Search This Blog

Showing posts with label SIM Swapping. Show all posts

Europol Arrests 2 Dozen Suspects of SIM-Swap Fraud Following Cross-Border Investigations



Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations. 

Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now. SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network. 

Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity. 

It had so happened in October in the United States that the FBI cautioned that 'bad guys' were getting around certain kinds of two-factor authentication (2FA).

The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text. 

However whether the hackers are breaking into 'regular old bank accounts' or Bitcoin accounts, the crime is clearly incredibly expensive for the victims who observe helplessly as their accounts drain. Here are some safety measures recommended for the users to consider and forestall such mishappenings-
  1. Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place. 
  2. Avoid obvious answers to account security questions. 
  3. Use an on-access (real-time) anti-virus and keep it up-to-date
  4. Be suspicious if your phone drops back to “emergency calls only” unexpectedly.
  5. Consider switching from SMS-based 2FA codes to codes generated by an authenticator app.

Understand how SIM Swapping can easily be used to hack your accounts!

We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a study by Princeton University prooves the vulnerability of wireless carriers and how these SIM swapping has helped hackers ease their hands into frauds and crimes.



SIM swapping gained quite an attention when Twitter CEO Jack Dorsey’s account was hacked on his own platform. A study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. And this sim hijacking is on a rise in developing countries like Africa and Latin America.

What is SIM swapping? 

SIM swapping is when your account is taken over by someone else by fraud through phone-based authentication usually two-factor authentication or two-step verification. This could give the hacker access to your email, bank accounts, online wallets and more.

How does the swap occur? 

In a SIM swap, scammers exploit the second step in two-factor verification, where either a text message or a call is given to your number for verification.

Citywire further explains the process, "Usually, a basic SIM-card swapping work when scammers call a mobile carrier, impersonating the actual owner and claiming to have lost or damaged their SIM card. They then try to convince the customer service representative to activate a new SIM card in the fraudster’s possession. This enables the fraudsters to port the victim’s telephone number to the fraudster’s device containing a different SIM."

After accessing the account, the scammers can control your email, bank accounts, online wallets and more.

 Detecting SIM swapping attack

• The first sign is if your text messages and cell phones aren't functioning, it's probable that your account is hijacked.

• If the login credentials set by you stop working then it's probably a sign that your account has been taken over. Contact your telecom provider and bank immediately.

• If you get a message from your telecom provider that your SIM card has been activated on another device, be warned it's a red sign.

Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft


Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January.

The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec.

Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the internet including computers, mobile phones, tablets, games, and consoles. Specifically from accessing, “any computer, tablet, mobile phone, game console, including PS3, PS4, Xbox, Nintendo Switch, or any other device capable of accessing the Internet”. He has also been ordered to hand over his passport to local police to assure he does not flee away from the country.

One of the purported victims Don Tapscott confirmed, “We can confirm that last year a hacker attempted to steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

SIM swapping attack, also known as SIM jacking or SIM splitting is a form of identity theft where an attacker targets a weakness in two-factor authentication to take over an account. The attacker exploits a cell phone carrier's ability to port a phone number to a new device with a new SIM to acquire access to the victim's credit card numbers, bank accounts, and other financial information. The feature is normally used when someone loses access to his phone (or gets it stolen) or is switching service to a new device. As the reliability of customers on mobile-based authentication is growing, SIM swap attacks have also been on a rise in recent times.

Teen hacker-for-hire jailed for SIM-swapping attacks, data theft


A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on trends including SIM-swapping attacks.

The UK's Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced at Norwich Crown Court on Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order.

In April 2018, a routine visit was conducted to Gunton's home with respect to the Sexual Harm Prevention Order that was imposed in 2016 for past offenses.

During the inspection, law enforcement found software which indicated the teenager may be involved in cybercrime, and the further investigation of a laptop belonging to Gunton and seized by police revealed that he had been offering himself as a provider of hacking services.

Specifically, Gunton offered to supply stolen personal information to those that hired him. This information, which could include personally identifiable information (PII) such as names, addresses, and online account details, could then be used to commit fraud and SIM-swapping attacks.

The theft and sale of PII is a commonplace occurrence today. However, SIM-swapping attacks are a relatively new phenomenon.

In order to conduct a SIM-swap, a fraudster will obtain some PII from a target and then call up their telephone subscription provider while pretending to be the true owner of the account. Social engineering then comes into the mix to convince the operator to switch the telephone number belonging to the victim to the attacker's control.

It might only be a short window in which the victim does not realize their number has been transferred, but this time frame can be enough for an attacker to bypass two-factor authentication (2FA), intercept calls and text messages, request password resets, and compromise online accounts ranging from email addresses to cryptocurrency wallets.

Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.

SIM SWAP Fraud: A Mumbai Businessman Gets Robbed Off Of 1.86 Crore Via Missed Calls






A terrifying banking fraud, the researchers are calling “SIM SWAP”, recently preyed upon a Mumbai based businessman.
Reportedly, Rs.1.86 crore were harvested from this man’s bank balance via 6 late night missed calls.




Numerous other such cases of “SIM-SWAPPING” have also come to light in the metro cities of Bengaluru, Delhi, Bombay and Kolkata and the police cyber-cells are working on them.


This baffling fraud is not just subjective to people with lack of cyber knowledge or lack of critical thinking, technologically active people could also easily get drowned in the scam.


This seemingly stupid and unbelievable method of scamming people is fairly obvious to other parts of the cyber-world.


