Nov 3, 2017
Obby the “Hacker” aka Sim Swapper
November 2nd was a pretty average day, with an average amount of orders and I was enjoying my 6–10PM break I give myself to enjoy spending some time with my kids.
Enter Obby…
Obby was a customer on Coincards.ca, who ordered a $1000 newegg card but then immediately started demanding a refund even though his transaction was yet to be completed. Worst part was, he didn’t even send enough BTC for his order, maybe he’s new to bitcoin? I told him I would get someone to refund it at 10pm, no problem.
Big problem for Obby.. First came the tweets
then the emails to my PERSONAL email address,
Then the text messages to my personal phone line. I insisted he must wait…
And this is where things get weird.
Around 9:20PM I noticed a barrage of emails from Google. My account had been accessed by an IP address in Los Angeles (A vpn). I went to grab my cell phone and noticed I had no service.
I knew exactly what happened, I had been attacked via Sim Swap.
I immediately called Rogers (Who actually had on file that I was a potential for this attack, so I am clueless as to why they let this happen). The Rogers rep immediately identified that approx 20 minutes before, someone had called in to port my number to a new sim. He reversed this change and I now had my phone back.
While on the phone, I managed to reset my Gmail password. My gmail account is actually a legacy google apps account which is tied to my own domain. This worked out in my favour, as gmail gave me the option of using my domains DNS to verify that I was indeed the owner of the email addresses.
I immediately changed my password and logged into my gmail account.
Here is what Obby had time to access:
- Gmail — Once Obby accessed my gmail account, he made a few stupid mistakes that verified it was him doing the attack.
- He reset my master reset email to use an email from his @obnoxious.eu domain, which is also prominently located on his twitter account.
- He reset the master phone number on my gmail account to match the same number he used to text me from earlier, 604–8**–**57.
- Dropbox — This is an old account, anything stored on here would be 3–4 years old and probably only be used to sync a few third party services I don’t give a shit about. Any important data is secured elsewhere.
- Twitter — This part is actually a bit funny; Obby tried to steal my twitter account, but in the process gave MY twitter account complete access to his. Once he realized his mistake, he quickly put his twitter into complete lockdown mode. LOL.
- Attempted Paypal — By the time Obby realized I had a paypal account, I was already in full control of all my accounts and my phone number. Paypal called me to verify if it was me resetting my password and of course I hit no.
Unfortunately due to an ongoing investigation, I was not able to disclose ALL of my evidence towards obby.
After the “Hack”
After the hack, Obby started to message me on twitter again asking for his refund.
The post received a lot of attention from his friends, and was retweeted with all the lol’s.
We have since contact the authorities, and contacted our lawyers. We have been advised that all further claims on this transaction will need to be conducted through our lawyer.
Obby refuses to meet KYC laws, and will not give us any information to complete his refund. We are open and willing to a refund of his funds as long as we can complete our due diligence processes.
Until then, his funds are safely held here:
https://blockchain.info/address/3FFWcbVnRh7EFjp9kQ1cguBawSfmUva4dt
