In August, 20-year-old Noah Michael Urban was sentenced to 10 years in federal prison for a range of crimes, including SIM swapping. More details have now appeared about this cybercriminal, who deceived AT&T and T-Mobile employees to harm their customers.
Noah wasn't a hacker, but rather a highly skilled social engineer. He gained employee credentials to break into confidential systems. He stole information to gain unauthorized access to cryptocurrency accounts of victims.
In a long report published by Bloomberg, we are told about how easy it was for teenagers with no coding skills to conduct SIM swap attacks. These attacks allow criminals to transfer a victim's phone number to a SIM card they possess, allowing them to access multi-factor authentication codes, which are required to authenticate log-ins.
Noah was a member of the notorious cybercriminal group Scattered Spider, which attacked and extorted a dozen companies in the US and UK.
Born in 2004, Noah first heard of SIM swapping when he was 15, through people he met while playing Minecraft. He was well-versed in the art of tricking carrier employees to carry out his orders. He worked as a caller for Scattered Spider and was paid $3,000 by a gang leader in his first week by using his conversational skills to deceive victims into revealing personal information.
He was very, very good at tricking employees into swapping victim phone numbers and obtaining personal information on folks so he could commit crime.
–Douglas Olson, Special Agent in Charge
The teen wasn't cash-strapped and came from a fairly affluent family. The adrenaline rush that SIM swapping provided was hard to resist. His accomplices also gave the socially awkward kid a sense of community.
Noah was friends with Daniel Junk, who was sentenced last year for stealing millions of dollars in cryptocurrency using SIM swapping. They were part of a group known as the Com, which was affiliated with Scattered Spider.
Com members used to approach people they perceived as the "easiest-to-fool" AT&T and T-Mobile call center employees. They also hired kids to steal the iPads of phone store representatives.
Junk learned how to register his personal computer to T-Mobile's network and use remote-access software to access its SIM-activation tool. He would remain logged in for months, only losing access when T-Mobile kicked him out.
Recommended Stories
Noah was hired by Junk to call store staff and talk them into handing over their login details. He pretended to be an information technology employee on these calls, reading out from a script Junk prepared.
Are you alarmed at how easy it was breach to AT&T and T-Mobile?
Not at all.
37.5%
Yes, had no idea it could be this bad.
50%
I am only shocked that non-coders pulled this off.
12.5%
Eventually, Noah started employing his own callers, paying them anywhere between $60 and $1,000 for a successful login, depending on the level of security at the company they were breaking into. Those who convinced employees to install a remote-access tool were paid as much as $4,000.
By 2022, Noah was already a millionaire. The nature of his crimes continued to evolve until one of them finally led to a raid at his house and a year later, his arrest in 2024.
Cops seized nearly "$4 million in cryptocurrency, $100,000 in cash, and $100,000 worth of jewelry" from him. He was under the FBI's radar since 2021, when he was flagged as a "low-level participant in SIM swapping."
Even though he had no technical skills, he was recognized as one of the top swappers by law enforcement agencies. Investigators said he was adept at getting employees to swap phone numbers and obtaining sensitive information.
Noah was charged with hacking 13 companies, including AT&T, T-Mobile, and Verizon. He pleaded guilty, and his lawyer tried to defend him by claiming he was influenced by older co-conspirators, and that SIM swapping appeared more like a game than a serious crime to him. To make her point, the lawyer highlighted that even large corporations like AT&T and T-Mobile were outsmarted by teenage kids.
...but there were Fortune 500 companies like AT&T and T-Mobile who were essentially tricked by a bunch of teenage kids.
–Kathryn Sheldon, Noah's lawyer
Noah apologized for his crimes, but that didn't move the judge enough to let him walk away after a few years in jail. He was sentenced to 10 years in prison.
With law enforcement tightening the noose around cybercriminals and carriers bolstering their security, customers shouldn't let the recent reports cause them anxiety.
"Iconic Phones" is coming this Fall!
Rediscover some of the most unique and memorable phones of the last two decades! "Iconic Phones" is a beautifully illustrated book that we've been working on for over a year - and it's coming out in just a couple short month!
"Iconic Phones: Revolution at Your Fingertips" is a must-have coffee table book for every phone lover out there. Covering the stories of more than 20 fan-favorite phones, it takes you on a memorable journey through the technological revolution that shaped our lives. Sign up now to secure an early discount price!
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: