The Secret World of Stolen Smartphones, Where Business Is Booming

In late May of 2012, a damaged package split open at a FedEx facility in Rancho Cordova, California, spilling dozens of boxed iPhones across the shipping room floor. A worker there contacted Apple, which, with the help of corporate security at Verizon, confirmed what FedEx personnel already suspected: The devices were contraband, likely bound for the black market.
Image may contain Cell Phone Electronics Mobile Phone Phone and Lock

Ben Wiseman


In late May of 2012, a damaged package split open at a FedEx facility in Rancho Cordova, California, spilling dozens of boxed iPhones across the shipping room floor. A worker there contacted Apple, which, with the help of corporate security at Verizon, confirmed what FedEx personnel already suspected: The devices were contraband, likely bound for the black market.

Two hours later, a man named Brian Fichtner showed up at the facility. Fichtner is thin and wiry, with the clipped demeanor of a career cop and a passing resemblance to the actor George Clooney. He has spent his entire professional life in law enforcement, first as a narcotics investigator and most recently as a member of the California Department of Justice's elite eCrime Unit, a group tasked with prosecuting tech-related violations—identity theft, revenge porn, the large-scale smuggling of electronics.

Fichtner used a pocketknife to slice open the broken package. There were 37 iPhones inside. He wrote down each of the serial numbers and resealed the box. Then he sat back to wait. The next day, a Sacramento resident, Wasif Shamshad, picked up the package and, with eCrime investigators on his tail, drove west to a stucco apartment complex on the outskirts of the city. There the package was handed off again, this time to Shou Lin Wen, a gaunt guy in his late thirties, and his wife, Yuting Tan.


Further gumshoe work revealed that Wen had grown up in mainland China, immigrated stateside as an adult, become a naturalized citizen, and opened a cell phone and electronics shop in downtown Sacramento. His record was clean. Still, Fichtner had long ago learned to trust his instincts, and his instincts here told him that he was likely onto something big.

Investigators were assigned to stake out Wen and Tan's two-story residence in the leafy neighborhood of Rosemont and were on hand when, on a sweltering day that August, the couple hauled four heavy parcels into a shipping facility.

The destination of their shipment was an apartment in Hong Kong. The eCrime investigators watched Wen and Tan pay for the delivery, and once the couple had climbed back into their black Nissan Murano and driven away, the lawmen, along with agents from Immigration and Customs Enforcement, inspected the contents of the parcels: 190 brand-new smartphones, still in their boxes—mostly iPhones, but some BlackBerry handsets thrown in too. Many of the iPhone serial numbers matched the ones in the package picked up by Shamshad.

Fichtner's suspicions were confirmed. Now he just had to piece together the particulars of the operation. Over the next few months, members of the eCrime group visited North Carolina, where the smartphones had been purchased, and a modest townhouse in Boston—the residence of electronics broker Pengchong Shou. Investigators obtained search warrants, downloaded bank records, and tossed trash cans. They whiled away hours on the phone with reps from Sprint, AT&T, and Verizon Wireless.

Contraband smartphones confiscated by the California Department of Justice’s eCrime Unit. Courtesy of the California Department of Justice

A picture slowly emerged of a so-called credit-mule scheme, ingenious in its simplicity and impressive in its reach. Middlemen such as Shamshad were dispatched to seemingly random American cities, where they trolled homeless shelters and halfway houses, offering $100 to anyone who would buy, on their behalf, a few on-contract phones from a local electronics store.

Back in California, the contraband was handed off to Wen and Tan, who arranged to have the phones shipped to their contacts in Asia. The profit margin was enormous: In North America, wireless carriers typically subsidize the cost of our smartphones in order to lure us into multiyear voice and data contracts. To obtain a phone, in other words, we fork over a small fraction of the device's actual market worth. Wen and Tan took advantage of the system by obtaining iPhones—through middlemen and mules—for $200 a pop, then selling them in China for close to $1,000.

Records obtained by the eCrime Unit indicate that in a single year, Wen mailed 111 parcels using his FedEx account. By the time the whole operation was brought down in March of 2013, he and his wife had become very wealthy, to the tune of close to $2.5 million in annual income.

Today, Wen is serving just under three years at a California state prison for conspiracy to acquire and resell stolen property; Tan received a lesser sentence of a year. (Shamshad, the middleman, was charged and convicted of receiving stolen property.)

And yet Fichtner and his colleagues are under no illusions that in apprehending Wen and Tan they have come close to eradicating the larger problem. “As long as there are profits to be made, thieves will keep on stealing phones,” Robert Morgester, the assistant attorney general in charge of the eCrime Unit, told me recently. He smiled. “I mean, why did Willie Sutton rob banks? Easy: because that's where the money was.”


