Cyber Incident Victim: Federal Trade Commission
Date:
Jun 2016
Location:
United States of America
Summary
An identity thief impersonated the FTC's chief technologist at a mobile phone store, using a fake ID with her name and the thief's photo to hijack her account. The attacker obtained two new iPhones charged to her account, deactivating her existing devices. After service disruption, the victim discovered unauthorized charges and encountered carrier representatives who initially blamed her while acknowledging potential authentication lapses at third-party retailers. She secured her account, filed fraud reports, and pursued recovery steps including a police report and credit monitoring. The incident highlighted rising mobile account hijackings, with thieves typically targeting high-value devices for resale. This compromised her communication channels and exposed broader risks, as phones often serve as multi-factor authentication tools, amplifying potential security implications beyond financial fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lorrie Cranor, the Federal Trade Commission's chief technologist, experienced a mobile phone account hijacking incident in mid-2016 when an impersonator successfully transferred her phone numbers to unauthorized devices. During an active call, both of Cranor's Android phones simultaneously lost service. Upon contacting her mobile carrier via landline, she learned her account had been fraudulently upgraded to two premium iPhones at a retail location, resulting in deactivated SIM cards. The carrier's customer service initially treated this as an account error before confirming the theft occurred when someone posing as Cranor presented falsified identification documents at a store. The impersonator used a counterfeit ID displaying Cranor's name paired with their own photograph to execute the transaction at an Ohio-based retailer hundreds of miles from Cranor's residence, charging the devices to her account through an installment plan. This attack immediately disrupted Cranor's communication capabilities and exposed her to potential financial liability for the unauthorized device charges. Forensic investigation later revealed the hijacker never activated or used the stolen phones, suggesting the primary motive was device resale rather than direct communication interception or credential harvesting.
Cranor implemented multiple recovery measures following the breach, beginning with carrier-level account security enhancements. She changed her online account credentials and implemented a supplemental security PIN recommended by the carrier's fraud department. Through the FTC's IdentityTheft.gov portal, she filed an official identity theft report, placed fraud alerts with credit bureaus, and obtained complimentary credit reports to monitor for secondary financial exploitation. Cranor formally documented the crime by completing an identity theft affidavit and filing a police report with local authorities. Leveraging federal consumer protection statutes, she compelled the carrier to disclose the fraudulent transaction records, which confirmed the impersonation methodology. Industry context provided in her disclosure noted a 156% increase in similar mobile hijackings reported to the FTC between January 2013 (1,038 cases representing 3.2% of identity theft reports) and January 2016 (2,658 cases comprising 6.3% of identity theft reports). The incident highlighted systemic authentication vulnerabilities in telecom retail channels, particularly third-party retailers where standard ID verification protocols might not be uniformly enforced.