back to article Florida man jailed after draining $1M from victims in crypto SIM swap attacks

A 20-year-old Florida man has been sentenced to 30 months behind bars for his role in a SIM-swapping ring that stole nearly $1 million in cryptocurrency from dozens of victims. Jordan Persad, of Orlando, was also ordered to pay $945,833 in restitution. He pleaded guilty to conspiracy to commit computer fraud on May 1. …

  1. t245t
    Terminator

    How to stay safe from online scams.

    Use a unique mobile phone number and email for your banking. Never give this out or use it for registering with any other service.

    1. Headley_Grange Silver badge

      Re: How to stay safe from online scams.

      And change your email address every day. Also change your bank every week and your name every month. Move house at least once a year.

      1. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    $1M

    On paper maybe, but real cash value?

    Is crypto worth anything?

    1. jmch Silver badge
      Boffin

      Re: $1M

      Given that the criminals could (and potentially did - not completely clear from the article but mentions seizures and restitution in US$) go to an exchange and sell crypto for USD, yes it has real cash value. Any mainstream crypto (Bitcoin, Ethereum, Token etc) has very high trading volumes on exchanges and (relatively to 'smaller' tokens) less volatility. Trading $1million is actually small fish as a trading amount on a big exchange, and particularly if done in smaller batches would not significantly change the crypto-to-USD exchange rate. Of course the higher the nominal value, and the less the market cap of the token, the more difficult / lossy it might be to convert to harder currency.

      But that's the same if you're dealing with any other fiat currency that is issued by a smaller / marginal or sanctioned country. In the end 'real cash value' simply means 'can you buy stuff that you want with it'? (even if 'stuff you want' is other currency)

    2. Jedit Silver badge
      Devil

      "Is crypto worth anything?"

      Look, it's not as concise a headline as "Man jailed for 30 months for stealing nothing from robbery victims and selling it to another sucker".

  3. Casca Silver badge

    Sadly it is the wrong Florida man who got thrown in jail

  4. Christoph
    Flame

    he obtained log files of people's email address and password combinations

    They should also be jailing whoever is logging people's passwords!

    1. Frank Bitterlich

      At first I thought that was a mis-transcription or something, meaning he bought login creds on the darknet; but it's actually there in the plea agreement, a direct statement. Looks like some morons really log passwords. (A few days ago I read about someone logging *failed* login attempts, here on The Reg; don't remember the actual article. [No, it was not BOFH.])

      And yet I still have to give five-minute explainers to people on why they should not reuse passwords. Sigh.

      1. Claptrap314 Silver badge
        Mushroom

        I can actually go one better. I they logged credit card information. Enough that when I had to redo a transaction, I pulled everything from the logs. Yes, I mentioned it immediately when I saw it on my second day.

        1. Bebu Silver badge
          Windows

          Who need poor personal cyber-hygene when...

          《I they logged credit card information. Enough that when I had to redo a transaction, I pulled everything from the logs.》

          Isn't logging the CC number, card holder's name, expiry date and CVE a complete breach of the card provider's merchant terms of service? In some jurisdictions seriously illegal, I suspect.

          Glad I use a prepaid debit card with sod all on it, if this is typical of the shenanigans in which online merchants engage.

          1. Michael Wojcik Silver badge

            Re: Who need poor personal cyber-hygene when...

            Pretty sure it's a PCI violation, anyway.

            Even logging usernames is a risk, because it's easy for touch-typists to get the focus wrong and accidentally submit their password as their username. Sometimes client-side validation can prevent that mistake (by blocking submission if the username isn't in the correct format, for example), but it still happens too often.

            There again having unique, strong passwords helps, because the effort of matching the incorrectly-submitted password to an account is higher. (Often it'll be an account that successfully logs in shortly after, but at least a unique password won't help with naive credential-stuffing attacks.)

      2. Anonymous Coward
        Anonymous Coward

        Logging failed login attempts does make sense. I spotted someone trying to log into an immortal account on my MUD that way once, and I'm sure it's a common way to look for brute-force attempts on more important systems.

        Don't log the incorrect password, though; if it's a legitimate user who made a typo, you just recorded something very close to their password.

        Likewise, if the username doesn't exist, it might be a bad idea to log the incorrect username. Ever accidentally typed your password into the username field?

        1. Michael Wojcik Silver badge

          It might be a good idea to log a hash of the supplied username. That can be matched against hashes of known usernames, and compared for multiple attempts to use the same username (to detect credential-stuffing).

  5. Kevin McMurtrie Silver badge

    Joke's on the criminal

    Are any victims getting more money as restitution than if it hadn't been stolen?

  6. Anonymous Coward
    Anonymous Coward

    Lesson - don't use crypto!

    Note that all the thefts were cryptocurrency. So if the victim had no crypto to steal, they didn't lose anything (financially; the security breach is still an issue).

  7. Fruit and Nutcase Silver badge
    Alert

    Click bait

    "Florida man"

    I fall for it every time, expecting a story about a different "Florida man"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like