Beware: SIM Hijackers Steal Over $5 Million in Bitcoin in First Reported Crime - page 2.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: Elmer1 on August 04, 2018, 03:34:59 PM

Quote from: stompix on August 04, 2018, 11:17:27 AM

Quote from: davis196 on August 04, 2018, 01:59:03 AM

I'm glad I live in a country ,where phone numbers can't be just transferred from one SIM card to another.

What country is that?

A 20-year old college student from Boston, Massachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

The link in this news are in the top if you are interested

Read what I was asking!!!!!!!!!
He claimed in his country phone numbers can't be transmitted from sim to sim, which sounds impossible.

So, just like the victims, pay some attention!

angelfaria

newbie

Activity: 280

Merit: 0

Hacking has been a serious issue in this, market and now the sim hijacking comes which is even more vulnerable. I think mobile operator, sim companies, phone manufacturing companies should do best from their respective parts to tight the security to stop such hacking.

Elmer1

newbie

Activity: 109

Merit: 0

Quote from: stompix on August 04, 2018, 11:17:27 AM

Quote from: Ilegendph on August 04, 2018, 03:20:57 AM

Quote from: Wendigo on August 04, 2018, 02:44:10 AM

It's the mobile operators' fault for allowing the SIM transfers. It's relatively easy to social engineer one's way around a customer support agent over the phone if some credentials of the victim are known and, after gaining access to the phone number, the intruder can go to town resetting all victim's accounts. SIM transferring should only be allowed by visiting the company's offices and doing it in person after verification of the identity of the SIM owner. I have heard a lot of horror stories about SIM hijacking - mainly famous influencers' Twitter accounts getting hacked via social engineering and lax security protocols of the mobile operators.

I don't believe that you should blame anyone for what happen even the mobile operators are not aware but still they are liable for what happened. Criminals will do whatever they think they can give them huge money. Every system has its vulnerability and its to us (users and the mobile operators) to make strengthen the security what we have by communicating each other regarding this matter.

You realize that you're contradicting yourself in just one line?
I'm willing to bet you actually have no clue what this is about.

Quote from: Kenneth_Bianchi on August 04, 2018, 02:49:03 AM

It's hard to believe that you can lose so much if you lose your phone. A thief can use that phone to access your information and take out massive loans in your name. Or they could get your bitcoin keys, bank password, anything you use to keep money. People need to be more careful about what they leave lying around inside their phones.
But yeah, it's definitely the operators' fault. That's just plain stupid, transferring SIMs that easily.

Just stealing your phones means nothing, the thief would have first to get it unlocked, then try to find if you have accounts with 2fpa, find the username....It's plenty of time to just call your operator, tell them your security code and block the sim.

Quote from: davis196 on August 04, 2018, 01:59:03 AM

I'm glad I live in a country ,where phone numbers can't be just transferred from one SIM card to another.

What country is that?

A 20-year old college student from Boston, Massachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

The link in this news are in the top if you are interested

bonballi

newbie

Activity: 238

Merit: 0

This is really concerning right now. If such incidents can happen and people can hack our sim so easily then we need to opt for apps for 2FA. Right now it looks like mobile 2FA is the weakest of all the verification method available out there.

MetaPhorse007

newbie

Activity: 82

Merit: 0

This days SIM service has been more available than ever, SIM services should be secured by the operators using new technology. Over the phone or PIN, PUK these are considerably secured but highly risky as well. We need to have a more secure technology to handle these issues. Then hacking would be controlled.

Stumbleupon

newbie

Activity: 47

Merit: 0

The news is really dangerous. I think we should be more careful. Thank you that you shared the news. This will benefit many. SIM hijacking, more than 5 million US dollars have already been stolen. I think our warning will safeguard us.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: Ilegendph on August 04, 2018, 03:20:57 AM

Quote from: Wendigo on August 04, 2018, 02:44:10 AM

It's the mobile operators' fault for allowing the SIM transfers. It's relatively easy to social engineer one's way around a customer support agent over the phone if some credentials of the victim are known and, after gaining access to the phone number, the intruder can go to town resetting all victim's accounts. SIM transferring should only be allowed by visiting the company's offices and doing it in person after verification of the identity of the SIM owner. I have heard a lot of horror stories about SIM hijacking - mainly famous influencers' Twitter accounts getting hacked via social engineering and lax security protocols of the mobile operators.