Despite being quite fresh in India, it has already affected a lot of people around the country and has targeted a fair number of “not-so-aware” mobile phone users, leaving their bank accounts pretty light.


When users switch from their old generation SIM cards to the upgraded versions, meaning when they change their 3G cards to 4G they use a technology called, “SIM SWAP” to register the new SIM card.


This technology had also come into play when the older SIM cards got switched by nano cards.




SIM SWAP:- WHAT? AND HOW?
SIM SWAP is a technique of replacing the existing SIM card by a duplicate one.

It can only be done when the attacker knows the unique 20 digit SIM number embarked on the SIM card.

Either the SIM-con would persuade the user into telling them the number or would hack into it on their own.




WHAT HAPPENED TO THE VICTIM!
Reportedly, the scammers had gotten the access to the victim’s 20 digit card number and had set the SIM SWAP process on, in the night time.

The scam broadly takes place in 2 steps, the SIM SWAP being the second step of the scamming technique.


Already privy to the banking ID and passwords, all that’s left for the fraudulent cons to find is the OTP on the registered mobile number and behold, the transactions begin!


Possibly, the victim was previously victimised by a phishing attack and unawares, mentioned his real password and account ID into a fake website fabricated by the cons.


The businessman had received 6 missed calls between the hours of 11pm and 2 am. These calls were initiated from 2 separate numbers, one beginning from +44(UK’s code).


The calls weren’t attended to as his phone was on the silent mode. Almost all the money got withdrawn from around 14 bank accounts the man had across the country, except for the 20 lakhs he somehow managed to recover.



When a user SIM SWAPS or basically EXCHANGES SIM CARD, all they do is register their phone number with their new SIM card.


This way the phone number is harvested and once that’s done the OTPs could be easily received, opening avenues of online shopping and ludicrous transactions in the owner’s name.


SIM SWAP could also affect people who communicate about their passwords or IDs via cell phones.


The technique depends upon who is a part of the communication. In actual and legitimate SIM exchanges, the users are connected to the servers of service providing organizations like Vodafone or Airtel.


These operators have ‘specifically designed official USSD codes’ for the SIM Swap process.


But when the swapping is not done by the user, the 20 digit SIM card number might fall into wrong hands.


If the wrongly swapped SIM card falls into the hands of the scammer, the victim would fall into immense danger.




HOW THE SCAM GOES ABOUT

The user would get call from the scammer, pretending to be from Idea or Jio. The caller would then, engage the user by saying that the call is for improving the call experience.


Once, set and familiar, the caller would guide the user’s way to SIM exchange, all the way wanting to extract the 20 digit SIM code.


The caller would try all means possible and would trick the user with any trickery possible to haul those 20 digits out.


After having persuaded the user about the 20 digits, the caller would ask them to press 1 or confirm the SIM swap.


The fraudster would then actually initiate the SWAP, having extracted the 20 digit SIM code, they were after.



Meaning, if supposedly the user has an Airtel SIM, the fraudster will too use an Airtel SIM to officially go through with the SIM swap.


Airtel would then send a confirmation text to the user’s cell number. Airtel would be sure that the SIM swap has actually happened and the attacker would have the cell number.


The actual user’s mobile will be left with no signals at all, whereas the fraudster will have full signals on the SIM and complete control over the cell number.


The fraudster would then incessantly call to make the user switch off the phone, in order to get a window to complete the fraud. Once that’s done, the user wouldn’t have any idea about it.



 
Aadhar number could also be an important credential that you would never want to share over the phone.

Also, always keep a close check on your bank account, and if any weird activity is speculated, immediately contact the bank and put a stop to the questionable transaction.

21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million


U.S. broadsheet the New York Post announced Nov. 20 regarding some authorities in the United State, state of California who have arrested a 21-year old New Yorker for the supposed burglary of $1 million in crypto utilizing "SIM-swapping,"

SIM-swapping otherwise called a "port-out scam" includes the burglary of a mobile phone number with the end goal to capture online financial and social media accounts, empowered by the way that numerous organizations utilize computerized messages or telephone calls to deal with client validation.

The captured suspect, Nicholas Truglia, is accused for having focused on well off Silicon Valley officials in the Bay Area, and of effectively convincing telecoms support staff to port six exploited people's numbers to his an affirmed "crew" of accomplice attackers. Deputy DA Erin West, of Santa Clara Superior Court, told the Post that the ploy was "a new way of doing an old crime.”

“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” West said.

With his capture on November 14, authorities were able to recover $300,000 in stolen reserves while the remaining assets remain untraced.

Trugila is currently being held at pending for extradition to Santa Clara, where he faces 21 felony counts related with an aggregate of six exploited people, authorities said. One of Truglia's supposed SIM-swapping victims, San Francisco-based Robert Ross, was purportedly robbed of $500,000 worth of crypto possessions on his Coinbase wallet "in a flash" on Oct. 26, and in the meantime a further $500,000 was taken from his Gemini account. West said the $1,000,000 was Ross' "life savings" and his two girls' college fund.

This rising predominance of SIM swap-related occurrences has therefore provoked a California-based law enforcement group to make it their "most noteworthy need." in excess of one prominent occasion, exploited people have acted to sue telecoms firms, for example, AT&T and T-Mobile for their help of the wrongdoing.

Truglia is since being held Manhattan Detaintion Complex pending extradition to Santa Clara in California. Formal charges identify with a seven-day "hacking spree" starting Oct. 8, particularly involving "grand theft, altering or damaging computer data with the intent to defraud and using personal information without authorization.”