Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SIM Swapping. Show all posts

CISA Advises Firms to Adopt Passwordless Security in LAPSUS$ Report

 

A series of high-profile cyber attacks carried out by teenage hackers in 2021 and 2022 reveals systemic flaws in the telecommunications industry and security practices employed by a number of businesses, according to a Department of Homeland Security investigation. 

The department's Cyber Safety Review Board, in a 59-page report released Thursday, urged the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) to strengthen their oversight and enforcement activities related to SIM swapping, and requested telecommunications providers to report such attacks to the regulators. 

The board also advised organisations to abandon widely used SMS and voice-based multi factor authentication in favour of "adopting easy-to-use, secure-by-default-passwordless solutions." 

The report, commissioned by CISA Director Jen Easterly, focuses on a group of young hackers known as Lapsus$, who carried out a series of attacks against big technological companies such as Uber, Okta, Samsung, and others. 

The attacks garnered attention not only because of the victims, but also because of their boldness - hackers would frequently get access to a company's systems and critical data, then post screenshots and emojis in companywide internal chat conversations. 

Once it was revealed that the group mainly consisted of teens in 2022, it became even more well-known. Seven people between the ages of 16 and 21 were detained by British police in March of that year, and in October, Brazilian police detained a further person. 

The DHS review noted that the attacks highlighted how SMS-based multifactor authentication, a practise frequently employed by organisations to add an additional layer of protection when employees and customers log into accounts, may be thwarted by hackers due to inadequate security practises at telecom carriers.

Lapsus was able to get basic data about its victims, such as their name and phone number, and employed them to carry out fraudulent SIM swaps and intercept text messages that let them sign into accounts or carry out account recoveries. 

The federal government was urged by the review board to create a roadmap of "standards, frameworks, guidance, tools, and technology" that can assist organisations in implementing passwordless authentication rather than SMS-based multifactor authentication as part of its recommendations.

T-Mobile Reveals its Security Systems were Hacked via Lapsus$ Hackers

 

T-Mobile acknowledged on Friday it had been the subject of a security compromise in March when the LAPSUS$ mercenary group gained access to its networks. The admission occurred after investigative journalist Brian Krebs published internal chats from LAPSUS$'s key members, revealing the group had infiltrated the company many times in March previous to the arrest of its seven members. 

After analyzing hacked Telegram chat conversations between Lapsus$ gang members, independent investigative journalist Brian Krebs first exposed the incident. T-Mobile said in a statement the breach happened "a few weeks ago" so the "bad actor" accessed internal networks using stolen credentials. "There was no customer or government information or any similarly sensitive information on the systems accessed, and the company has no evidence of the intruder being able to get anything of value," he added.

The initial VPN credentials were allegedly obtained from illegal websites such as Russian Market in order to get control of T-Mobile staff accounts, enabling the threat actor to conduct SIM switching assaults at anytime. 

The conversations suggest how LAPSUS$ had hacked T-Slack Mobile's and Bitbucket accounts, enabling the latter to obtain over 30,000 source code repositories, in addition to getting key to an internal customer account management application called Atlas. In the short time since it first appeared on the threat scene, LAPSUS$ has been known for hacking Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, Okta, and Globant. 

T-Mobile has acknowledged six previous data breaches since 2018, including one in which hackers gained access to data linked to 3% of its members. T-Mobile acknowledged it had disclosed prepaid customers' data a year later, in 2019, and unknown threat actors had acquired access to T-Mobile workers' email accounts in March 2020. Hackers also acquired access to consumer private network information in December 2020, and attackers accessed an internal T-Mobile application without authorization in February 2021. 

According to a VICE investigation, T-Mobile, unsuccessfully, tried to prevent the stolen data from being posted online after paying the hackers $270,000 through a third-party firm in the aftermath of the August 2021 breach. After its stolen sensitive information turned up for sale on the dark web, the New York State Office of the Attorney General (NY OAG) alerted victims of T-August Mobile's data breach would face elevated identity theft risks. 

