By hijacking Rachel\u2019s phone number, the hackers were able to seize not only Rachel\u2019s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.<\/p>\n
\u201cThat was a very tense night,\u201d Adam remembered. \u201cI can’t believe they had the gall to call us.\u201d<\/p>\n
![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530201639111-sim-card.jpeg\"\/)
<\/p>\nImage: Shutterstock<\/p>\n<\/div>\n
AN OVERLOOKED THREAT<\/h2>\n
In February, T-Mobile sent a mass text<\/a> warning customers of an \u201cindustry-wide\u201d threat. Criminals, the company said, are increasingly utilizing a technique called \u201cport out scam\u201d to target and steal people\u2019s phone numbers. The scam, also known as SIM swapping or SIM hijacking<\/a>, is simple but tremendously effective.<\/p>\n First, criminals call a cell phone carrier\u2019s tech support number pretending to be their target. They explain to the company\u2019s employee that they \u201clost\u201d their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering\u2014perhaps by providing the victim\u2019s Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)\u2014the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.<\/p>\n Game over.<\/p>\n \u201cWith someone’s phone number,\u201d a hacker who does SIM swapping told me, \u201cyou can get into every account they own within minutes and they can’t do anything about it.\u201d<\/p>\n A screenshot of the text message Rachel Ostlund received when hackers took over her phone number.<\/p>\n<\/div>\n From there, the victim loses service, given only one SIM card can be connected to the cell phone network with any given number at a time. And the hackers can reset the victim\u2019s accounts and can often bypass security measures like two-factor authentication by using the phone number as a recovery method.<\/p>\n Certain services, including Instagram<\/a>, require that users provide a phone number when setting up two-factor, a stipulation with the unintended effect of giving hackers another method of getting into an account. That\u2019s because if hackers take over a target\u2019s number, they can skirt two-factor and seize their Instagram account without even knowing the account\u2019s password. (Read our guide on how to protect your phone number, and the accounts linked to it, from hackers<\/a>.)<\/p>\n Eric Taylor, a hacker formerly known as CosmoTheGod<\/a>, used this technique for some of his most famous exploits, like the time he hacked into the email account of CloudFlare\u2019s CEO<\/a> in 2012. Taylor, who now works at security firm Path Network<\/a>, told me that having a phone number linked to any of your online accounts makes you \u201cvulnerable to basically 13- to 16-year-old kids taking over your accounts just by taking over your phone within five minutes of calling your fucking provider.\u201d<\/p>\n \u201cIt happens all the time,\u201d he added.<\/p>\n Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email lorenzo@motherboard.tv<\/em><\/strong><\/p>\n Roel Schouwenberg, the director of intelligence and research at Celsus Advisory Group, has done research on issues like SIM swapping, bypassing two-factor authentication, and abusing account recovery mechanisms. In his opinion, no phone number is completely safe, and consumers need to realize that.<\/p>\n \u201cAny type of number can be ported,\u201d Schouwenberg told me. \u201cA determined and resourced criminal actor will be able to get at least temporary access to a number, which is often enough to successfully complete a heist.\u201d<\/p>\n That\u2019s troubling because cell phone numbers have become \u201cmaster keys\u201d to our whole online identity, as he argued in a blog post<\/a> last year.<\/p>\n \u201cMost systems aren\u2019t designed to deal with attackers taking over phone numbers. This is very, very bad,\u201d Schouwenberg wrote. \u201cOur phone number has become an almost irrevocable credential. It was never intended as such, just like Social Security Numbers were never meant as credentials. A phone number provides the key to the kingdom for most services and accounts today.\u201d<\/p>\n What hackers do once they have control of your phone number depends on precisely what they\u2019re after.<\/p>\n If your bike gets stolen, you should check Craigslist to see if someone is selling it on the black market. If your Instagram account gets stolen via a SIM swap, you should check OGUSERS.