A group of criminals was recently busted when the FBI figured out that they were stealing cryptocurrency. This type of cyber crime is not unusual, but here’s the kicker: They were making their plans through the game Call of Duty.
The Chicago Sun-Times broke the story and obtained the court filing. In it, the FBI claims that these people stole more than $3 million in cryptocurrency, including Ethereum tokens. They coordinated all of this through Call of
Apparently, the two men said that they were approached via Call of Duty’s in-game voice chat feature. They were asked if they were interested in joining the scheme. In fact, they claim that they were actually forced to do so; if they didn’t join, they say they were threatened with “SWATing” (when a person makes up a criminal report against a target, which, in turn, causes heavily armed law enforcement to show up at that person’s home).
This, of course, is terrifying for the SWATing victim and a big waste of law enforcement’s time. It can even be deadly, depending on the severity of the falsified criminal report.
The men who were caught up say that they were given some basic information about potential victims, including their names and telephone numbers. Once they had the information, they performed an internet search, looking at things like the victims’ social media channels to pull any and all public information, such as their address. With this info, they utilized a process of social engineering to get access to people’s cell phone accounts.
What we don’t know yet is precisely how all of this was done. We can presume that they used the information they found to pretend to be their victims. Then, they contacted the victims’ cell phone companies and claimed that they had lost access to their phones and needed help. When this was done, they could take over the phone accounts of the victims.
The criminals could then get into the victims’ cryptocurrency accounts and take the money. The FBI estimates that more than 100 people were victims of this scam, which equates to about $3.3 million in cryptocurrency.
It is not totally clear how accessing the victim’s cell phones gave them access to the cryptocurrency, but it sounds like it could be a SIM swapping attack. This is where the attacker doesn’t require physical access to the actual phone, but just access to the account. Once they have this, they can switch the number to a different phone—one that they have total control over.
Either way, it’s a pretty sophisticated scam, and highlights the importance of keeping your social media channels private, being careful about what you post online, and generally ensuring you have the tools necessary to protect your online privacy.
The two men who are mentioned in the affidavit claim that they are actually victims given they were forced into it. So far, the FBI has not charged them with any crime.
Need to unblock Call of Duty at school or work? Hotspot Shield not only protects your online privacy, but it also allows you to access restricted content. See how you can unblock any game at school for free. And try Hotspot Shield today.