Search This Blog

Showing posts with label Cryptography. Show all posts

Europol Arrests 2 Dozen Suspects of SIM-Swap Fraud Following Cross-Border Investigations



Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations. 

Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now. SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network. 

Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity. 

It had so happened in October in the United States that the FBI cautioned that 'bad guys' were getting around certain kinds of two-factor authentication (2FA).

The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text. 

However whether the hackers are breaking into 'regular old bank accounts' or Bitcoin accounts, the crime is clearly incredibly expensive for the victims who observe helplessly as their accounts drain. Here are some safety measures recommended for the users to consider and forestall such mishappenings-
  1. Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place. 
  2. Avoid obvious answers to account security questions. 
  3. Use an on-access (real-time) anti-virus and keep it up-to-date
  4. Be suspicious if your phone drops back to “emergency calls only” unexpectedly.
  5. Consider switching from SMS-based 2FA codes to codes generated by an authenticator app.

The Head of the FSB appealed for the creation of international rules on the Internet


The Head of the FSB of Russia Alexander Bortnikov stated the need to create international rules on the Internet. In particular, to make encrypted messages in mobile applications open to intelligence agencies.

If the international community can come to a consensus on this issue, the terrorists will actually lose the list of opportunities, such as propaganda, recruitment, financing, communication, management, said Bortnikov at an International Conference on Countering Terrorism on 18 April 2019 in St. Petersburg.

He noted that the use of cryptography in services for communication prevents the effective fight against terror. According to him, Russia has developed a concept for the creation of "the system of the deposit of encryption keys generated by mobile applications, which will be open for control” to solve this problem. Bortnikov proposed to the world community to realize this idea together and to provide intelligence agencies with legal access to important encrypted information of the terrorists.

In addition, Bortnikov noted that at the moment there are more than 10 thousand sites of existing international terrorist structures and thousands of accounts in social networks. The information is published in more than 40 languages, but the leading positions are occupied by Arabic, English and Russian languages.

Bortnikov added that the ability to hide data in IP-telephony and foreign e-mail servers leads to an increase in the spread of false reports of terrorist attacks, as well as the sale of weapons and explosives.

According to one of the amendments to the law on Autonomous RUnet (http://www.ehackingnews.com/2019/02/the-kremlin-told-about-hacker-attacks.html), IT-companies were obliged to use Russian cryptography for all traffic in the Russian segment. It is assumed that the Government will determine the issuance and use of codes and encryption.

In addition, in April 2018 Russia tried to block the Telegram messenger for refusing to provide the FSB with the encryption key of the negotiations of suspected terrorists (http://www.ehackingnews.com/2018/04/russian-court-orders-to-block-telegram.html).

New Steganography method TranSteg hides Data in VoIP(IP Telephony)

Researchers from Warsaw University of Technology, Institute of Telecommunications find a new Steganography method that helps to hide the Data in VoIP(IP Telephony).  The method is named as "TranSteg((Transcoding Steganography)". 

Voice over IP (VoIP), or IP telephony, is one of the services of the IP world that is changing the entire telecommunication’s landscape. It is a real-time service, which enables users to make phone calls through data networks that use an IP protocol.
Steganography encompasses various information hiding techniques, whose aim is to embed a secret message(steganogram) into a carrier (image,audio,video). Steganographic methods are aimed at hiding of the very existence of the communication, therefore any third-party observers should remain unaware of the presence of the steganographic exchange.


In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed.

TranSteg detection is difficult to perform when performing inspection in a single network localisation.