SIM swapping victim Michael Terpin wrote an open letter to the United States Federal Communication Commission (FCC) Chairman Ajit Pai.
In his letter, posted by Coindesk on Oct. 21, Terpin requested that the regulator take decisive action against SIM swapping and end this type of fraud.
Terpin proposes to force all U.S. mobile carriers to hide customer pins and passwords from employees and oblige them to inform its customers that they can opt-in to carrier high-security plans, which must include a “no port” option, meaning that a consumer would have the choice to go through the fraud department before the SIM information gets ported to a new phone.
Terpin himself claims that he lost $24 million worth of cryptocurrencies as a result of two SIM swap attacks that occurred over the course of seven months.
SIM swapping is the process of scamming a telecom provider into transferring the victim’s phone number to a SIM card held by the attacker. These SIM cards can be bought on eBay and plugged into a burner phone. Once the phone number is transferred, the hacker can reset passwords for valuable and private services like cryptocurrency wallets and email accounts. Samy Tarazi, a sergeant at the Santa Clara County Sheriff’s office said:
“We’re talking about kids aged mainly between 19 and 22 being able to steal millions of dollars in cryptocurrencies […] we’re now dealing with someone who buys a 99 cent SIM card off eBay, plugs it into a cheap burner phone, makes a call and steals millions of dollars. That’s pretty remarkable.”
According to Terpin, more than 50 victims of SIM swapping have reached out to him, all having suffered significant financial losses. Terpin hopes to meet Ajit Pai during the Mobile World Congress Americas in Los Angeles, where both men are invited to speak.
Terpin vs. AT&T
In 2018, Terpin filed a $224 million lawsuit against wireless service giant AT&T, convinced that the telecoms company had provided hackers with access to his phone number. In late July 2019, a judge dismissed the suit, stating that Terpin “fails to sufficiently allege proximate cause. Mr. Terpin does not connect how granting the hackers/fraudsters access to Mr. Terpin’s phone number resulted in him losing $24 million.”
In May, Terpin won a civil case against Nicholas Truglia, the alleged hacker who actually perpetrated the SIM swap and subsequent crypto theft. The California Superior Court ordered Truglia to pay over $75 million in compensatory and punitive damages.
More recently, a California resident Seth Shapiro filed a lawsuit against AT&T for the same reasons, alleging that its employees helped to perpetrate a SIM-swap which resulted in the theft of over $1.8 million in total, including cryptocurrencies.