The City of London Police announced earlier this month as two of the seven adolescents arrested last month for alleged potential connections to the LAPSUS$ data extortion group, a 16-year-old, and a 17-year-old had been charged.

Another T-Mobile Cyberattack Allegedly Exposed User Information and SIM Cards

 

T-Mobile has been subjected to yet another cyberattack following a big data breach in August. According to documents revealed by The T-Mo Report, attackers gained access to "a small number of" users' accounts this time. The damage appears to be far less serious this time. It appears that just a small percentage of consumers are affected. There is no further information regarding what transpired, with the records just stating that some information was leaked. 

Customers who have been affected fall into one of three categories. First, a client may have only been impacted by a CPNI leak. This information could include the billing account name, phone numbers, the number of lines on the account, account numbers, and rate plan information. That's not ideal, but it's far less damaging than the August incident, which exposed client social security numbers. 

The second category into which an impacted consumer may fall is having their SIM swapped. In order to get control of a phone number, a malicious actor will alter the physical SIM card linked with it. This can and frequently does result in the victim's other online accounts being accessed through two-factor authentication codes supplied to their phone number. According to the document, consumers who were affected by a SIM swap have now had that action reversed. The final category consists of both of the previous two. Customers who were affected may have had their private CPNI accessed as well as their SIM card swapped. 

When it comes to account security, T-Mobile does not have the finest track record. As previously stated, a huge data breach occurred earlier this year in August, exposing information on roughly 50 million users across both post-paid and prepaid accounts. The stolen files contained crucial personal information such as first and last names, dates of birth, Social Security numbers, and driver's licence / ID numbers - the kind of information you could use to open a new account or hijack an existing one. It did not appear to include "phone numbers, account numbers, PINs, or passwords." 

Affected customers, who appear to be few in number, have received letters warning them of the unlawful activity on their accounts. Memos have also been placed on those impacted accounts so that reps may see them when they log in.

"We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf," a T-Mobile spokesperson said.

UK Man Arrested for Cryptocurrency Fraud, Sentenced 20 Years

 

A United Kingdom man who was earlier charged in the US for links to hacking celebrities' and politicians' Twitter accounts was recently arrested for stealing cryptocurrency worth $784,000 of cryptocurrency. Prosecutors in Manhattan, US said that Joseph James O'Connor (age 22) along with his partners stole Bitcoin, Litecoin, and Ethereum, after getting access to target's cellphone no. by linking it to SIM cards. 

O Connor, aka PlugwalkJoe, along with his partners orchestrated a SIM swapping attack targeting three Manhattan cryptocurrency company executives, stealing cryptocurrency from two clients, while laundering it. O Connor's lawyer isn't yet known. As per the prosecutors, the campaign ran from March 2019 to May 2019. O'Connor awaits possible extradition from Spain after the July arrest concerned with a last year's July hack which compromised several Twitter accounts and stole around $118,000 worth of Bitcoins. 

"It named the British man as Joseph James O'Connor and said he faced multiple charges. He was also accused in a criminal complaint of computer intrusions related to takeovers of TikTok and Snapchat accounts, including one incident involving sextortion, as well as cyberstalking a 16-year-old juvenile," reported Reuters earlier in July. These hacked accounts include current US president Joe Biden, former president Barack Obama, Ex Amazon CEO Jeff Bezos, Bill Gates, Warren Buffett, Kim Kardashian, Elon Musk, and rapper Kanye West (currently known as Ye). 

The accused teenager, Graham Ivan Clark, the mastermind behind the Twitter hack, pleaded guilty in March in state court of Florida and is currently serving three years in a juvenile prison. The latest charges against Connor consist of money laundering and conspiracies to commit wire fraud, carrying a minimum of 20 years prison sentence, along with aggravated identity theft and computer hacking conspiracy. 

