BOSTON – A Brockton man pleaded guilty today to conducting a scheme to take over victims’ social media accounts and steal hundreds of thousands of dollars in cryptocurrency.
Eric Meiggs, 23, pleaded guilty to one count of conspiracy, four counts of wire fraud, one count of computer fraud and abuse and one count of aggravated identity theft.
Meiggs and co-conspirators targeted victims who likely had significant amounts of cryptocurrency and those who had high value or “OG” (slang for “Original Gangster”) social media account names. Using an illegal practice known as “SIM-swapping,” Meiggs and others conspired to hack into and take control of these victims’ online accounts to obtain things of value, including OG social media account names and cryptocurrency.
As alleged in the indictment, “SIM swapping” attacks involve convincing a victim’s cell phone carrier to reassign the victim’s cell phone number from the SIM card (or Subscriber Identity Module card) inside the victim’s cell phone to the SIM card inside a cell phone controlled by the cybercriminals. Cybercriminals then pose as the victim with an online account provider and request that the provider send account password-reset links or an authentication code to the SIM-swapped device now controlled by the cybercriminals. The cybercriminals can then reset the victim’s account log-in credentials and use those credentials to access the victim’s account without authorization, or “hack into” the account.
According to the indictment, Meiggs and his co-conspirators targeted at least 10 identified victims around the country. Members of the conspiracy stole (or attempted to steal) more than $530,000 in cryptocurrency from these victims. Meiggs also took control of two victims’ “OG” accounts with social media companies.
The charge of conspiracy provides for a sentence of up to five years in prison, three years of supervised release and a fine of up to $$250,000. The charge of wire fraud provides for a sentence of up to 20 years in prison, three years of supervised release and a fine of up to $250,000. The charge of computer fraud and abuse provides for a sentence of up to five years in prison, three years of supervised release and a fine of up to $250,000. The charge of aggravated identify theft provides for a mandatory sentence of two years in prison to be served consecutive to any other sentence imposed, up to one year of supervised release, and a fine of $250,000. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.