company, there’s nothing there. Individual acts of dishonesty are not negligence on the company’s part. This guy should be suing the individual, but he isn’t because the employee is probably broke so he goes after the company asking a ridiculously high amount of money that he knows the company has. This is indicative of the state of greed in our legal system. It was probably his lawyers idea too. I am thankful for judges that can see through this kind of garbage and assign blame where it belongs.
Quite a valid point.
@@Retrochick330 AT&T has an army of lawyers, but agency law still makes them liable for what their employees do.
Terpin just needs a better legal strategy.
@@patmcbride9853 does it? Hmmm. I don’t know enough about that. I’ll have to check into it. Thanks for letting me know.
They are an unwilling accessory to the crime by allowing the SIM swap (number transfer request) without proper identification. Also, the victim has share of the blame by exposed personal info online (Facebook, LinkedIn).
At&t should be held liable. They can make sure it doesn't happen. But choose not to.
Editor needs a raise. Great animation
How can AT&T not be liable? Their employee gave out his sim toba scammer.
Lies again? Rating Pending Ripped Muscles
why is this only common in the USA? are the regulations so bad?
It is said in the video that not even a security conscious person can protect himself against this type of attack. It's technically true when it comes to sim swapping. But you can cut off the use of sims altogether by using the Multi-Factor Authentication through an authenticator app instead of phone number.
Or by using a cold wallet
This is also a problem in South Africa, network providers should be held liable.
In Cyprus you have to be at the store and you have to show ID in order to be able to change Sim cards
Same in the US but they bribed someone to bypass that process.
"You need IDs, go & get a fake.
Go do this today" ~ OBN Dev
This... was perfect. Great explainer, perfect length.
This is so well made
SIM swapping is why SMS two-factor authentication is less secure than an authenticator app.
Also sms arent encripted
Sim swapping is only possible in america
This is why I switched my phone number from T-Mobile to Google Fi. Not because I think Google Fi is the most secure, but I do think that people at Google use Google Fi. So if there's a problem, I think the people at Google would be aware of it and do something about it. I can't say the same for T-Mobile or any other carrier for that matter.
This has happened to me. I have not been able to get any help. I have all the information and perpetrators.
so, tldr, att employee was bribed and transferred the plaintiff's sim to a third party and that's not att's responsibility? if i have this right from the reporting, who would trust an american court of law?
he probably should have sued the "smaller authorized retail outlet" too. it was their employee, with access to at&t services that >could have been in on it >or just got fooled....but possibly didn't ask for ID.....coulda had fake credentials for an attack this big though....
@@rumls4drinkin i missed the authorized retailer bit. suppose the franchise agreement between att and the AR limits liability for the former...but should it?
@@esgee3829 eh the "should it" ....i mean if it was normal peoples bank accounts, which it will be, it should.....crypto wallets getting robbed is just desserts though...carriers are given favoritism to operate since the risk liability is so broad but they gotta be responsible.
crypto and >goverment level asset protection are pretty opposed forces generally right now, no getting your money back through anonymized transactions...
if they wiped out a retirement account we'd have multiple agencies on it i hope.
carrier responsibilities may extend to our real banking networks but...holding them liable for a digital crypto wallet the dude himself could have had his friends hack..... not gonna fly.
Literally just searched this today because i remembered a story about this and it was uploaded like 19 mins ago
Thanks for informing me of a problem i didn't even know existed and telling me there is no way to prevent it.
I never realized why giving your phone number to websites makes it somehow more secure lol. Let's connect everything with everything and this will raise security 😀
Yeah, I'm going to keep not using 2FA wherever I don't have to.
As usual, the judges work for their masters: Corporations
Better question? If you have got $24m in crypto currency, why is it not kept on a physical wallet instead of an exchange? That way you will be covered from FTX-type events.
FTX is a symptom, not the disease. To trust such life-changing amounts of money to ANY form of crypto long-term is utter stupidity.
Probs wanted to save the $100
what do you think the government is going to say when you cash out 24 million as a minor
…the real problem is the weak justice system …give them life in prison a consequence they might think twice about
Let’s not dance around it, government regulators need to step in to make the phone companies do their job protecting customers and checking properly for identity.
no one that's serious about security should use SMS as a 2 factor authentication
What's the alternative?
@@edem4135 any authenticator app, like Google Authenticator
@@edem41352fa app, like google authenticator (there is some serious issues)- authy by twillio(breached in the past). Or better yet a phisical security key like google security key or yubico. Either way you're vulnerable to session hijack via someone stealing your session cookies or phishing, and many other attacks but those are up to you, unless the site has a vulnerability
google authenticator
@@edem4135
How tf was the sim swap not “their responsibility”?
I subscribed because the videos are short, straight to the point and very interesting. 👍
Props to the animators / editors 🍻
Great Video!!