Reuters reports, "the alleged hacker used the accounts to solicit digital currency, prompting Twitter to take the extraordinary step of preventing some verified accounts from publishing messages for several hours until security to the accounts could be restored."

US Scammers Charged in SIM Swapping and Vishing Scam

 

The Maryland District Attorney’s Office has sentenced twenty-year-old Kyell Bryan from Pennsylvania, one of the two conspirators to grave identity theft for a SIM swap and cryptocurrency theft. 

According to the first indictment, Bryan conspired with Jordan K. Milleson and stole over 16,000 worth of cryptocurrency from a wireless carrier employee after SIM swapping his phone number in June 2019. The two were active members of the OGUsers trade forum, which employed similar phishing attacks against Twitter and other organizations, usually with the motive to steal financial credentials.

Later in 2019, the officials discovered leaked messages from OGUsers which suggested that Bryan asked another member's help for designing a website similar to T-Mobile’s employee login page. The stolen credentials were used to perform unauthorized SIM swaps and redirect their target’s phone number to evade the two-factor authentication process that is supposed to protect accounts. After successful swapping, Bryan directed his partner to transfer a cryptocurrency worth $ 16,847.47 from the victim’s account. 

Interestingly, the scheming partnership turned into a business dispute after Bryan and other accomplices suspected that Milleson failed to share the proceeds of a digital currency theft. After discovering the conspiracy, he called the Baltimore County police and reported falsely that he was at Milleson’s home address with a gun, saying he shot his father and threatened to shoot himself. 

When officers spoke to Milleson’s relative, they told them about a previous phone call claiming Milleson had stolen $ 20,000. Earlier in May 2021, Milleson was sentenced to two years in federal prison and paid $ 34,329.01.

“During the call, Bryan, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him. The call was a ‘swatting’ attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response — thereby causing a life-threatening situation,” reads a statement from the U.S. Attorney’s Office for the District of Maryland. 

Earlier this week, Bryan pleaded guilty and is due to be sentenced in January 2022 to two years in federal prison after a year of supervised release. As part of his plea agreement, Bryan is sentenced to pay $ 16,847.47.

American Telecommunications Firm, T-Mobile Confirmed Data Breach and Sim Swapping Attacks

 

After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a data breach. The organization believes that this malicious conduct has been detected very easily and that it has taken steps to stop it and discourage it from continuing in the future. 

SIM swap attacks (or SIM hijacking) permits scammers who use social engineering or bribing mobile operator workers to a fraudster-controlled SIM to gain a charge of their target telephone number. They then receive messages and calls from victims and enable users to easily bypass multi-factor authentication (MFA) through SMS, steal user identifiers, and take over the victims' Online Service Accounts. Criminals will enter the bank accounts of the victims and take money, swap passwords for their accounts, and even lock the victims out of their own accounts. 

T-Mobile disclosed that an anonymous perpetrator had access to customer account details, including contact information and personal id numbers- in the communication of violation sent to affected consumers on 9 February 2021. As the attackers have been able to port numbers, it is not known whether or not they have been able to access an employee's account by means of the affected account users.

"An unknown actor gained access to certain account information. It appears the actor may then have used this information to port your line to a different carrier without your authorization," T-Mobile said.
 
"T-Mobile identified this activity—terminated the unauthorized access, and implemented measures to protect against reoccurrence".

Client names, emails, e-mail addresses, account numbers, Social Security Numbers (SSN), PINs, questions and responses about account security, date of birth, schedule information, and a number of lines signed up to their accounts may have been used for the information stolen by hackers stated T-Mobile.
 
"T-Mobile quickly identified and terminated the unauthorized activity; however we do recommend that you change your customer account PIN."

