T-Mobile is not immune to the fallout from SIM swap attacks just yet, as a newly released report from SecurityWeek shows the carrier must pay a $33 million arbitration award.
California law firm Greenberg Glusker claims that numerous security failures led to this legal battle and that the ruling has been kept hidden since the Fall of 2023.
“SIM swapping has been an unchecked security flaw for years. Carriers like T-Mobile have known about it and failed to take basic precautions. This award makes it clear: they must do better,” Greenberg Glusker’s Paul Blechner said.
How did the hacker gain access to SIM swap?
According to the law firm (via SecurityWeek), an individual entered T-Mobile’s systems through unknown means and gained access to Joseph “Josh” Jones’s account. The attacker then had a T-Mobile employee swap Jones’s phone number into their SIM card on February 21, 2020, and stole over 1,500 Bitcoin and roughly 60,000 Bitcoin cash from Jones, valued at $38 million at the time of the attack. The attacker also bypassed Jones’s eight-digit security PIN.
Jones had made his fortune after creating Bitcoin Builder, a platform meant to help users of a collapsing cryptocurrency exchange dubbed Mt. Gox exchange their digital Mt. Gox coins for Bitcoin. Numerous sources reported on the hack at the time, with an editorial piece in Toronto Life detailing the entire debacle but not its cause.
T-Mobile has since implemented much stronger sim swap protections, hopefully avoiding similar situations in the future.
It all came crashing down
Three months later, the FBI identified the attacker as a 17-year-old diagnosed with ADHD. Through his online friends, the minor learned about SIM swapping and other nefarious online deeds, through which he met Nima Fazeli and Joseph O’Connor. The pair and other online hackers hijacked dozens of Twitter accounts in 2020 through a similar SIM swap hack.
That incident involved numerous high-ranking individuals, including Bill Gates, Jeff Bezos, Joe Biden, Elon Musk, and Mike Bloomberg. It all goes to show that even fame and fortune can’t protect you from determined hackers who want a slice of your pie.
