Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SS7. Show all posts

The Dark Web's SS7 Exploit Service Providers are Bogus

 

Back in 2016, cybersecurity experts cautioned concerning flaws in Signalling System No. 7 or SS7, and as a consequence, just a year later, theoretical SS7 attacks turned legitimate ones. 

In the following years, government-sponsored attackers exploited flaws in SS7 to monitor persons overseas. Not just that, but threat actors used them to hack Telegram login credentials and emails. 

Apart from SMS abuse, the SS7 security flaws can be used for a variety of purposes, including: 

  • Monitoring and forwarding phone call
  • 2FA codes might be sent or intercepted. 
  • Locate the gadgets 
  • SMS forgery 

To obtain accurate data and reports, SOS Intelligence security analysts chose to explore all SS7 exploitation options provided on the darknet and assess them to determine whether they had flaws at their end or are simply phony. 

Subsequently, they evaluated 84 distinct onion domains claiming to provide SS7 exploitation services. They trimmed down the findings to make them more specific and visible, and they highlighted four services that appeared to be still functioning. 

Four services seemed to be still operational: SS7 Exploiter, SS7 ONLINE Exploiter, SS7 Hack, and Dark Fox Market. They discovered that many of the domains were pretty anonymous and had few inbound links after reviewing the network topology data of these websites. 

In general, it is not a healthy indicator of a website's reliability and credibility. And all of these factors indicate that they are recently founded phony platforms. 

Whilst, the SS7 Hack website appears to be a hoax, as it appears to be cloned from a clearnet page published in 2021. Even the experts were unsuccessful when they attempted to employ their set of SS7 flaws in the hope of building API mirroring capabilities, but the sound of that service was later blocked. 

Furthermore, it was discovered through investigation that in 2016, a Russian-speaking individual released demo films on YouTube about the services offered by the Dark Fox Market site, which charges $180 for each targeted phone number. 

The most intriguing aspect of this case is that all of the demo videos have been copied from YouTube and had no relation to the Dark Fox Market portal. To find a legitimate deal, one must go deeper, as the majority of websites are rife with fraud and scams.