back to article Crims hacked accounts, got phones, resold them – and the Feds reckon they've nabbed 'em

A dozen people have been indicted in America for allegedly fencing more than $1m in smartphones and other kit obtained via hacking and fraud. Geoffrey Berman, the US Attorney for the Southern District of New York, and Angel Melendez, the Special Agent in charge of the New York Office of the US Immigration and Customs …

  1. Version 1.0 Silver badge

    Looks like they were chasing Hispanic victims - another side effect of current American immigration policies, if you are an immigrant and you get ripped off then you'll probably just keep quiet and not complain to the police. These days, in the US, they can kick you out if you've ever committed or been accused of a crime - speeding, littering etc.

    1. Anonymous Coward
      Facepalm

      Looks like they were chasing Hispanic victims?

      Looks like they were chasing Hispanic victims .. These days, in the US, they can kick you out if you've ever committed or been accused of a crime - speeding, littering etc.” Version 1.0

      How about they apply for an Employment Authorization Document (EAD), provide the paperwork and then legally enter the country. Instead of jumping the queue, having children in the US and then expecting the US to automatically grant them residency.

      This reminds me of the French Interior Ministers responce to the massive influx of migrants from North Africa that were allowed to travel unimpeded across Europe to Calias. Why don't HM gov open the border and take *their* refugees. ref

  2. GnuTzu
    WTF?

    Question about Impersonation/Spoofing

    In brief: Is it possible to intercept calls to a particular number? If not, would it be possible to enforce caller ID in the central office (or whatever the modern equivalent is)?

    I was thinking about this this morning. I have some knowledge of old-school telephony and SS7 and have been arguing for some manner of SS7 proxy. But, now I realize that such a proxy would need some way to enforce the association between phone and phone number (which I think would involve some manner of phone identifiers that are cryptographically signed). If there isn't some protected registry of what phone is assigned which number, then don't the CO's just trust whatever the phone claims to be--and doesn't that mean I could start taking your calls? If true, that's a serious fundamental problem of hideously stupid proportions--i.e. I more dumbfounded than ever.

    Does anyone have any insight on this or possibly a link to relevant details?

    1. JimboSmith Silver badge

      Re: Question about Impersonation/Spoofing

      Is it possible to intercept calls to a particular number?

      If you're a three letter agency then yes no problem I believe. Bit harder if you're a criminal I think. You've got to spoof both the IMEI and the IMSI and take the target phone off the network.

    2. Wzrd1 Silver badge

      Re: Question about Impersonation/Spoofing

      CallerID can be trivially spoofed.

      While it wouldn't take much to intercept and block a spoof, the will to implement along with the associated cost is lacking in the US.

      Let the buyer beware is the current guidance of this administration and many previous ones.

      Leaving one to wait until crimes accumulate into the millions or utilizing a Rob Roy defence and paying for it when arrested, as authorities are "tough on crime".

      Aka, Catch-22.

      I say, pull the teeth, feed the hogs.

  3. frank ly

    security?

    "... using social security numbers belonging to a person with the same name as the fraudster to acquire phones using the victim's credit."

    I assume that's the victim's credit account with the phone/service provider. Is that the fault of using the social security number as an identifier or the processes of the provider, or perhaps both?

  4. Anonymous Coward
    Facepalm

    Cyber-criminals nabbed through IP addresses.

    "To take down the alleged ring, authorities executed a search warrant on a residence in Mt Vernon, New York, on August 15, 2017. Two IP addresses linked with the residence were associated with at least 3,300 cell phone accounts at an unidentified service provider."

    I think these cyber-criminals somehow didn't understand how TCP/IP actually worked.

  5. Alan Brown Silver badge

    Um......

    "Two IP addresses linked with the residence were associated with at least 3,300 cell phone accounts at an unidentified service provider."

    Why the FUCK didn't the "unidentified cellular service provider" loss prevention team flag this as suspicious?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like