<\/p>\n At first glance, OGUSERS looks like any other forum. There\u2019s a \u201cspam\/joke\u201d section and another for chatting on topics like music, entertainment, anime, and gaming. But the largest and most active section is the marketplace where users buy and sell social media and gaming handles\u2014sometimes for thousands of dollars.<\/p>\n In a recent post, someone sold the Instagram account @Bitcoin for $20,000, according to one of the forum\u2019s administrators. In a listing that was still online as of June 13, a user was advertising the sale of @eternity on Instagram for $1,000.<\/p>\n These are just two examples of the kind of accounts for sale on OGUSERS. The forum was launched in April 2017 to give people a place to purchase and sell \u201cOG\u201d usernames. (The forum takes its name from the slang term OG, short for \u201coriginal gangster.\u201d) An OG on social media is any username that is considered cool, perhaps because it\u2019s a unique word like @Sex, @Eternity, or @Rainbow. Or perhaps because it\u2019s a very short handle, such as @t or @ty. Celebrities have also been targeted.<\/p>\n A screenshot of Selena Gomez\u2019s Instagram account after it was hacked.<\/p>\n<\/div>\n In August of last year, for example, hackers hijacked the Instagram account of Selena Gomez<\/a> and posted nude photos of Justin Bieber. The first name on Gomez\u2019s account name was also changed to \u201cIslah\u201d, identical to that used at the time by someone on OGUSERS who went by the username Islah. According to hackers in OGUSERS, the people claiming to be behind the Gomez hack said they did so by taking over the cell phone number associated with the singer-actress\u2019s Instagram account, which had 125 million followers when it was seized.<\/p>\n \u201cDamn they legit hacked the most followed person on Instagram,\u201d an OGUSERS member commented in a thread titled \u201cRIP SELENA GOMEZ.\u201d<\/p>\n A spokesperson for Gomez declined to comment via email.<\/p>\n A post in the OGUSERS forum thread where members commented on the Selena Gomez hack.<\/p>\n<\/div>\n As of June of this year, OGUSERS had more than 55,000 registered users and 3.2 million posts. About 1,000 active users log in each day.<\/p>\n Users on the site are not allowed to discuss SIM swapping. When someone alludes to the increasingly popular tactic, others often post messages to the effect of, \u201cI don\u2019t condone any illegal activities.\u201d Yet, two longtime members, who go by Ace (who is listed as one of the moderators of the forum) and Thug, told me that SIM swapping is a common method OGUSERS members use to steal usernames.<\/p>\n In order to steal a username via SIM swapping, one must first know what number is linked to that username.<\/p>\n Finding that kind of information online, it turns out, isn\u2019t as hard as one might think.<\/p>\n Last year, hackers put up a service called Doxagram<\/a>, where you could pay to find out what phone number and email were behind a given Instagram account. (When it launched, Doxagram was advertised on OGUSERS.) And thanks to a series of high-profile hacks, Social Security Numbers have long been relatively easy to find<\/a> if you know where to look on the internet\u2019s underground.<\/p>\n Ace claimed to no longer be in the business of selling usernames. Thug said they do SIM swaps by using an internal T-Mobile tool to look up subscribers\u2019 data. During our chat, the hacker showed me a screenshot of them browsing the tool.<\/p>\n A photo that the hacker Thug sent me during a recent chat.<\/p>\n<\/div>\n I gave Thug my phone number as a test, and the hacker sent back a screenshot that contained my home address, IMSI number (a standardized unique number that identifies subscribers), and other theoretically secret account information. Thug even saw the special instructions that I gave T-Mobile to protect my account.<\/p>\n \u201cI\u2019m paranoid,\u201d I said.<\/p>\n \u201cIndeed, it\u2019s a crazy online world,\u201d Thug replied.<\/p>\n In fact, it wasn\u2019t the first time a stranger had accessed private information of mine\u2014supposedly protected by T-Mobile.<\/p>\n Last year, a security researcher was able to exploit a bug in a T-Mobile site<\/a> to access pretty much the same information. After patching it, T-Mobile initially dismissed the impact of the bug, saying no one had exploited it. But in reality, many people had. A tutorial on YouTube<\/a> that explained exactly how to take advantage of the bug to access people\u2019s private data had been up for weeks before the company plugged the hole.<\/p>\n Thug said that in the last few years, telecom providers have been making it harder for hackers like them.<\/p>\n \u201cIt used to be as simple as calling up a phone company (for example, T-Mobile) and telling them to change the SIM card on the number,\u201d Thug told me in a recent online chat. \u201cNow you need to know people that work there and they\u2019ll give the PIN for literally $100.\u201d<\/p>\n Thug and Ace explained that many hackers now recruit customer support or store employees who work at T-Mobile and other carriers and bribe them $80 or $100 to perform a SIM swap on their target. Thug claimed they got access to the T-Mobile tool by bribing an insider, but Motherboard could not verify this claim. T-Mobile declined to answer questions on whether the company had any evidence of insiders being involved in SIM swap scams.<\/p>\n \u201cInsiders make the job a lot faster and easy,\u201d Thug said.<\/p>\n Finding an insider isn’t the main challenge, Ace added. \u201cIt’s convincing them to do what you want that is the hard part.\u201d<\/p>\n A post on OGUSERS by someone nicknamed \u201cSimswap,\u201d who was advertising a service for fake IDs and other documents.<\/p>\n<\/div>\n A recent investigation<\/a> by security firm Flashpoint found that criminals are increasingly getting help from telecom insiders to perform SIM swaps. Lorrie Cranor, a former FTC chief technologist, said that she has seen evidence of insiders being involved in these attacks multiple times. Taylor, the security researcher and SIM swapping pioneer, said that he knows of people who get help from store employees. Security reporter Brian Krebs recently wrote about a case<\/a> where a T-Mobile store employee made an unauthorized SIM swap to steal an Instagram account.<\/p>\n SIM swapping isn\u2019t the only way people on OGUSERS take control of accounts, of course. Though not as effective as SIM swapping, a less nefarious hijack known as \u201cturboing\u201d uses a program that automatically tries to claim usernames when they become available, Thug told me.<\/p>\n But if stealing phone numbers is the more effective approach, it\u2019s not for lack of requiring considerable skill. Ace and Thug estimated that only around 50 OGUSERS members have the social engineering and tech tools to be able to do it.<\/p>\n In a video posted to YouTube, an alleged OGUSERS member with forum members’ usernames written on his chest can be seen screaming “I love OGU.”<\/em><\/p>\n When I was chatting with them, I asked Thug and Ace if they feel any remorse when it comes to hacking into people\u2019s online accounts, cryptocurrency wallets, or banks.<\/p>\n \u201cNot at all, sad to say,\u201d Ace said. \u201cI take their money and live my life. Their fault for not staying secure.\u201d<\/p>\n What criminal hackers like them do is basically harmless, Thug added, especially for usernames.<\/p>\n \u201cIt\u2019s just a username. Nothing special,\u201d Thug said. \u201cNot losing any money, just a dumb username.\u201d<\/p>\n Whether they\u2019re selling Instagram usernames or not, SIM swappers can make serious money.<\/p>\n \u201cThe entire schema is super lucrative,\u201d Andrei Barysevich, a security researcher at Recorded Future who has studied the criminal business of SIM swapping, told me. \u201cIf you know how to swap a SIM card it\u2019s a venue to make a lot of money.\u201d<\/p>\n Take Cody Brown, the founder of virtual reality company IRL VR, who lost more than $8,000 in Bitcoin in just 15 minutes<\/a> last year after hackers took over his cell number and then used that to hack into his email and Coinbase account. At the time of Brown\u2019s hack, such attacks were rampant enough that Authy, an app that provides two-factor authentication for some of the most popular online cryptocurrency exchanges, alerted users about SIM swapping and put extra security features to stop hackers<\/a>.<\/p>\n Or consider the message I received on the encrypted chat app Signal last year, after Motherboard revealed that a T-Mobile website had a bug that allowed hackers to obtain personal customer information<\/a>, which could then be used to social engineer customer representatives and run a SIM swap.<\/p>\n \u201cJust wanna say fuck you for leaking the [T-Mobile] API exploit you cock munching faggot fuck,\u201d the person, who went by the nickname NoNos, wrote. \u201cIt wouldn’t be patched if you didn’t write an article about it for all the world to see and contact TMO telling them about it.\u201d<\/p>\n The person went on to claim that they used the bug to hack several people, and that they were a SIM swapper. They also said they used the technique to target wealthy people they could then rob.