My question is: how much did AT&T 'ALLEGEDLY' bribe that judge to also toss the case? 😂🤭🤭☠️💔
would eSIM by Apple stop SIM swapping? So strange that somebody can just pretend to be someone else and get a SIM!
yes, while not 100% esims, which most cell phones and all iphones are moving to, would eliminate that bottleneck as the vulnerability of swapping a physically sim card would be eliminated
SO If ATT was not liable, WHO IS?
How is SIM swapping NOT A crime with identity thief?.
The editing is insane
such a happy, joyous tune chosen for this video :))
I use my cell phone for call, texts taking videos and photos, nothing else. It;s not easy but I can at least make my computer use quite secure. No one can SIM swap my CPU!
Wow. So how does one protect one's self (even if OWs are charged)if it's out of one's hands?
Physical security keys
This is exactly why people need to start moving away from conventional 2FA and move to FIDO Keys.
FIDO keys are a pain. if you are in an airport and you need access to your cell phone, you have to take out the FIDO key and either install it or sweep it behind your phone. You have luggage to manage. You drop the FIDO key on the floor while you are trying to get everything together. You'd better have the second key available to you.
Sanjosemike (no longer in CA)
This just happened to me. 😡
Providers should pay up the lost. They help the thieves.
I can't believe a person that attended crypto events and has 24mil store his password and all the info in the cloud drive.. really bro?
I love the use of the Bully soundtrack here!
Franco Law PLLC got me great settlement
Can't they fix this by sending a text to the number in use.. asking for confirmation before assigning to the new SIM? I guess in this case with bribery, can't fix that. Or lost/dead phones.. etc.
At&t isnt the only provider.
And this is why you should not use SMS for multi factor authentication.
No? The hackers would get the messages. Use google auth
An AT&t will go out and start financing a bunch of campaigns and they'll make it impossible for him to do anything. With two big middle fingers out and a smirk.
2001 illegal wire taps. 2016 Due process violation 4th 5th 6th 14th Amendment violation. Entrapment 2019
And this is why I still have a flip phone.
That’s a trap phone. Intractable.
Criminals used to be cool & scary. Now they’re teens living in their parents basement
They were never cool. And the fact that they can be even more immature makes them scarier. A grown adult would probably have known not to mess with a guy with savvy and connections.
Sim cloning are tough job ..but sim swapping nil you account very quickly.
That's why mostly loved SIM swapping scam ...
Great video! Scammers think of new and creative ways to trick unsuspecting victims every year. We deal with crypto scam cases all the time and and there's always something that surprises us.
Wouldn't a simple solution for this, is for the phone companies to issue 'Pin" numbers to access a phone account and add a question that only the owner of the phone knows? (e.g.: What was your first grade teacher's name?)
Interesting sim swaping is also a major problem here in india also
I have ZERO banking info, credit cards, pay from my phone, etc. NOTHING like that on my phone. Never have! I use my phone for communication ONLY! It's a phone, people!
Lot of places require doing business thru an app.
@@ricomajestic Then those "places" don't get my business!
@@mahkuntizitchy2083 I guess you wont be eating for awhile. LOL!
@@ricomajestic What!?! I buy grocs. like anyone else, i go to restaurants, drive thru's, get the odd cab ride like a few times a year, pay rent and EVERYTHING else everybody else does without EVER using an app for anything! As well, as stated, my phone is for calling & texting, that's it!
Lol, you don't have to walk into the store to do a swim swap attack.
How else would u get a rep there
hmmm need more authentication forms then like lock everything for 8 hours after making large withdrawals
Am guessing his crypto wallet wasn't a decentralized wallet and he didn't control his own private keys or recovery phrase, which is not easy to hack even if you get sim-swapped. And one shouldn't hold as much $24M worth of Crypto on his phone. He hold that much crypto in a hardware wallet offline. 💯
They found his keys or phrase in a note probably
We have to be blunt. Crypto is a "wild west" of finances. Nobody in Crypto takes security seriously. The banks and financial institutions concentrate on "real" accounts.
If the theft occurred with a "regular" bank account, it would be taken seriously by the judge, because the judge HAS regular accounts.
Sanjosemike (no longer in CA)
Woah 🤯
Sim swapping aint new though..people was doing it with nokias back in early/mid 2000s
Wait how ? I’ve heard of sim swappin frm summer 2016 but they used to hit bank acc
Not going to happen in my city in Asia. They require you to come to physical store and verify your physical ID and lots of authenticating
SIM to Phone numbers need to be crypto graphically bound via TLS certificate.
Wouldn’t help in this case since the carrier themselves changed the SIM to phone number association. Passkeys though conveniently provide the sort of cryptographic “bounding” to a device you refer to, and without needing to obtain additional hardware. It’s going to take some time for them to be widely employed in the wild though.
@@MaxPower-11 TLS certs bind a hostname to an IP address with a private key. This mapping cannot be changed until the certificate expires. The same should be done for cell phones.
Does the bank cover that when you have a Sim card swap since they give you codes to sign
That's why 2fa goes to a private code/app. Not your phone lol
What?