I don't believe that you should blame anyone for what happen even the mobile operators are not aware but still they are liable for what happened. Criminals will do whatever they think they can give them huge money. Every system has its vulnerability and its to us (users and the mobile operators) to make strengthen the security what we have by communicating each other regarding this matter.

You realize that you're contradicting yourself in just one line?
I'm willing to bet you actually have no clue what this is about.

Quote from: Kenneth_Bianchi on August 04, 2018, 02:49:03 AM

It's hard to believe that you can lose so much if you lose your phone. A thief can use that phone to access your information and take out massive loans in your name. Or they could get your bitcoin keys, bank password, anything you use to keep money. People need to be more careful about what they leave lying around inside their phones.
But yeah, it's definitely the operators' fault. That's just plain stupid, transferring SIMs that easily.

Just stealing your phones means nothing, the thief would have first to get it unlocked, then try to find if you have accounts with 2fpa, find the username....It's plenty of time to just call your operator, tell them your security code and block the sim.

Quote from: davis196 on August 04, 2018, 01:59:03 AM

I'm glad I live in a country ,where phone numbers can't be just transferred from one SIM card to another.

What country is that?

InboundMercury

newbie

Activity: 70

Merit: 0

That is really scary, thanks for sharing the news with the community. Hopefully, people will be more careful from now on. Seems like the 2FA that we relied so much upon isn't actually safe at all. Hardware wallets that have an separate 2FA feature should be the best possible solution right now.

Ilegendph

full member

Activity: 434

Merit: 103

Thinking on the higher plane of existence.

Quote from: Wendigo on August 04, 2018, 02:44:10 AM

It's the mobile operators' fault for allowing the SIM transfers. It's relatively easy to social engineer one's way around a customer support agent over the phone if some credentials of the victim are known and, after gaining access to the phone number, the intruder can go to town resetting all victim's accounts. SIM transferring should only be allowed by visiting the company's offices and doing it in person after verification of the identity of the SIM owner. I have heard a lot of horror stories about SIM hijacking - mainly famous influencers' Twitter accounts getting hacked via social engineering and lax security protocols of the mobile operators.

I don't believe that you should blame anyone for what happen even the mobile operators are not aware but still they are liable for what happened. Criminals will do whatever they think they can give them huge money. Every system has its vulnerability and its to us (users and the mobile operators) to make strengthen the security what we have by communicating each other regarding this matter.

Kenneth_Bianchi

newbie

Activity: 20

Merit: 1

The power of SIM cards is incredible these days. Banks are using them for verification, crypto wallets have them with 2FA, and more and more sensitive information is being stored on people's phones.

It's hard to believe that you can lose so much if you lose your phone. A thief can use that phone to access your information and take out massive loans in your name. Or they could get your bitcoin keys, bank password, anything you use to keep money. People need to be more careful about what they leave lying around inside their phones.

But yeah, it's definitely the operators' fault. That's just plain stupid, transferring SIMs that easily.

Wendigo

legendary

Activity: 2604

Merit: 1036

It's the mobile operators' fault for allowing the SIM transfers. It's relatively easy to social engineer one's way around a customer support agent over the phone if some credentials of the victim are known and, after gaining access to the phone number, the intruder can go to town resetting all victim's accounts. SIM transferring should only be allowed by visiting the company's offices and doing it in person after verification of the identity of the SIM owner. I have heard a lot of horror stories about SIM hijacking - mainly famous influencers' Twitter accounts getting hacked via social engineering and lax security protocols of the mobile operators.

davis196

hero member

Activity: 2968

Merit: 913

I'm glad I live in a country ,where phone numbers can't be just transferred from one SIM card to another.
I was reading some other posts here,claiming that smartphones are the most secure place to store cryptocurrencies,because the crypto wallet installed on the phones has no connection to the phones's operating system nore to internet.What a joke?

rabia_laskor

newbie

Activity: 168

Merit: 0

This is sad. Seems like the hackers are coming up with new ways to make money out of people's hard earned coins. The telecom companies need to be more cautious because such incidents will defame their names on the process.

williamcastaneda

newbie

Activity: 31

Merit: 0

Quote from: bitfocus on August 02, 2018, 10:05:51 AM

SimJacking is a serious crime and takes high knowledge and long preparation - serious type of crime.

yeah, they may have studied with a short time and this is dangerous

Marlo Stanfield

sr. member

Activity: 490

Merit: 280

Quote from: Elmer1 on August 01, 2018, 09:12:57 AM

Forget cryptojacking, SIM hijacking now seems set to become even more lucrative for criminals looking to cash in with bitcoin from the burgeoning space.