Affected customers of T-Mobile are encouraged to update their name, PIN, and security questions and answers. Via 'myTrueIdentity' from Transunion, T-Mobile is providing two years of free surveillance and identity fraud prevention services. Details on how to log on to these systems are given to the recipient of the data breach notice that is sent to the compromised customers. Changing PIN and security concerns, since both have been weakened, should be a top priority at this time.

eSIM Swapping Fraud: Cyber Criminals Targeting Airtel Customers in Hyderabad


Hyderabad witnessed three back to back cases of cyberfraud wherein criminals targeted Airtel customers promising them eSIM connection that led to a fraud of more than 16 lakh Rs. In the wake of the frauds, the Hyderabad cyber crime police station issued an advisory alerting Airtel customers regarding the fraudsters befooling people in the name of the eSIM connection.

S. Appalanaidu, a resident of Miyapur, Hyderabad received a message on 11th July informing him that if he fails to update his KYC details, his SIM card would get blocked. “Dear Customer Your SIM Card Will Be Blocked in 24 hours Please Update Your eKYC verification Thanks”. The message read.

Later, he received a phone call from a person acting to be a customer care executive for Airtel who asked Mr. Appalanaidu to forward the e-mail address sent by him to #121 i.e., Airtel customer care number, in order to get his KYC updated online. Reportedly, after forwarding the email-id, Mr. Appalanaidu got an auto-generated SMS from the service provider for registering the email address for his contact number. Once the e-Sim request was forwarded by him to Airtel along with the email address, he received another auto-generated SMS handing him the e-SIM enabled handset and asking to proceed with the same. After that, he received a Google view form link on which he submitted the name of his bank and forwarded it to the caller. Immediately after his SIM card got blocked and a sum of Rs. 9,20,897 had been deducted from his bank account. Following the incident, Mr. Appalanaidu filed a complaint on 14th July urging for necessary actions to be taken by cyber police.

Similarly, the criminals cheated two other Airtel users for amounts - Rs. 5,94,799 and 1,03,990 respectively. In the light of that, Hyderabad cyber police issued an advisory to warn customers about how fraudsters are sending a heap of messages and calling them claiming to be Airtel customer care executives and asking them to send requests for the activation of eSIM and eSIM enables devices, which is just another way of cheating customers and tricking them into providing enough personal and financial details for fraudsters to capitalize on. ,

SMS System Now A Long-Gone Era; Google Brings Out A New Update



With the rise of encrypted alternatives of SMS messages, WhatsApp, iMessage, and Signal, the SMS system has become a 'throwback to a long-gone era'. 

But ironically, that same SMS system has additionally been on the rise as the default delivery mechanism for most two-factor authentication (2FA) codes. 

The issue is being viewed as a critical one in light of the fact that an SMS is delivered to a phone number with no user authentication—biometric or password security efforts secure our physical devices, not our numbers, they are separated. 

What's more, this explanation alone clears a path for SIM-swapping, social engineering scams to take those six-digit codes, to malware that catches and exfiltrates screenshots of the approaching messages. For each one of those reasons, and a couple of additional, the advice is currently to avoid SMS-based 2FA if feasible for the user. 

But still,  if the user can tie 2FA to the biometric or password security of a known device, at that point this is a huge improvement. Apple does this splendidly. And Google is quick on making this the default also. 

In a blog post on June 16, Google confirmed “Starting on July 7 we will make phone verification prompts the primary 2-Step Verification (2SV) method for all eligible users.” 

Their plan fundamentally is to switch Google account holders to this setting, forestalling the majority, essentially defaulting to an SMS message or voice call. 

Yet, there's a drawback with this too , in light of the fact that all devices a user is logged into will receive the prompt, and that will require some rejigging for families sharing devices. Furthermore, users who have security keys won't see a change.

Phone prompt 2FA


In the event that the phone prompt doesn't work for the user, they can get away to an SMS during the verification process—however, Google doesn't recommend this. 

Further explaining that this move is both progressively secure and simpler, “as it avoids requiring users to manually enter a code received on another device.” 

In taking the decision to make this the "primary technique" for 2FA, Google says “We hope to help [users] take advantage of the additional security without having to manually change settings—though they can still use other methods of 2-Step Verification if they prefer.” 

