A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on trends including SIM-swapping attacks.
The UK's Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced at Norwich Crown Court on Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order.
In April 2018, a routine visit was conducted to Gunton's home with respect to the Sexual Harm Prevention Order that was imposed in 2016 for past offenses.
During the inspection, law enforcement found software which indicated the teenager may be involved in cybercrime, and the further investigation of a laptop belonging to Gunton and seized by police revealed that he had been offering himself as a provider of hacking services.
Specifically, Gunton offered to supply stolen personal information to those that hired him. This information, which could include personally identifiable information (PII) such as names, addresses, and online account details, could then be used to commit fraud and SIM-swapping attacks.
The theft and sale of PII is a commonplace occurrence today. However, SIM-swapping attacks are a relatively new phenomenon.
In order to conduct a SIM-swap, a fraudster will obtain some PII from a target and then call up their telephone subscription provider while pretending to be the true owner of the account. Social engineering then comes into the mix to convince the operator to switch the telephone number belonging to the victim to the attacker's control.
It might only be a short window in which the victim does not realize their number has been transferred, but this time frame can be enough for an attacker to bypass two-factor authentication (2FA), intercept calls and text messages, request password resets, and compromise online accounts ranging from email addresses to cryptocurrency wallets.