@@Michaelengelmann he means use an authenticator app for 2 factor authentication instead of verifying through SMS
Time to require phone companies to verify identify of individuals before changing numbers. Photo ids, fingerprints and pictures taken of people claiming loss of phones, copies of police forms reporting loss? Perhaps new numbers required for sixty day period during which time old phone number would be disabled, alerting owner.
I'm intrigued by how Apple's choice to eliminate the SIM tray from iPhones might influence the security issue on these devices.
SIM swaps work pretty much the same with an e-SIM, except there's a QR code instead of a smart card. This is a carrier-level issue, and neither consumers nor device manufacturers can tackle this effectively.
And some carriers don't make a difference at all between physical sim card and an eSIM. Once you get issued a new one, including maliciously, your old one, be it a physical chip or eSIM registration data, gets revoked.
That's why you keep cash
Any books
What’s the club name?
Yahoo boys of US
Service providers worldwide have safeguards in place to PREVENT this from ever happening ever to anyone. Except for AMERICA where such measures are deemed not only unconstitutional and anti-capitalistic, but downright un- American and possibly communistic by stoically patriotic AMERICAN service providers
sim swaps happen everywhere btw, and cant fully be prevented bcus of insiders at the providers
Great information but I must have missed something. How did they get Terpin's phone in order to get someone to (like a cell phone store employee) to move his number? Did they steal his phone and then put it back before he noticed? Steal his SIM? What steps can someone take to protect themselves besides the obvious of not storing sensitive info on one's phone? Did he not have two-factor authentification? Face recognition? Please excuse me if these seem like naive questions. I didn't grow up with tech and am not an expert in any way......
Don't think they needed his phone to do it you can request to switch number to a new sim if you can 'prove' that you are the owner think of cases where someone may have lost their phone but need their number in a new sim
@@DaHitman123 thank you. I’ve been researching this. Time to call my carrier and put additional security on my account. Something only written in my head!
@@Maggie4Veritaswhat some ppl do is they target which crypto whales are rich , they research them like the feds , or they go into the carriers and request to change using fake ids and info on their target some pay little kids to go steal the store managers iPad which has admin tools which can be used for sims swaps ,
@@DaHitman123yeah you just need the SSN I'm pretty sure
I'm surprised why at this day and age, online accounts can't be secured by fingerprint. It should at least be an option.
Seeing as we all have smartphones with fingerprint scanners, it should be possible to lock at least some account features with a fingerprint
but imagine the company that hosts the data of your biometrics on their site gets hacked, now not only do they have all of your digial info but hey now have a copy of somehing physical from you too
Biometrics is now out. The scan of your face secures your access. It is very secure. Even better than fingerprints.
Apple has a new security program out that does not allow easy access to your iPhone if you are SIM swapped. But you have to download it and enable it.
In most cases the scammer has to have access to create the new SIM. Verizon has more reliable employees. You get what you pay for AT and T doesn't pay their employees well.
Sanjosemike (no longer in CA)
This scam is perpetrated daily in South Africa with the connivance of the network employees, and it is estimated to cost the victims around $30-40 million annually...
They did this to me too and I lost $50,000. I know it is not as much as this guy but it was my life savings now I am homeless.
You lost $50K in bitcoin? And you literally had no other money?
@@ray-mc-l it was in Ethereum and Polygon/Matic and 1st edition Charzards. and yes could not hold any USD. My government kept printing money causing massive inflation in my county bringing the value to less than half its original value and has continued to progress year after year. luckly I still have my Charizards that 10X its value due to the massive printing.
This is so old. The phone companies require a pin on the account
Having connections to be in crypto must mean legitimacy i guess
Cryptos are the worst
Hardware wallet people!!!! Hardware key!!! It's in your physical hands!
Hardware wallets assume the company that hosts your wallet won't steal your currency. But there is absolutely nothing on earth preventing them from using your coins however they want.
Anyone who did crypto or nfs are 🤡🤡🤡
If you own something that has zero intrinsic value with zero fundamentals, you already lost everything before you started.
Not to mention that the "asset" is impossible to get back, has zero legal recourse if stolen, is uninsured, extremely volatile, and is unregulated. The fact that crypto's value is purely how many US dollars its worth is really telling
So like Fiat currency?
@@cryptorichierich1597 The only non-fiat currency is gold. USD’s are easily traceable, given individual serial numbers, regulated by the US government and the “gold standard” of the world’s currencies.
Even China (the 2nd largest economy in the world) has banned all crypto and accepts USD as legal tender.
Bottom Line: Crypto is primarily bought by children with money from an elders’ inheritance.
Let’s not forget that there’s no country on earth who wants competition with its own currency. In addition, let’s not forget the costs of reconverting crypto back into USD, the short term capital gains taxes on any alleged crypto profits, the maintenance fees the crypto exchanges charge, etc..
By the time you’re done, MAYBE just MAYBE you’ll walk away with 23% net if it’s not stolen along the way.
CRYPTO IS GARBAGE
Just another reason I don’t use crypto
this need at least a few million views that and videos about title fraud
@ironic