For an attacker to spoof this system they will require physical access to one of the user's already logged-on devices where they will see the prompt. Users will likewise have the option to audit and remove devices they no longer need to gain access to this security option. 

Also, on the grounds that the prompt hits all logged-on, authorized devices all at once—user will straight away know whether an attempt is being made to open their account without their knowledge. 

Nonetheles, with the increasing utilization of multi-device access to our various platforms, it is an extraordinary thought to utilize an authentication device to verify another logon and this step by Google has without a doubt emerged as an incredible one in the direction way which should be followed by others as well.

Europol Arrests 2 Dozen Suspects of SIM-Swap Fraud Following Cross-Border Investigations



Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations. 

Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now. SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network. 

Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity. 

It had so happened in October in the United States that the FBI cautioned that 'bad guys' were getting around certain kinds of two-factor authentication (2FA).

The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text. 

However whether the hackers are breaking into 'regular old bank accounts' or Bitcoin accounts, the crime is clearly incredibly expensive for the victims who observe helplessly as their accounts drain. Here are some safety measures recommended for the users to consider and forestall such mishappenings-
  1. Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place. 
  2. Avoid obvious answers to account security questions. 
  3. Use an on-access (real-time) anti-virus and keep it up-to-date
  4. Be suspicious if your phone drops back to “emergency calls only” unexpectedly.
  5. Consider switching from SMS-based 2FA codes to codes generated by an authenticator app.

Understand how SIM Swapping can easily be used to hack your accounts!

We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a study by Princeton University prooves the vulnerability of wireless carriers and how these SIM swapping has helped hackers ease their hands into frauds and crimes.



SIM swapping gained quite an attention when Twitter CEO Jack Dorsey’s account was hacked on his own platform. A study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. And this sim hijacking is on a rise in developing countries like Africa and Latin America.

What is SIM swapping? 

SIM swapping is when your account is taken over by someone else by fraud through phone-based authentication usually two-factor authentication or two-step verification. This could give the hacker access to your email, bank accounts, online wallets and more.

How does the swap occur? 

In a SIM swap, scammers exploit the second step in two-factor verification, where either a text message or a call is given to your number for verification.

Citywire further explains the process, "Usually, a basic SIM-card swapping work when scammers call a mobile carrier, impersonating the actual owner and claiming to have lost or damaged their SIM card. They then try to convince the customer service representative to activate a new SIM card in the fraudster’s possession. This enables the fraudsters to port the victim’s telephone number to the fraudster’s device containing a different SIM."

After accessing the account, the scammers can control your email, bank accounts, online wallets and more.

 Detecting SIM swapping attack

• The first sign is if your text messages and cell phones aren't functioning, it's probable that your account is hijacked.

• If the login credentials set by you stop working then it's probably a sign that your account has been taken over. Contact your telecom provider and bank immediately.

• If you get a message from your telecom provider that your SIM card has been activated on another device, be warned it's a red sign.

Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft


Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January.

The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec.

Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the internet including computers, mobile phones, tablets, games, and consoles. Specifically from accessing, “any computer, tablet, mobile phone, game console, including PS3, PS4, Xbox, Nintendo Switch, or any other device capable of accessing the Internet”. He has also been ordered to hand over his passport to local police to assure he does not flee away from the country.

One of the purported victims Don Tapscott confirmed, “We can confirm that last year a hacker attempted to steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

SIM swapping attack, also known as SIM jacking or SIM splitting is a form of identity theft where an attacker targets a weakness in two-factor authentication to take over an account. The attacker exploits a cell phone carrier's ability to port a phone number to a new device with a new SIM to acquire access to the victim's credit card numbers, bank accounts, and other financial information. The feature is normally used when someone loses access to his phone (or gets it stolen) or is switching service to a new device. As the reliability of customers on mobile-based authentication is growing, SIM swap attacks have also been on a rise in recent times.

