'SIM Hijack' where the phone number is taken away and the account of the mail and SNS is totally taken over
by Mike Yukhtenko
There is an attack called " SIM Hijack " that takes over SIM card which is essential for using smartphone etc. A person who experienced such SIM hijack confesses the details of the terrible attack.
'I Could Ruin Your Business Right Now': Listen to a SIM-Jacking, Account-Stealing Ransom - Motherboard
https://motherboard.vice.com/en_us/article/5984zn/listen-to-sim-jacking-account-ransom-instagram-email-tmobile
One day, someone accidentally purchased a web domain of $ 39,000 (about 4.4 million yen) using American Express ' credit card owned by Jared Gets. Initially, Mr. Getz reports to the American Express that the transaction content was illegal, but at the time he did not believe that unauthorized use of credit card would be a big problem.
But the situation will worsen rapidly. It seems that Mr. Getz suddenly became unable to use all the services and it became impossible to access text transmission and online service as well as telephone. Although he seems to have thought that the service could not be used because Mr. Getz had forgotten to pay the fee to the carrier, I immediately notice that my career account password has been changed. After that, I noticed that I could not log in to my mail account, and he realized that I was under attack from someone.
Mr. Getz tried to keep calm to understand what is happening to himself, her own cell phone rang, it seems that a call comes from an unknown number. When answering the phone, you hear the voice saying "I want a 3 bit coin (about 2 million yen)" from the other side of the receiver, and if I want to use a cell phone or a mail account from a hacker attacking Mr. Gets, ransom You will be asked to pay. According to a hacker calling, Mr. Getz is said to be the third victim.
There is a malware called Ransomware that encrypts the file stored in the computer and requests "If you want to open the file you can pay ransom", but Mr. Getz is slightly different from this , An attack called "SIM Hijack" that can deprive a phone number.
What is the threat of SIM hijack where phone number is robbed? - GIGAZINE
Mr. Getz seems to have continued the call with this hacker for an hour and a half, and it turns out that it is a young man who calls himself Sevastian, a 17 - year - old German resident who has launched SIM hijacking. According to Sebastian, he saw an interview with Mr. Getz at Cryptocurrency News and decided to target the attack.
A hacker who calls himself Sebastian hijacks the SIM card used by Mr. Getz, resets the passwords of various services, issues a new password. Because SIM hijacking was successful, Sebastian holds the phone number, it seems that 2-step verification has become bypassable. Sebastian seems to have not talked about details on how to set up a SIM hijacking, but the overseas media Motherboard points out that SIM hijacking is relatively easy in the previous survey.
In fact, there are cases in which SIM hijacking is successful by giving bribes to employees working on mobile carriers. Female staff who work at Verizon's retailer seems to have contacted him in the past to want Sack Hijack from hackers. The woman reveals that the hacker requested the PIN code of the target account and, when telling it, transferred the bribe.
The female staff seems to have been contacted by a hacker via Instagram, and the message says "I know the number of the business account, but I do not know the PIN code for access or secret question, If you tell me, I'm prepared to pay $ 2500 (about 280,000 yen) for every 25 accounts. "
According to the information Motherboard obtained from multiple sources of trust, the mobile carrier T-Mobile used by Mr. Getz has the problem that employees keep secret information to hackers. However, when Motherboard asked T-Mobile for comment, "We are constantly striving to enhance security and we can protect our customers prior to fraud. We are aware of continuous and constantly changing attacks targeted at our company and we will continue to fight to ensure customer safety. "
Goetz seems to have continued dialogue for more than an hour to negotiate with hacker Sebastian, but he said that he did not intend to remit bit coins from the beginning. Instead, we proposed to remit another virtual currency, Ripple , and asked why Sebastian asked for money among them. Sebastian seems to regret the mistakes made in the past, and he himself also experienced making a big mistake in the past, he says that Mr. Getz offered loans to Sebastian.
In the long interaction, Mr. Getz succeeded in finally getting an apology from Sebastian. In addition, Mr. Getz gets Sebastian's Google Voice number and attaches a promise to talk over again in a chat later.
Also, some of what Gezts talked to with hacker Sebastian was uploaded on Motherboard's SoundCloud account and is published under the name "Ransom Audio".
Joseph Cox, Motherboard | Free Listening on SoundCloud
Related Posts: