How a porch piracy gang stole thousands of iPhones in a sophisticated crime spree

A crime ring successfully stole thousands of iPhones being delivered to customers, using a combination of scraping delivery tracker sites and occasional bribery to pull it off.

Porch pirates are often thought to consist of opportunist criminals stealing deliveries from neighbors. But, like other crimes, it has evolved into a sophisticated enterprise, optimized for maximum results.

One group taken down by law enforcement demonstrates how much effort it took for a team of individuals to steal thousands of iPhones across the United States. It was a feat primarily accomplished with a technological assist, aided by bribery.

According to the Wall Street Journal, a group produced software to scrape for FedEx tracking numbers. The criminal complaint filed in New Jersey explains that the numbers were then supplied to AT&T store employees, who were then bribed to supply order and delivery details, which thieves then used to grab packages just as they were delivered.

The AT&T employees took photographs of the data, which were shared with the group, which was keen to expand its reach within the carrier. It is believed one employee was receiving between $2,000 and $2,500 for recruiting other employees to the operation.

To actually manage the thefts, the group had designated dispatchers to order thieves to specific addresses where FedEx trucks were headed.

The thieves would then take the packages to a dropoff, such as the Wyckoff Wireless store in Brooklyn, which was being monitored by federal agents. Goods would be shipped abroad and sold.

The store was owned by Joel Suriel, who has previous form in stolen phones. He pleaded guilty to wire-fraud conspiracy in 2018, after using stolen customer identities to get phones from AT&T.

Following a raid of the store in February, which saw the seizure of goods, the shop has remained closed.

A technical crime

In February, a total of 13 people were arrested for having connections to the ring. However, it was an international group, and not all of its participants were picked up by the authorities.

One such person is Reyes Martinez, the New Jersey U.S. Attorney's Office said. As a citizen and resident of the Dominican Republic, it is unclear if he has been arrested, with the Attorney's Office declining to provide more details on his status.

Martinez, who goes by "CookieNerd" online, may not have actually participated in the thefts directly, but is believed to have supplied a key component for its operation. He allegedly wrote software that would get around delivery data request limits on the FedEx website designed to prevent wholescale data scraping.

Rather than use the software himself, Martinez instead is claimed to have sold the software to others via Telegram, including instructions on how to use it.

FedEx and AT&T cooperated with law enforcement including the Department of Homeland Security, FBI, police, and a Dominican Republic prosecutor's office who specializes in tech cromes.

"With bad actors growing increasingly sophisticated, the shipping industry has been proactively working with law enforcement to address the rise of porch piracy," said FedEx. It also insisted that it adapts processes to protect both packages and drivers from criminal gangs.

Porch privacy protection

While thieves are getting more sophisticated when it comes to porch piracy, there are still things that homeowners can do to try and avoid it from happening to them. Or at least to maximize the chance of a porch pirate being prosecuted.

For a start, deliveries could be arranged to require a signature for high-priced items, meaning they cannot be left unattended in the first place. A locked delivery box could also be another route, as is in-garage delivery services such as Amazon Key.

Adding more surveillance, such as video doorbells, can also deter some thieves from stealing packages. In instances where alerts are provided when someone appears on your doorstep, this can help you get the package indoors quickly.