<\/p>\n \u201cI’ve made 300k [ sic<\/em>] in a day before through other methods,\u201d NoNos said, though Motherboard was unable to corroborate this number.<\/p>\n \u201cIf \u2018people\u2019 with the ability to do this can SIM swap anyone’s number in the country, why would you target usernames and random people when you can target people with lots of money? Like investors or stock traders. Hedge fund managers etc,\u201d NoNos continued.<\/p>\n Besides Selena Gomez, other notable victims of SIM swapping include Black Lives Matter activist Deray McKesson<\/a>; Dena Haritos Tsamitis<\/a>, the founder of Carnegie Mellon University\u2019s cybersecurity and privacy institute CyLab; and YouTube star Boogie2988<\/a>.<\/p>\n In the last few months, more than 30 victims of SIM swapping reached out to me to share horror stories<\/a> of their online and offline lives being subsequently upended. It\u2019s safe to say this has happened to at least hundreds of people in the US, though it\u2019s hard to nail down exactly how many individuals have been hacked this way. Only cell phone carriers know the extent of the problem, and these telcos, perhaps unsurprisingly, aren\u2019t inclined to talk about it.<\/p>\n Cranor, now a professor at Carnegie Mellon University, said she tried to find out just how prevalent this hack was while serving as chief technologist at the Federal Trade Commission in 2016 (Cranor herself became a victim<\/a> of SIM swapping that same year; at the time, Cranor told me, she had never even heard of SIM swapping.) But despite the power and influence that came with her role at the FTC, none of the cell phone providers shared any data on how common these attacks are when Cranor requested numbers.<\/p>\n \u201cThe carriers are clearly not doing enough,\u201d Cranor told me over the phone. \u201cThey tell me that they’re increasing what they’re doing, and that maybe what happened to me wouldn\u2019t have happened today, but I\u2019m not convinced. I have not seen much evidence that they really ramped things up. They really need to treat this as something that is a critical authentication issue.\u201d<\/p>\n Carriers are well aware of SIM swapping, she added. \u201cAlthough they don’t like to admit it.\u201d<\/p>\n Motherboard reached out to AT&T, Verizon, Sprint, and T-Mobile\u2014the big four US cell phone providers\u2014requesting data on the prevalence of SIM swapping. None of them agreed to provide such information.<\/p>\n An AT&T spokesperson said this kind of fraud \u201caffects a small number of our customers and this is rare for us,\u201d but did not respond when asked to clarify what \u201csmall number\u201d means.<\/p>\n \u201cSIM swap\/port out fraud has been an industry problem for some time,\u201d a T-Mobile spokesperson said in a statement. The company, she added, is combating these attacks by asking customers to add extra security, such as requiring PINs and passcodes for porting out numbers, and evaluating new methods to verify changes to customer accounts. The rep declined my request to arrange a phone interview with T-Mobile executives and did not answer questions about how prevalent and widespread these attacks are, including how many people have been hit.<\/p>\n \u201cI can\u2019t really understand why that\u2019s relevant,\u201d the spokesperson said. \u201cIt\u2019s going to be a small number when you consider we have 72 million customers. But obviously no company wants to see this happen to even one customer.\u201d (In October of last year, T-Mobile alerted \u201ca few hundred customers<\/a>\u201d who were targeted by hackers.)<\/p>\n Sprint declined to provide any numbers or data on SIM swapping incidents, and instead sent a statement suggesting that their customers regularly change their passwords. A Verizon spokesperson also did not provide any data about the prevalence of SIM hijacking, but said it requires \u201ccorrect account and password\/PIN match\u201d to do SIM swaps.<\/p>\n Earlier this year, these four major carriers announced the Mobile Authentication Taskforce<\/a>, a joint initiative to create a new solution to allow customers to authenticate to websites and apps using credentials on their phones. The tech<\/a> press<\/a> touted this as a potential replacement for SMS-based two-factor authentication, which is widely considered broken<\/a>. But there aren\u2019t details on how this new solution will actually be implemented, and it\u2019s still unclear if it will help mitigate SIM swapping.