Pages:
Author

Topic: Beware: SIM Hijackers Steal Over $5 Million in Bitcoin in First Reported Crime - page 3. (Read 479 times)

newbie
Activity: 182
Merit: 0
Information is terrible !!!
They can steal information from our sim.
Their actions are condemning. High-tech security and privacy activists need to take action to reverse the bad behavior!
newbie
Activity: 94
Merit: 0
Forget cryptojacking, SIM hijacking now seems set to become even more lucrative for criminals looking to cash in with bitcoin from the burgeoning space.

]A 20-year old college student from BostonMassachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

According to Motherboard, the number of cell phone numbers that the Bostonian named Joel Ortiz and his accomplices hacked using a technique referred to as SIM swapping or hijacking was about 40. With SIM hijacking, mobile operators are tricked into transferring the phone number of a target to a SIM card that’s under the control of the criminal. Upon obtaining the number the criminals can then reset passwords before accessing online accounts of their victim.


Read more about this news https://www.ccn.com/sim-hijackers-steal-over-5-million-in-bitcoin-in-first-reported-crime-of-its-kind/
I heard that it is not convenient to store bitcoin for a long time, and maybe only 2FA Google authentication protection authority can eliminate this crime
legendary
Activity: 2268
Merit: 18748
It always amazes me that people who have so much money stored in cryptocurrency are so technically inept and bad at security.

If your 2FA can be reset/hacked by the same method that would reset/hack your logins/passwords, then it isn't 2FA. Use one that isn't linked to or backed up on your SIM, email, etc. Some hardware wallets such as the Ledger have a 2FA app available for them.

legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
This attack was happening a few years back to youtubers. A lot of high profile youtubers were getting their account hacked because they had T-Mobile and their security policies weren't very strict. Hackers would just call customer support, pretend to be the youtuber, and boom they get their simcard. 2FA through text is the least secure method for 2FA. As you said, use an app like authy or google authenticator. Infinitely more secure.

It's freaking scary how much you can achieve by simply calling customer support. I always get a bit uneasy when I get in touch with customer support that seems to handle support requests a tad bit too informal for my taste. Sure it's convenient, but also... you know... insecure.


What's a 2FA dongle though? I have never heard of a dongle for 2FA before, but I would love to get one.

Yubikey for example:
https://www.yubico.com/products/yubikey-hardware/

I have no personal experience with this hardware, but recently read an article about how Google has shifted away from app-based 2FA to Yubikeys. Apparently they've been using them internally for 1-2 years by now, with good results. Not sure how widely supported they are though.
sr. member
Activity: 574
Merit: 296
Bitcoin isn't a bubble. It's the pin!
SIM hijacking is a serious issue and is an attack vector that has been known for years. It's why the usage of mTAN by banks has been critized as highly insecure in the past. I'm not sure about the actual success rate of said attacks, but they have existed for quite a while now [1]. Reading stompix' post it seems like at least mobile providers finally got the memo though.

The lesson: Don't rely on text messages for 2FA! Use an app or a dongle instead!

(German source only, sorry)
[1] https://www.heise.de/security/meldung/Online-Banking-Neue-Angriffe-auf-die-mTAN-2851624.html


This attack was happening a few years back to youtubers. A lot of high profile youtubers were getting their account hacked because they had T-Mobile and their security policies weren't very strict. Hackers would just call customer support, pretend to be the youtuber, and boom they get their simcard. 2FA through text is the least secure method for 2FA. As you said, use an app like authy or google authenticator. Infinitely more secure.

What's a 2FA dongle though? I have never heard of a dongle for 2FA before, but I would love to get one.
full member
Activity: 602
Merit: 100
That’s alarming to all to secure their account & password, because they can be victim as well.
For that it is necessary to use one time password along with 2 way authentication, it will be more usefull if you used hardware wallet.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
SIM hijacking is a serious issue and is an attack vector that has been known for years. It's why the usage of mTAN by banks has been critized as highly insecure in the past. I'm not sure about the actual success rate of said attacks, but they have existed for quite a while now [1]. Reading stompix' post it seems like at least mobile providers finally got the memo though.

The lesson: Don't rely on text messages for 2FA! Use an app or a dongle instead!

(German source only, sorry)
[1] https://www.heise.de/security/meldung/Online-Banking-Neue-Angriffe-auf-die-mTAN-2851624.html
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
The first time I can say I'm happy to be with Orange..

When I got my sim damaged I had to go in person to a store with my id card and my PUK code in order to give me a new one and on top of that I've had to wait until they've verified that indeed that was the original sim

Took me 2 hours of waiting and I've cursed them with every damn word in my fucktionarry but now reading this I'm quite happy things are like that.
newbie
Activity: 109
Merit: 0
Forget cryptojacking, SIM hijacking now seems set to become even more lucrative for criminals looking to cash in with bitcoin from the burgeoning space.

]A 20-year old college student from BostonMassachusetts was arrested in California earlier this month on charges of being part of a gang that hacked cellphone numbers before stealing over US$5 million in bitcoin and other cryptocurrencies.

According to Motherboard, the number of cell phone numbers that the Bostonian named Joel Ortiz and his accomplices hacked using a technique referred to as SIM swapping or hijacking was about 40. With SIM hijacking, mobile operators are tricked into transferring the phone number of a target to a SIM card that’s under the control of the criminal. Upon obtaining the number the criminals can then reset passwords before accessing online accounts of their victim.


Read more about this news https://www.ccn.com/sim-hijackers-steal-over-5-million-in-bitcoin-in-first-reported-crime-of-its-kind/
Pages:
Jump to: