Jordan K. Milleson To Serve Two Years For Aggravated Identity Theft
BALTIMORE (WJZ) -- A Timonium man was sentenced last week to serve two years in federal prison, followed by one year of supervised release after pleading guilty to aggravated identity theft, in connecting with schemes to use the identity information of victims to steal digital currency and social media accounts.
Jordan K. Milleson, 20, also has to pay restitution of more than $34,300, according to the statement from the Maryland U.S. Attorney's Office.
Since at least September 2017, Milleson was a hacker who accessed computers, networks and electrometric accounts without permission to perpetrate his schemes, according to the statement.
Milleson set up Internet domains and fraudulent websites, designed to appear to be legitimate websites belonging to wireless providers, but which were intended to steal account credentials and enabled Milleson and his co-conspirators to access unsuspecting victims' electronic accounts without authorization.
He used techniques such as phishing and vishing to deceive victims into visiting the fraudulent websites and providing their credentials to access their electronic accounts. Victims of phishing attacks were generally contacted by e-mail, phone, or text message by persons purporting to be from reputable companies in order to induce the victims to reveal confidential information.
Milleson admitted to authorities he and his co-conspirators used electronic account credentials stolen from employees and affiliates of wireless providers to access those companies' computer networks without authorization. Milleson took over individual victims' wireless accounts through "SIM swapping," whereby customers' mobile numbers, which are linked to unique subscriber identity modules ("SIM"), were instead linked to a SIM installed in a device controlled by Milleson or his co-conspirators. Once Milleson gained control over the victims' mobile phone numbers, he was often able to also gain unauthorized access to the victims' other electronic accounts, including e-mail, social media, and cryptocurrency accounts. Milleson and his co-conspirators changed the passwords to the accounts to prevent the victims from accessing their own accounts.
One of Milleson's victims lost all social media followers on one account and could not advertise to them, losing brand deals, the proceeds of which had been used to pay for college tuition, transportation and groceries.
Milleson admitted that he and his co-conspirators used electronic account credentials stolen from employees and affiliates of wireless providers to access those companies' computer networks without authorization. After obtaining access to these networks, Milleson took over individual victims' wireless accounts through "SIM swapping," whereby customers' mobile numbers, which are linked to unique subscriber identity modules ("SIM"), were instead linked to a SIM installed in a device controlled by Milleson or his co-conspirators. Once Milleson gained control over the victims' mobile phone numbers, he was often able to also gain unauthorized access to the victims' other electronic accounts, including e-mail, social media, and cryptocurrency accounts. Milleson and his co-conspirators changed the passwords to the accounts to prevent the victims from accessing their own accounts.
When investigators reviewed devices seized during a search of Milleson's home following the indictment, they found several digital currency accounts, login credentials and passwords belonging to some of his victims, according to the statement. They also recovered messages between Milleson and his co-conspirators detailing their methods.