<\/p>\n An FTC spokesperson pointed to the agency\u2019s 2017 Consumer Sentinel Data Book<\/a>, a document that summarized consumer reports of fraud, scams, and identity theft, among others, though it lacked a specific entry for SIM swapping. The spokesperson said such an item \u201cmight come under\u201d phone or utilities fraud, which records more than 30,000 reports of mobile telephone fraud.<\/p>\n Screenshot from page 14 of of the FTC\u2019s Consumer Sentinel Data Book<\/p>\n<\/div>\n A spokesperson with the Federal Bureau of Investigation, an agency that probes nationwide scams and crimes of the sort, said the bureau has no data on this type of hack.<\/p>\n Even if the numbers are small, these hacks can be damaging and hurtful. At the very least, recovering from one requires a significant amount of time and effort. Just ask Fanis Poulinakis, a SIM swapping victim, who told me about getting SIM swapped earlier this year.<\/p>\n After his phone stopped working all of a sudden one day, Poulinakis said he immediately logged in to his online bank account. \u201cEt voila!\u201d he said. \u201c$2,000 were gone.\u201d Poulinakis spent the entire day between T-Mobile and Chase Bank, trying to piece together what had happened.<\/p>\n \u201cWhat a nightmare.\u201d<\/p>\n The night of September 6, 2017, wore on for Rachel and Adam Ostlund.<\/p>\n Adam tried to keep the hackers on the phone as long as he could, mostly to figure out what had happened and what all had been accessed by the criminals, who were growing impatient, demanding the couple give up Rachel\u2019s @Rainbow Twitter account. Having control of both Twitter and Instagram accounts with the same username would have given the hackers a chance to rake in more money in the event of a sale. As other hackers have explained to me, having the original email\u2014or \u201cOGE\u201d\u2014that\u2019s linked to the accounts makes them more valuable, given that it\u2019s harder for the original account holders to recover them from the hackers.<\/p>\n Tired, Adam hung up. The hackers soon texted him.<\/p>\n \u201cCan we just make this quick I need to sleep,\u201d one of them wrote, according to a chat log Adam shared with Motherboard. \u201cChange the email on the Twitter now. Not to be a jerk but if you don\u2019t respond soon, no matter what you got bad things are gonna happen.\u201d<\/p>\n Then the hackers called back. This time, a calmer, less threatening person did the talking.<\/p>\n \u201cIt\u2019s not personal,\u201d the second hacker told Adam, apologizing for the tone of the first person, according to a recording of the call. \u201cI can assure you nothing is gonna happen.\u201d<\/p>\n Local law enforcement showed up at the Ostlund\u2019s house during this second call, after Rachel had called the police. When the couple explained what happened, the officers seemed confused and said they couldn\u2019t really help. The couple spent the rest of the night trying to recover from the hack. Once they got the phone number back from T-Mobile, they used it to reset all passwords, just like the hackers did, to recover the seized accounts. Except the @Rainbow Instagram, of which the hackers now had full control.<\/p>\n Three days later, Rachel and Adam took matters into their own hands. They would hunt down the hackers themselves.<\/p>\n Rachel said she noticed that her Instagram account had been essentially reset with a single follower: @Golf, whose bio identified the owner as someone named Austin. In that account, the Ostlunds told me they found a picture they believe to have been taken at a concert in Colorado Springs, and that by looking through @Golf\u2019s followers the couple managed to track down the hacker\u2019s Twitter and Facebook account. This led to what they allege to be the hacker\u2019s real identity.<\/p>\n Motherboard was unable to confirm the identity of the hacker.<\/p>\n During their investigation, Rachel and Adam also found a post on OGUSERS where a hacker nicknamed Darku was selling @Golf and other unique Instagram usernames. For the couple, this was a telltale that Darku was in control of @Golf and, thus, of @Rainbow.<\/p>\n A post where Darku advertised the sale of the Instagram account @Hand.<\/p>\n<\/div>\n In an online chat, Darku told me he is 18 years old and has been part of several hacking groups. He denied doing SIM swapping and to being the hacker who stole @Rainbow and @Hand, claiming he traded the latter from a friend, and that he never owned @Rainbow.<\/p>\n \u201cI don\u2019t subject myself to petty crime,\u201d Darku said. \u201cI have connections everywhere and don\u2019t need to perform fraud to get what I want.\u201d<\/p>\n After I reached out to him on OGUSERS in May, Darku wrote a post warning members that the FBI may be investigating the forum. According to Darku, my questions were suspicious\u2014he wasn\u2019t sure I truly was who I claimed to be.<\/p>\n \u201cFriends of mine have had run ins with the FBI recently regarding some usernames and how they were acquired, personal experience gained,\u201d Darku wrote. \u201cIf you’ve been contacted by ANYONE claiming to be from any MAJOR news outlet, please proceed with caution.\u201d<\/p>\n Some users seemed confused, wondering why the bureau would even be interested in a marketplace for usernames.<\/p>\n \u201cIt’s not about the usernames,\u201d another user countered. \u201cIt’s about the ways that were used to obtain the usernames. I’m positive they know the darker picture of what goes on behind just selling usernames.\u201d<\/p>\n Still other OGUSERS forum members seemed to take it more lightly, joking about getting arrested, or posting memes. My account on the forum was banned, as was the IP address I was using to access it.<\/p>\n An Instagram post by a OGUSERS member, published after Motherboard started reaching out to members of the forum.<\/p>\n<\/div>\n Adam shared the information he\u2019d found on Darku with an FBI agent in Salt Lake City who specializes in dark web and cybercrime investigations, according to an email Adam shared with me. Adam also told me that the FBI in Colorado Springs notified him that his report was \u201caccurate\u201d and that investigators are making progress.<\/p>\n Rachel added that the FBI recently informed her and Adam that agents allegedly visited Austin\u2019s house and \u201cscared the heck out of him.\u201d The hacker is \u201cnever gonna do this again,\u201d Rachel told me.<\/p>\n In another recent OGUSERS forum thread, Darku wrote that he knows for a fact that the FBI is looking into \u201cwhoever extorted the lady\u201d who owned @Rainbow. Darku told me that police have come to talk to him, but \u201cit didn\u2019t have anything to do with me.\u201d<\/p>\n \u201cI do not waste my time harassing other people,\u201d Darku said he told the authorities.<\/p>\n Motherboard was unable to confirm FBI involvement in the case. The bureau typically does not comment on active investigations. A spokesperson from the FBI Salt Lake City office declined to comment. The FBI\u2019s Colorado Springs office could not be reached.<\/p>\n To this day, Instagram has yet to return the @Rainbow account to Rachel. Other victims, such as the owners of the Instagram accounts @Hand and @Joey, all told me they have not gotten their accounts back despite multiple complaints to Instagram.<\/p>\n \u201cWe work hard to provide the Instagram community with a safe and secure experience,\u201d an Instagram spokesperson said in a statement. \u201cWhen we become aware of an account that has been compromised, we shut off access to the account and the people who\u2019ve been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts.\u201d<\/p>\n For traumatized victims, it\u2019s a valuable lesson learned the hard way.<\/p>\n \u201cOur phones are our greatest vulnerability,\u201d Rachel told me.<\/p>\n As Adam put it, the hack taught him that cell phone numbers are the weakest links in our digital lives.<\/p>\n \u201cIf someone owns your phone number,\u201d he said, \u201cthey own your life.\u201d<\/p>\n Get six of our favorite Motherboard stories every day<\/em><\/strong> by signing up for our newsletter<\/em><\/strong><\/a>.<\/em><\/strong><\/p>\n![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530201749114-fig1i_iphone_sim-copy.png\"\/)
<\/p>\n\u2018I TAKE THEIR MONEY AND LIVE MY LIFE\u2019<\/h2>\n
![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530201878642-selena-gomez.png\"\/)
<\/p>\n![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530201930771-Screen-Shot-2018-06-19-at-31204-PM.png\"\/)
<\/p>\n![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530201973788-signal-2018-06-12-221341.jpeg\"\/)
<\/p>\n![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530202006393-Screen-Shot-2018-06-28-at-114447-AM.png\"\/)
<\/p>\nA GROWING PROBLEM<\/h2>\n
![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530202057935-Screen-Shot-2018-06-20-at-25545-PM.png\"\/)
<\/p>\nFROM VICTIMS TO SLEUTHS<\/h2>\n
![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530202093818-Screen-Shot-2018-06-18-at-24653-PM.png\"\/)
<\/p>\n![\"\"](\"https:\/\/video-images.vice.com\/_uncategorized\/1530202221423-Screen-Shot-2018-06-28-at-121003-PM.png\"\/)
<\/p>\n