20-year-old Dawson Bakies of Ohio has been charged with multiple counts of felony Identity Theft, Grand Larceny, Computer Tampering, Scheme to Defraud and other related felony and misdemeanor counts relating to alleged SIM-swap hacks on more than 50 victims across the US.
The indictment of Bakies for SIM-swap hacking at the New York State Supreme Court is the first of its kind in New York.
20-year-old SIM-swap hacker Joel Ortiz became the first accused SIM-hacker to be convicted and sentenced in the US last week when he agreed to a 10-year sentence as part of a plea bargain he made with prosecutors in California.
Ortiz allegedly stole $5 million in crypto from his victims, But Bakies appears to be facing even more charges than Ortiz.
In a SIM-swap hack, culprits contact telecom companies and impersonate their victims. Victims are typically known crypto investors.
Hackers then claim to have lost their phones or to have purchased a new phone and say they need their old SIM-card data “swapped” to the new phone.
Hackers may have scoured the social media profiles of their victims in order to glean adequate personal information to convince the telecoms to make the switch.
Officers at the California-based REACT task force, a dedicated anti-cybercrime force made up of officers from several California police departments, have also said that they suspect “inside jobs” or cooperation in SIM-attacks by some employees at telecoms.
REACT officers have also stated that the task force has been focussing much of its effort honing in on SIM-swap hackers because these types of attacks are becoming more common.
Regarding the Bakies indictment, New York District Attorney Vance states:
“Today my Office is putting the small handful of sophisticated ‘SIM Swappers’ out there on notice. We know what you’re doing, we know how to find you, and we will hold you criminally accountable, no matter where you are. We’re also asking wireless carriers to wake up to the new reality that by quickly porting SIMs – in order to ease new activations and provide speedy customer service – you are exposing unwitting, law-abiding customers to massive identity theft and fraud. I encourage victims, members of the hacking community, and wireless company employees who are aware of SIM swapping schemes to report them directly to our Cybercrime and Identity Theft Bureau at 212-335-9600.”
Also according to the Vance office release, Bakies’ prolific attacks were nonetheless short-lived:
“(B)etween October 2018 and December 2018, BAKIES fraudulently ported the cell phone numbers of at least 50 different individuals across the United States to multiple iPhones…(He)circumvented two-factor authentication security measures to access the victims’ online accounts, by requesting that recovery codes be sent to the phone numbers already associated with those online accounts – phone numbers which he now controlled.”
Among Bakies 50 alleged victims were three who reside in Manhattan:
“(Bakies) accessed 18 online accounts belonging to three Manhattan-based victims, including their Google accounts and several cryptocurrency accounts, and changed the passwords on the accounts in order to prevent the victims from regaining control. BAKIES stole approximately $10,000 in cryptocurrency from these three victims. BAKIES further attempted to extort one of the victims by demanding a ransom to be paid in Bitcoin.”
Manhattan DA investigators, Columbus Police and NYPD, reportedly recovered an iPhone 6 used during the arrest:
“A search of the device yielded dozens of text messages containing recovery passwords for the victims’ online accounts. Investigators also recovered a laptop computer, which contained an encrypted drive on which BAKIES stored a document with the file name ‘Hacker Shit!’ This document contained the names of ‘finished targets,’ including the names of the three Manhattan victims, along with their personal identifying information.”
Numerous law enforcement staff cooperated in the investigation and arrest of Bakies or will be involved in his prosecution, including:
- Assistant D.A.s James Vinocur and Benjamen Roth (handling the prosecution of the case under the supervision of Assistant D.A.s Jeremy Glickman and Robert Shull- Deputy Chiefs of the Cybercrime and Identity Theft Bureau).
- Assistant D.A. Elizabeth Roper (Chief of the Cybercrime and Identity Theft Bureau) and Executive Assistant D.A. Michael Sachs (Chief of the Investigation Division).
- Supervising Rackets Investigator Gregory Dunlavey.
- Senior Rackets Investigator Thomas Mullin.
- Analyst Catherine Wigdor.
- High Technology Analysis Unit Deputy Director David Chan.
- Computer Forensic Analyst Douglas Daus.
- NYPD’s Grand Larceny Division.
- The Columbus, Ohio Police Department, particularly Detective Wyatt Wilson.
- U.S. Homeland Security Investigations – New York.
DAWSON BAKIES, D.O.B. 9/17/1998
- Identity Theft in the First Degree, a class D felony, 2 counts
- Identity Theft in the Second Degree, a class E felony, 1 count
- Grand Larceny in the Third Degree, a class D felony, 1 count
- Grand Larceny in the Fourth Degree, a class E felony, 1 count
- Attempted Grand Larceny in the Third Degree, a class E felony, 1 count
- Computer Trespass, a class E felony, 18 counts
- Attempted Computer Trespass, a class A misdemeanor, 6 counts
- Computer Tampering in the Third Degree, a class E felony, 18 counts
- Unlawful Possession of Personal Identification Information in the Third Degree, a class A misdemeanor, 3 counts
- Scheme to Defraud in the First Degree, a class E felony, 1 count