Late last week, The Financial Crimes Enforcement Network (FinCEN) published FIN-2019-G001, which contains new guidance discussing how FinCEN regulations related to money services businesses apply to certain business models involving convertible virtual currencies (CVCs). On the same day, FinCEN issued FIN-2019-A003, an advisory that highlights suspicious activity and red flags associated with the exploitation of CVCs for money laundering, sanctions evasion and other illicit financing purposes.
Also last week, nine individuals connected to an "SIM Hijacking" group were charged with conspiracy to commit wire fraud and aggravated identity theft in the Eastern District of Michigan. SIM Hijacking involves hacking a phone number to exploit "two-factor authentication" and intercept text messages with the security codes required to access the target's bank or cryptocurrency accounts. The defendants allegedly facilitated the SIM Hijacking by bribing an employee of a mobile phone provider or by contacting a mobile phone provider's customer service posing as the victim. Three of the nine defendants named in the complaint were employees of major mobile phone providers and are reportedly the first telecommunications employees to be indicted in an SIM Hijacking case. In other SIM Hijacking news, late last week a court awarded one of the largest court judgments to an individual in the cryptocurrency space. A cryptocurrency investor won $75.8 million in a civil judgment against a 21-year-old who used SIM Hijacking to steal 3 million crypto tokens, worth roughly $23.8 million at the time, from his cellphone account in early 2018.
According to recent reports, two American companies that claimed to help victims regain access to their computers after a ransomware attack by using the latest technology regularly made bitcoin ransom payments to hackers and passed off the costs to the victims. Payments by one of the companies were reportedly traced to bitcoin wallets that are now banned by the U.S. Treasury Department due to sanctions against Iran. In some instances, the victims that unknowingly pay the ransom through these companies are public agencies ‒ thus taxpayer money may be providing support to cybercriminals in U.S.-sanctioned countries.
To read more about the topics covered in this week's post, see the following:
- Advisory on Illicit Activity Involving Convertible Virtual Currency
- Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual Currencies
- Nine Individuals Connected to a Hacking Group Charged With Online Identity Theft and Other Related Charges
- AT&T Contractors and a Verizon Employee Charged With Helping SIM Swapping Criminal Ring
- S. investor awarded $75 million in cryptocurrency crime case
- Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.