Two Men Facing Federal Indictment in Maryland for Scheme to Steal Digital Currency and Social Media Accounts Through Phishing and “Sim-Swapping” | USAO-MD

Baltimore, Maryland – A federal grand jury has indicted Jordan K. Milleson, age 21, of Timonium, Maryland, and Kyell A. Bryan, age 19, of Kingston, Pennsylvania, on the federal charges of Wire Fraud, Unauthorized Access to Protected Computers in Furtherance of Fraud, Intentional Damage to Protected Computers, Aggravated Identity Theft, and Wire Fraud Conspiracy, in connection with their unauthorized takeovers of victims’ wireless phone and other electronic accounts and to steal digital currency and valuable social media accounts.  The superseding indictment was returned on September 9, 2020, and was unsealed today at Bryan’s initial appearance.  Milleson was arrested on July 29, 2020, and was ordered to be detained pending trial.

The superseding indictment was announced by United States Attorney for the District of Maryland Robert K. Hur; Special Agent in Charge John Eisert of Homeland Security Investigations (HSI) Baltimore; and Chief Melissa R. Hyatt of the Baltimore County Police Department.

According to the 15-count superseding indictment, from September 23, 2017, through January 27, 2020, Milleson registered fraudulent Internet domains, sent “phishing” e-mails, and took over wireless phone numbers in order to steal digital currency and valuable social media accounts.  On June 25 and 26, 2019, Milleson and Bryan conspired to execute a scheme to take over individuals’ electronic accounts and steal digital currency for their own financial gain. 

Specifically, the indictment alleges that Milleson was a computer “hacker” who accessed computers, computer networks, and electronic accounts without authorization in order to perpetrate the alleged fraud schemes, and that Bryan participated in some of the unauthorized takeovers of wireless telephone, electronic, and financial accounts that were part of the fraud schemes.

As detailed in the superseding indictment, Milleson allegedly set up Internet domains and fraudulent websites, designed to appear to be legitimate websites belonging to wireless providers, but which were intended to steal account credentials and enabled Milleson, Bryan, and others to access unsuspecting victims’ electronic accounts without authorization.  Milleson used techniques such as phishing and vishing to deceive victims into visiting the fraudulent websites and providing their credentials to access their electronic accounts.  Victims of phishing attacks were generally contacted by e-mail, phone, or text message by persons purporting to be from reputable companies in order to induce victims to reveal confidential information.  Vishing is “voice phishing” where imposters use Internet phone services to trick victims into turning over critical financial or personal information over the phone. 

The superseding indictment alleges that Milleson, Bryan, and others used electronic account credentials stolen from employees and affiliates of wireless providers to access those companies’ computer networks without authorization.  After obtaining access to these networks, the defendants allegedly took over individual victims’ wireless accounts through “SIM swapping,” whereby customers’ mobile numbers, which are linked to unique subscriber identity modules (“SIM”), were instead linked to a SIM installed in a device controlled by the defendants or their co-conspirators.  Once the defendants gained control over the victims’ mobile phone numbers, they were often able to also gain unauthorized access to victims’ other electronic accounts, including e-mail, social media, and cryptocurrency accounts.  The defendants would frequently change the passwords to keep the victims from accessing their own accounts.

As a result of these criminal activities, Milleson allegedly took over the social media accounts of two victims, one of whom had thousands of followers and had monetized their account through sponsored links, product placements, and product reviews.  The superseding indictment alleges that Milleson and Bryan, after conducting a successful SIM swap, were also able to steal more than $16,000 from the digital currency account of another victim after obtaining unauthorized access to that victim’s user accounts.

As detailed in the superseding indictment, on June 26, 2019, Bryan anonymously called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence.  During the call, Bryan, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him.  This call was a “swatting” attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response—thereby causing a life-threatening situation.  The superseding indictment alleges that Bryan perpetrated the swatting attack in retaliation for Milleson failing to share the proceeds of the digital currency theft.

If convicted, the defendants faces a maximum sentence of 30 years in federal prison for each count of wire fraud and wire fraud conspiracy; a maximum of 5 years in federal prison for each count of unauthorized access of a protected computer in furtherance of fraud; and a mandatory two years in prison, consecutive to any other sentence imposed, for each count of aggravated identity theft.  Milleson also faces a maximum of 10 in federal prison for each count of intentional damage to a protected computer.  Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.  At today’s initial appearance in U.S. District Court in Baltimore, U.S. Magistrate Judge Beth P. Gesner ordered that Bryan be detained pending trial.

An indictment is not a finding of guilt.  An individual charged by indictment is presumed innocent unless and until proven guilty at some later criminal proceedings. 

United States Attorney Robert K. Hur commended HSI and the Baltimore County Police Department for their work in the investigation and thanked the Manhattan, New York, District Attorney’s Office for its assistance.  Mr. Hur thanked Assistant U.S. Attorneys Zachary A. Myers and Christopher M. Rigali, who are prosecuting the case.

# # #

Source link

Author: Editor
The website is owned by STL.News, LLC. However, the website is hosted, designed, and maintained by WebTech Group, a web host, and design agency based in St. Louis, Missouri. USDOJ.Today focuses on aggregating content from the US Attorney's Offices around the country. STL.News uses this content to publish national news at https://STL.News