Teen hacker-for-hire jailed for SIM-swapping attacks, data theft


A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on trends including SIM-swapping attacks.

The UK's Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced at Norwich Crown Court on Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order.

In April 2018, a routine visit was conducted to Gunton's home with respect to the Sexual Harm Prevention Order that was imposed in 2016 for past offenses.

During the inspection, law enforcement found software which indicated the teenager may be involved in cybercrime, and the further investigation of a laptop belonging to Gunton and seized by police revealed that he had been offering himself as a provider of hacking services.

Specifically, Gunton offered to supply stolen personal information to those that hired him. This information, which could include personally identifiable information (PII) such as names, addresses, and online account details, could then be used to commit fraud and SIM-swapping attacks.

The theft and sale of PII is a commonplace occurrence today. However, SIM-swapping attacks are a relatively new phenomenon.

In order to conduct a SIM-swap, a fraudster will obtain some PII from a target and then call up their telephone subscription provider while pretending to be the true owner of the account. Social engineering then comes into the mix to convince the operator to switch the telephone number belonging to the victim to the attacker's control.

It might only be a short window in which the victim does not realize their number has been transferred, but this time frame can be enough for an attacker to bypass two-factor authentication (2FA), intercept calls and text messages, request password resets, and compromise online accounts ranging from email addresses to cryptocurrency wallets.

Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.

SIM SWAP Fraud: A Mumbai Businessman Gets Robbed Off Of 1.86 Crore Via Missed Calls






A terrifying banking fraud, the researchers are calling “SIM SWAP”, recently preyed upon a Mumbai based businessman.
Reportedly, Rs.1.86 crore were harvested from this man’s bank balance via 6 late night missed calls.




Numerous other such cases of “SIM-SWAPPING” have also come to light in the metro cities of Bengaluru, Delhi, Bombay and Kolkata and the police cyber-cells are working on them.


This baffling fraud is not just subjective to people with lack of cyber knowledge or lack of critical thinking, technologically active people could also easily get drowned in the scam.


This seemingly stupid and unbelievable method of scamming people is fairly obvious to other parts of the cyber-world.


Despite being quite fresh in India, it has already affected a lot of people around the country and has targeted a fair number of “not-so-aware” mobile phone users, leaving their bank accounts pretty light.


When users switch from their old generation SIM cards to the upgraded versions, meaning when they change their 3G cards to 4G they use a technology called, “SIM SWAP” to register the new SIM card.


This technology had also come into play when the older SIM cards got switched by nano cards.




SIM SWAP:- WHAT? AND HOW?
SIM SWAP is a technique of replacing the existing SIM card by a duplicate one.

It can only be done when the attacker knows the unique 20 digit SIM number embarked on the SIM card.

Either the SIM-con would persuade the user into telling them the number or would hack into it on their own.




WHAT HAPPENED TO THE VICTIM!
Reportedly, the scammers had gotten the access to the victim’s 20 digit card number and had set the SIM SWAP process on, in the night time.

The scam broadly takes place in 2 steps, the SIM SWAP being the second step of the scamming technique.


Already privy to the banking ID and passwords, all that’s left for the fraudulent cons to find is the OTP on the registered mobile number and behold, the transactions begin!


Possibly, the victim was previously victimised by a phishing attack and unawares, mentioned his real password and account ID into a fake website fabricated by the cons.


The businessman had received 6 missed calls between the hours of 11pm and 2 am. These calls were initiated from 2 separate numbers, one beginning from +44(UK’s code).


The calls weren’t attended to as his phone was on the silent mode. Almost all the money got withdrawn from around 14 bank accounts the man had across the country, except for the 20 lakhs he somehow managed to recover.



When a user SIM SWAPS or basically EXCHANGES SIM CARD, all they do is register their phone number with their new SIM card.


