Noah wasn’t a hacker, but rather a highly skilled social engineer. He gained employee credentials to break into confidential systems. He stole information to gain unauthorized access to cryptocurrency accounts of victims.
In a long report published by Bloomberg, we are told about how easy it was for teenagers with no coding skills to conduct SIM swap attacks. These attacks allow criminals to transfer a victim’s phone number to a SIM card they possess, allowing them to access multi-factor authentication codes, which are required to authenticate log-ins.
Noah was a member of the notorious cybercriminal group Scattered Spider, which attacked and extorted a dozen companies in the US and UK.
Born in 2004, Noah first heard of SIM swapping when he was 15, through people he met while playing Minecraft. He was well-versed in the art of tricking carrier employees to carry out his orders. He worked as a caller for Scattered Spider and was paid $3,000 by a gang leader in his first week by using his conversational skills to deceive victims into revealing personal information.
He was very, very good at tricking employees into swapping victim phone numbers and obtaining personal information on folks so he could commit crime.
–Douglas Olson, Special Agent in Charge
Noah was friends with Daniel Junk, who was sentenced last year for stealing millions of dollars in cryptocurrency using SIM swapping. They were part of a group known as the Com, which was affiliated with Scattered Spider.
Com members used to approach people they perceived as the “easiest-to-fool” AT&T and T-Mobile call center employees. They also hired kids to steal the iPads of phone store representatives.
Junk learned how to register his personal computer to T-Mobile‘s network and use remote-access software to access its SIM-activation tool. He would remain logged in for months, only losing access when T-Mobile kicked him out.
Noah was hired by Junk to call store staff and talk them into handing over their login details. He pretended to be an information technology employee on these calls, reading out from a script Junk prepared.
Eventually, Noah started employing his own callers, paying them anywhere between $60 and $1,000 for a successful login, depending on the level of security at the company they were breaking into. Those who convinced employees to install a remote-access tool were paid as much as $4,000.
By 2022, Noah was already a millionaire. The nature of his crimes continued to evolve until one of them finally led to a raid at his house and a year later, his arrest in 2024.
Cops seized nearly “$4 million in cryptocurrency, $100,000 in cash, and $100,000 worth of jewelry” from him. He was under the FBI’s radar since 2021, when he was flagged as a “low-level participant in SIM swapping.”
Even though he had no technical skills, he was recognized as one of the top swappers by law enforcement agencies. Investigators said he was adept at getting employees to swap phone numbers and obtaining sensitive information.
Noah was charged with hacking 13 companies, including AT&T, T-Mobile, and Verizon. He pleaded guilty, and his lawyer tried to defend him by claiming he was influenced by older co-conspirators, and that SIM swapping appeared more like a game than a serious crime to him. To make her point, the lawyer highlighted that even large corporations like AT&T and T-Mobile were outsmarted by teenage kids.
…but there were Fortune 500 companies like AT&T and T-Mobile who were essentially tricked by a bunch of teenage kids.
–Kathryn Sheldon, Noah’s lawyer
#ATT #TMobile #customers #suffered #carriers #tricked #teenagers #werent #coders