In 2009, roughly 5 percent of the global population owned a smartphone. Before 2015 is out, that number is expected to hit 35 percent, or 2.5 billion people—approximately the populations of China and India combined. Considering the ever-quickening pace of technological innovation and the shrinking cost of processors and chipsets, it does not take a particularly fertile imagination to picture the day when, perhaps as soon as 2017, half the world will be hooked up to the small screen of a smartphone.

For many of us, these devices are among our most valuable possessions. Or, at the very least, they are among the most valuable possessions that we cart with us everywhere we go. We hold them up to our ears on city streets, we fiddle with them on subway platforms, we set them on restaurant tables—little handheld computers with all the firepower of a laptop and almost none of the heft. Machines that hold our entire lives in their RAM, from family photos to work emails to the balances of our bank accounts. Machines that can be swiped, wiped, and resold for hundreds of bucks in the space of an hour, often without the help of a pawnshop or a professional fence. Machines that are worth 13 times more, per ounce, than a block of silver.

That's why street theft of mobile devices—or “Apple picking,” as it's known—has been such a widespread crime in recent years. According to Consumer Reports, 3.1 million Americans were the victims of smartphone theft in 2013, up from 1.6 million in 2012. The mobile security firm Lookout believes that one in 10 smartphone users in the US have had their phones stolen; 68 percent of those victims never saw their device again. Nationally, about one-third of robberies now involve a smartphone.


For years, the mobile industry resisted making even the most minimal efforts to prevent street theft. It had little impetus to do so: The carriers make a lot of money selling expensive theft insurance to consumers, and if security software did successfully deter theft on a large scale, those same carriers might be out a lot of cash. (William Duckworth, a professor at Creighton University's business school, has estimated Americans spend $4.8 billion annually on premium phone insurance and $580 million a year on replacement devices.) But the problem has grown so undeniable that even the carriers are powerless to resist reforms. Last August, after an intense lobbying campaign led by San Francisco district attorney George Gascón and New York attorney general Eric Schneiderman, governor Jerry Brown signed a California kill switch law mandating the inclusion of technology that allows users to lock up a stolen handset and render it unusable; similar legislation was signed in Minnesota.

In 2013, Apple rolled out a feature called Activation Lock, which allows a user to password-protect a phone from being booted up again. With iOS 7, users had to mess around with their settings to make Activation Lock work; with iOS 8, it's turned on by default. Google and Microsoft have pledged to package all new phones with similar software.

Max Szabo, a spokesperson for the San Francisco district attorney's office, says the arrival of Apple's Activation Lock has already had a decisive effect. In San Francisco, iPhone robberies dropped 38 percent in the first five months of 2014; in New York City, Apple-related robberies were down 19 percent. “Clearly,” Szabo says, “as a deterrent, the kill switch really works.”


To which one might add a couple of qualifiers: The kill switch really works in certain circumstances and as a deterrent to one common type of robbery. If you're a garden-variety street thief, driven by opportunism, then it's true you might now think twice about pulling an Activation Lock-equipped iPhone out of a nearby purse.

But Activation Lock is only software, and as any programmer can tell you, anything coded can eventually be breached. In late May of 2014, for example, a pair of anonymous hackers went public with an iCloud bypass they called doulCi, which allows you to reset a device as if it were brand-new. Similar work-arounds remain online for anyone with the tech savvy to implement them.

And although Apple and Gascón probably wouldn't want me telling you this, a locked phone doesn't necessarily mean a worthless one. Dustin Jones, the founder of Harvest Cellular, a telecom recycling company, recently conducted a survey of 200 used iPhones for sale on eBay. Of those 200 devices, 32 were explicitly labeled as being stuck on the Activation Lock screen. Despite the best efforts of Apple, Jones concluded in a post on the Harvest Cellular blog, “thieves still have an easy marketplace where they can liquidate stolen devices.”

Just as worrisome is the fact that Activation Lock—and software like it—is effective only once a device has been linked to an iOS account and activated by a user who suspects their phone has been stolen. For that reason, a kill switch would not have stopped the fraudsters Wen and Tan—in that instance, there was no one to trigger the feature, and the phones were quickly shipped overseas, where they were likely (and promptly) fitted with new SIM cards. Nicholas Pacilio, a former spokesperson for the California DOJ, says that the size and frequency of credit-muling and fraud operations like the one run by Wen and Tan seem to be increasing.

