US Lawmakers Urge FCC to Step Up Its Action Against SIM Swaps

Published at: Jan. 10, 2020

United States lawmakers have appealed to the Federal Communications Commission (FCC) to hold telecoms providers to account for failing to protect consumers against SIM swap attacks.

SIM-swapping — alternatively known as a port-out scam — involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms use automated messages or phone calls to handle customer authentication.

On Jan. 9, six Democrats from the U.S. House of Representatives and Senate sent a letter to FCC Chairman Ajit Pai, requesting that the agency impose more robust requirements on mobile carriers to mitigate the risks of such attacks.

“Consumers have no choice but to rely on phone companies to protect them”

The lawmakers’ letter reveals that the number of complaints pertaining to SIM swaps has increased from 215 in 2016 to 728 through November 2019, according to the Federal Trade Commission. They note that consumer complaints usually reflect just a small fraction of the actual number of total incidents.

They further point to a November 2019 Wall Street Journal report claiming that a law-enforcement task force in Santa Clara County had revealed it was aware of over 3,000 SIM swap victims, accounting for $70 million in losses nationwide.

In some cases, as the lawmakers underscore, SIM swaps are successful thanks to corrupt telecoms firm employees. While additional security measures — i.e. requiring customers to show IDs in-store to conduct SIM swaps — have been adopted by some carriers in the U.S. and abroad, their implementation in the states allegedly remains “spotty and consumers are unlikely to find out about the availability of these optional security features until it is too late.”

Aside from risks to consumers, the letter argues that such attacks may endanger national security, noting that “countless [...] U.S. government websites used by millions of Americans either allow password resets via email or support two-factor authentication via SMS, which can both be exploited by hackers using SIM swaps.”

The lawmakers posed eight questions to the FCC, among them how many SIM swap incidents it had received, if indeed it had tracked them, as well as inquiries into its coordination with third parties such as banks and its regulations over mobile carriers’ reporting to law enforcement.

Repeated failures

The prevalence of SIM-swapping has brought telecoms firms — gatekeepers of user identity data — under increasing pressure for their alleged complicity in the crime.

AT&T, for example, has faced more than one lawsuit accusing it of repeatedly failing to protect user accounts in violation of the Federal Communications Act.

One plaintiff, tech advisor Seth Shapiro, today accused AT&T of marshaling a “host of red herring whataboutism inquiries" in its December motion to dismiss a lawsuit over its role in indirectly facilitating the theft of over $1.8 million in cryptocurrency from Shapiro’s accounts.

Michael Terpin — another blockchain and crypto investor who filed a SIM-swapping-related lawsuit against AT&T — told Cointelegraph that the biggest risk to crypto investors “is that major phone companies promise you security and don't deliver it.”

Tags
USA
Related Posts
How will DOJ’s new crypto enforcement team change the game for industry players, good and bad?
On Oct. 6, the United States Department of Justice, or DOJ, announced the creation of a specialized unit, the National Cryptocurrency Enforcement Team, or NCET, tasked with prosecuting criminal misuses of digital assets and crypto infrastructure, as well as tracing and recovering the ill-gotten cryptocurrency. The move continues the U.S. authorities’ push to disrupt the corners of the crypto ecosystem that are thought to facilitate illicit activity, such as ransomware attacks. What does the government’s crypto enforcement ramp-up hold for the larger digital asset space? Pooling crypto expertise The new unit will operate according to the principles articulated almost exactly …
Regulation / Oct. 15, 2021
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
$6.4M Worth of FSN Tokens Stolen From Fusion Network’s Swap Wallet
Fusion Network’s token swap wallet was compromised. Roughly a third of FSN tokens was stolen as a result. Fusion Foundation announced in a Medium post published on Sept. 29 that its swap wallet was compromised, which resulted in the theft of 10 million native FSN and 3.5 million Ethereum (ETH)-based ERC-20 FSN tokens. The total worth of stolen FSN tokens was estimated at around $6.4 million at that time. The Foundation’s investigation has not revealed any other affected wallets so far. The alleged cybercriminal reportedly started to launder the coins already: “After the currency was stolen, abnormal wash-trading behaviour occurred, …
Altcoin / Sept. 29, 2019
Texas Securities Commissioner Issues Cease and Desist Order to Crypto Investment Firm
The Securities Commissioner of the U.S. State of Texas has issued an Emergency Cease & Desist Order (C&D) against crypto investment firm My Crypto Mine and its principal Mark Steven Royer, published to the regulator’s website Nov. 27. The C&D claims that “sufficient evidence has been found” to substantiate that Royer, “acting on behalf of a white-collar criminal [Bruce Bise] and disbarred attorney [Samuel Mendez], offered tokens that are now nearly worthless” via a crypto investment scheme dubbed “BitQyk.” The document does not disclose details surrounding Bise’s status as a “white collar criminal,” but states that Mendez was disbarred as …
United States / Nov. 28, 2018
Developers need to stop crypto hackers — or face regulation in 2023
Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary. Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a …
Bitcoin Regulation / Nov. 3, 2022