This way the phone number is harvested and once that’s done the OTPs could be easily received, opening avenues of online shopping and ludicrous transactions in the owner’s name.


SIM SWAP could also affect people who communicate about their passwords or IDs via cell phones.


The technique depends upon who is a part of the communication. In actual and legitimate SIM exchanges, the users are connected to the servers of service providing organizations like Vodafone or Airtel.


These operators have ‘specifically designed official USSD codes’ for the SIM Swap process.


But when the swapping is not done by the user, the 20 digit SIM card number might fall into wrong hands.


If the wrongly swapped SIM card falls into the hands of the scammer, the victim would fall into immense danger.




HOW THE SCAM GOES ABOUT

The user would get call from the scammer, pretending to be from Idea or Jio. The caller would then, engage the user by saying that the call is for improving the call experience.


Once, set and familiar, the caller would guide the user’s way to SIM exchange, all the way wanting to extract the 20 digit SIM code.


The caller would try all means possible and would trick the user with any trickery possible to haul those 20 digits out.


After having persuaded the user about the 20 digits, the caller would ask them to press 1 or confirm the SIM swap.


The fraudster would then actually initiate the SWAP, having extracted the 20 digit SIM code, they were after.



Meaning, if supposedly the user has an Airtel SIM, the fraudster will too use an Airtel SIM to officially go through with the SIM swap.


Airtel would then send a confirmation text to the user’s cell number. Airtel would be sure that the SIM swap has actually happened and the attacker would have the cell number.


The actual user’s mobile will be left with no signals at all, whereas the fraudster will have full signals on the SIM and complete control over the cell number.


The fraudster would then incessantly call to make the user switch off the phone, in order to get a window to complete the fraud. Once that’s done, the user wouldn’t have any idea about it.



 
Aadhar number could also be an important credential that you would never want to share over the phone.

Also, always keep a close check on your bank account, and if any weird activity is speculated, immediately contact the bank and put a stop to the questionable transaction.

21-Year-Old Arrested For SIM Swapping Hack; Allegedly Steals $1 Million


U.S. broadsheet the New York Post announced Nov. 20 regarding some authorities in the United State, state of California who have arrested a 21-year old New Yorker for the supposed burglary of $1 million in crypto utilizing "SIM-swapping,"

SIM-swapping otherwise called a "port-out scam" includes the burglary of a mobile phone number with the end goal to capture online financial and social media accounts, empowered by the way that numerous organizations utilize computerized messages or telephone calls to deal with client validation.

The captured suspect, Nicholas Truglia, is accused for having focused on well off Silicon Valley officials in the Bay Area, and of effectively convincing telecoms support staff to port six exploited people's numbers to his an affirmed "crew" of accomplice attackers. Deputy DA Erin West, of Santa Clara Superior Court, told the Post that the ploy was "a new way of doing an old crime.”

“You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number,” West said.

With his capture on November 14, authorities were able to recover $300,000 in stolen reserves while the remaining assets remain untraced.

Trugila is currently being held at pending for extradition to Santa Clara, where he faces 21 felony counts related with an aggregate of six exploited people, authorities said. One of Truglia's supposed SIM-swapping victims, San Francisco-based Robert Ross, was purportedly robbed of $500,000 worth of crypto possessions on his Coinbase wallet "in a flash" on Oct. 26, and in the meantime a further $500,000 was taken from his Gemini account. West said the $1,000,000 was Ross' "life savings" and his two girls' college fund.

This rising predominance of SIM swap-related occurrences has therefore provoked a California-based law enforcement group to make it their "most noteworthy need." in excess of one prominent occasion, exploited people have acted to sue telecoms firms, for example, AT&T and T-Mobile for their help of the wrongdoing.

Truglia is since being held Manhattan Detaintion Complex pending extradition to Santa Clara in California. Formal charges identify with a seven-day "hacking spree" starting Oct. 8, particularly involving "grand theft, altering or damaging computer data with the intent to defraud and using personal information without authorization.”