]A 20-year old college student from BostonMassachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

According to Motherboard, the number of cell phone numbers that the Bostonian named Joel Ortiz and his accomplices hacked using a technique referred to as SIM swapping or hijacking was about 40. With SIM hijacking, mobile operators are tricked into transferring the phone number of a target to a SIM card that’s under the control of the criminal. Upon obtaining the number the criminals can then reset passwords before accessing online accounts of their victim.

Read more about this news https://www.ccn.com/sim-hijackers-steal-over-5-million-in-bitcoin-in-first-reported-crime-of-its-kind/

This isn't really new information to be honest. People have been having issues with 2FA being easily broken by similar cases for quite a long while now. Which is probably why you mostly see token based 2FA rather than the old style.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

Quote from: audaciousbeing on August 02, 2018, 07:13:40 AM

This is purely not the fault of the phone holder because there is no way to control what someone who steal your phone can do with it.

It partly is, though. We know SMS verification is inherently insecure, and has been for years. Continuing to use it is akin to using the same simple password for every account you own.

If you have enough IT knowledge to buy and store crypto, then you definitely have enough to use proper 2FA.

bitfocus

member

Activity: 532

Merit: 15

SimJacking is a serious crime and takes high knowledge and long preparation - serious type of crime.

audaciousbeing

hero member

Activity: 1330

Merit: 569

Quote from: Elmer1 on August 01, 2018, 09:12:57 AM

Forget cryptojacking, SIM hijacking now seems set to become even more lucrative for criminals looking to cash in with bitcoin from the burgeoning space.

]A 20-year old college student from BostonMassachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

According to Motherboard, the number of cell phone numbers that the Bostonian named Joel Ortiz and his accomplices hacked using a technique referred to as SIM swapping or hijacking was about 40. With SIM hijacking, mobile operators are tricked into transferring the phone number of a target to a SIM card that’s under the control of the criminal. Upon obtaining the number the criminals can then reset passwords before accessing online accounts of their victim.

Read more about this news https://www.ccn.com/sim-hijackers-steal-over-5-million-in-bitcoin-in-first-reported-crime-of-its-kind/

This is purely not the fault of the phone holder because there is no way to control what someone who steal your phone can do with it. The fault is actually from the service provider with how much they pride themselves as using state of the art facilities, they could be tricked into giving personal information in such a cheap way and not asking for more information to clarify before giving such information. I wish those who suffer the losses should sue them for the losses as they should be the one held responsible for such vulnerability. I also wish the way they attach it to crypto currency is just to make a statement as it surely more than that, people have their phone numbers linked to their bank accounts which means some other people would have suffered huge amount of loss from that end too. The people involved should be prosecuted and made to face the law but also those who made it possible in this case the service providers should also be made to pay.

hatshepsut93

legendary

Activity: 2954

Merit: 2145

Quote from: Elmer1 on August 01, 2018, 09:12:57 AM

Forget cryptojacking, SIM hijacking now seems set to become even more lucrative for criminals looking to cash in with bitcoin from the burgeoning space.

SIM hijacking has absolutely nothing to do with cryptojacking, they are completely different kinds of attacks and the only thing they have in common is the word "jacking". So, why should we forget cryptojacking?

This attack is not new, it has been around for years and people who are into security know that mobile authentification is weak and things like google authentificator should be used instead.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Quote from: superman99 on August 02, 2018, 03:45:09 AM

Information is terrible !!!
They can steal information from our sim.
Their actions are condemning. High-tech security and privacy activists need to take action to reverse the bad behavior!

Those attacks do not involve stealing information from SIM cards. They don't even require access to the victim's mobile phone (neither physically nor via malware). It's a question of lacking security procedures from the side of mobile operators. Those were social hacks, not technical ones.

Security researches have warned about the risks of SMS based 2FA for almost a decade. Most mobile operators did next to nothing to alleviate these risks. Banks continue using mTANs. Websites and many users continue relying on SMS based 2FA. For some unfathomable reason apparently even tech companies still rely on SMS based 2FA in some cases, with obvious results: https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/

People need to start listening to security researches instead of viewing them as paranoid nerds. But they never do until shit hits the fan.

/rant

Topic: Beware: SIM Hijackers Steal Over $5 Million in Bitcoin in First Reported Crime - page 2. (Read 446 times)