SAN JOSE — After admitting to stealing more than $1 million in bitcoin and other online cryptocurrency, a Boston-area man faces 10 years in prison for commandeering victims’ smartphones to access their digital assets, authorities said.
Joel Ortiz, 20, pleaded no contest on Jan. 24 after being charged with 41 counts that included grand theft, identity theft and assorted computer crimes linked to 13 identified victims.
Ortiz’s entered the no contest plea — which has the same effect as a guilty plea — to eight counts involving victims who suffered a tangible monetary loss, and in what is known as a Harvey waiver, accepted restitution responsibilities for the victims in the remaining charges.
He is scheduled for sentencing March 14 and remains in the Elmwood men’s jail, where he has been held on $1 million bail since his arrest in July by the Santa Clara County-based Regional Enforcement Allied Computer Team.
“We are very pleased with the severity of the punishment that will be imposed on Mr. Ortiz,” said Erin West, the deputy district attorney prosecuting the SIM swap cases. “It shows that our court and community values the work REACT is doing to find these thieves all across the United States.”
Ortiz’s arrest was one of the first in the country for “SIM swapping,” and also appears to be among the first convictions involving the technique, where hackers get a mobile phone carrier to transfer access of a targeted person’s phone number from the registered SIM card to one of theirs.
West believes the task force is building a prominent name for itself and has led to more cases she has prosecuted.
“We think that once victims find out these cases will be taken seriously and prosecuted no matter where defendants live, they come forward, and REACT will continue to work on their behalf,” she said.
While some reported SIM swap cases involve internal sabotage — like having a connection at a phone carrier — some impersonators answered security questions by combing through a person’s social media profile, or with phishing emails and chain-style Facebook posts. Having access to text messages allows someone to bypass most digital security barriers to banking, social media and cryptocurrency accounts.
A Santa Clara County resident contacted REACT and recounted how in February 2018, his cellphone carrier, AT&T, told him that someone walked into a store impersonating him and transferred his account to another SIM, and reset some of his email passwords. In March, he noticed his social media and cryptocurrency accounts were accessed, and about $10,000 worth of bitcoin was gone.
Within a few days, the presumed hacker called the victim’s wife and sent text messages to his daughter including the message “TELL YOUR DAD TO GIVE US BITCOIN.”
REACT obtained search warrants to pinpoint the hacker’s SIM and smartphones used to access the man’s accounts, and reportedly discovered Ortiz’s email address was used on one of the hacker phones. Included among the emails was a photo of Ortiz holding his Massachusetts ID card which led to warrants that uncovered other cryptocurrency accounts linked to Ortiz, revealing at least $1.5 million in activity.
Online, Ortiz reportedly flaunted a lavish lifestyle presumably funded by the stolen funds: designer clothing and posh mansion rentals in Los Angeles, where Ortiz was arrested July 12 while trying to fly out of LAX.
Some of the victims linked to Ortiz attended the same May cryptocurrency conference in New York and noticed that unauthorized text messages were sent from their accounts with no monetary loss. Others reported big losses, including one theft of $1.7 million.
Since Ortiz’s arrest, the REACT task force has made other notable SIM swap arrests that included 19-year-old Tracy resident Xzavyer Narvaez, who was implicated by emails found on one of Ortiz’s phones, authorities said.
A June traffic citation in Beverly Hills connected Narvaez to the purchase of high-end sports cars and cryptocurrency accounts that contained as much as $3 million at bitcoin’s peak valuation. He was arrested Aug. 17 and charged for alleged thefts in Santa Clara, Contra Costa and San Diego counties. He is on supervised release in Tracy.
On Sept. 24, Kansas City resident Joseph Harris was arrested in Oklahoma City and later charged with stealing $14 million worth of cryptocurrency tokens from the San Jose-based tech firm Crowd Machine, reportedly by hacking into the smartphone of the company’s CEO. Harris is being held in the Elmwood men’s jail on $1 million bail.
Kalvin Ung was arrested Dec. 20 in Fresno and later charged with a SIM swap ploy targeting 12 victims for a total loss of $500,000, after a Bay Area resident reported a cryptocurrency theft last fall. He is being held without bail at the Elmwood men’s jail.
New York City resident Nicholas Truglia, 21, was arrested in November and implicated in least 11 SIM swap cases across the country after a REACT investigation. Among his reported victims were a San Francisco man who lost $1 million in digital funds he had saved for his daughters’ college education, and a Cupertino resident.
On Nov. 24, REACT detectives and U.S. Secret Service agents went to Truglia’s high-rise condo on 42nd Street in the heart of Manhattan, and during his arrest found a digital hardware wallet containing $300,000 in cryptocurrency.
Truglia, who was extradited to California in December and is being held without bail in the Elmwood men’s jail, is now the target of a lawsuit by one of his reported victims, Los Angeles resident Michael Terpin, who alleges racketeering by Truglia and other presumed co-conspirators. Terpin has also sued AT&T for gross negligence related to security lapses that allowed his SIM swap to occur.
West said that when Truglia was arrested, he recognized the name of the Bay Area task force.
“It’s a small community,” West said of the hackers, “and they know REACT is coming for them.”
Copyright 2019 by The Mercury News
Distributed by Tribune News Service