As do the number of smash-and-grabs, in which thieves break into warehouses or electronics stores to obtain a treasure trove of unactivated devices. In the summer of 2014, the Florida attorney general announced the arrest of a ring of criminals who used stolen cars to crash through the doors of Best Buy, hhgregg, and CompUSA stores across Alabama, Florida, Georgia, and Tennessee. Before it was brought down, the ring had allegedly obtained roughly $2 million in Apple devices. Security analysts have started to see street gangs in Oakland, California, turn away from drugs and toward iPhones.

Indeed, Ben Levitan, a telecommunications veteran who has worked for Verizon and Sprint, among other major industry players, has argued that a kill switch, far from fully alleviating the problem, has the potential to send it corkscrewing in new and unpredictable directions.

A KILL SWITCH WON'T DETER THIEVES WHO QUICKLY SHIP PHONES OVERSEAS, WHERE THEY'RE FITTED WITH NEW SIM CARDS.

“So you roll out the kill switch,” Levitan says. “Great. Street theft might shrink a little. Maybe a lot. But the guts of the phone are still valuable, right? People are just going to be trashing their phones and selling them for parts.” He predicted the creation of a “whole new black market.”

There is evidence that market already exists. In Alameda County, the eCrime Unit recently busted an illicit smartphone-parts operation run out of a store called AppleNBerry. (The owners of AppleNBerry, Sammy and Steven Chan, have since pleaded guilty to receiving stolen property and selling counterfeit goods.) And in August the FBI announced the arrest of 20 individuals associated with the so-called Mustafa Family, a Minnesota-based group that was involved in shipping stolen phones and parts to black marketers in the Middle East and Asia.

“Even with the Activation Lock, you still have the issue of credit muling, you still have smash-and-grabs,” says Samir Gupte, a product manager at Lookout. He says that eventually, manufacturers could start to tag devices with a unique product key as they are being built; users could be required to have that product key on hand to activate the phone. But manufacturers are unlikely to undertake all the extra work unless compelled to do so, and moreover, as Gupte acknowledges, “thieves often find a way of catching up with any new technology.”

Criminals are ingenious, adaptable. In September, for example, Pennsylvania law enforcement arrested two smartphone thieves for allegedly breaking into several electronics stores. According to police, the men were using a camera-equipped drone to recon their targets.

“There's no bulletproof solution to smartphone theft and there never will be,” wireless industry analyst Jeff Kagan says. “It's like the long war between the people who create computer viruses and the people who write security software. Or the people who make radar guns and the people who make radar detectors. It's just continually escalating.”


In the meantime, there is concern among some activists that kill switch technology will infringe upon the rights of smartphone users. Last year, before the California kill switch bill became law, the Electronic Frontier Foundation penned an open letter criticizing the legislation and highlighting what it called the “potential for abuse.” The government would theoretically have the ability to force carriers to shut down certain phones, the EFF pointed out—a frightening thought to civil libertarians.

Equally frightening is that activating a kill switch does not mean that your privacy won't be compromised, as was shown a couple of years ago during an attack against the Sony PlayStation Network, in which hackers exposed personal information from 77 million user accounts despite Sony's ability to shut down its system.

Examining smartphone theft statistics from this angle, along with the proposed fixes and their various drawbacks, one can start to feel a profound despair. Perhaps losing our phones to quick-fingered thieves is just something we'll have to learn to live with for months and years and decades to come.

When I raise this possibility with security analyst Marc Rogers, formerly of Lookout and now serving the same role with a company called CloudFlare, he demurs. Smartphone theft only looks insoluble, he says, because we've come to believe, erroneously, that it's a monolithic problem that can be solved by a single killer app. In fact, it's a dense, complicated, multilayered dilemma that requires a multilayered solution.

Ben Wiseman

Rogers argues that the best way to reduce theft is to embrace an array of complementary techniques. Call it the holistic approach: more kill switches, even if they can be bypassed; more aggressive law enforcement, even if a few thieves manage to slip through the dragnet; and more third-party applications that help shore up defenses.

Lookout makes an app that can track your stolen device, take a snapshot with the front-facing camera and note the location whenever an unauthorized user attempts to access it. And Polo Chau, an assistant professor of computing at Georgia Tech, is researching an authentication protocol that would memorize the highly individualistic ways in which a user swipes and types on a touchscreen. Mated to a security system, such software could power down a phone it concluded was being accessed by an unauthorized user.

“You want to put up obstacles for the criminals at every turn,” Rogers says. “You've got to think of the theft of smart devices as an economy, and you've got to destabilize that economy. You've got to disrupt the supply chains. You won't get everyone, but in some places you'll beat them back.”

MATTHEW SHAER (@matthewshaer) is the author of The Sinking of the Bounty: The True Story of a Tragic Shipwreck and Its Aftermath.