A cyber crime that exploits a telephone network to withdraw money illegally from a bank account is rampant

by Alexander Baxevanis

No. 7 The common line signaling system (SS7) is one of the signaling systems used in the public switched telephone network (PSTN), and is adopted all over the world including Japan. With the technique of "breaking 2-step certification by remittance from a bank account" that exploits the serious security vulnerability of SS7, Metro Bank, a British emerging bank, illegally collects money from a bank account Motherboard reports that it was withdrawn.

Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts - Motherboard
https://motherboard.vice.com/en_us/article/mbzvxv/criminals-hackers-ss7-uk-banks-metro-bank

In order to configure PSTN, the method of communicating between telephone exchangers that connect telephone lines is mainstream, and the communication method used between telephone exchanges is SS7. The PSTN using the telephone exchange is gradually shifting to the next generation network (NGN) , and in Japan there are plans to make a complete shift by 2025, but in some cases it is also used in the mobile phone network, SS7 is a communication method that is still active even in 2019. However, an attack method against SS7 was discovered in 2014.

by BT's BDUK partnerships fibre rollout photography

According to Kaspersky, a security company, SS7 has no basic defense function implemented, traffic is not encrypted, it can not distinguish between legitimate commands and illegal commands.

Is hacking of mobile phone network easy? | Kaspersky Official Blog
https://blog.kaspersky.co.jp/hacking-cellular-networks/9681/

The vulnerability "All commands are processed regardless of the sender" occurred in SS7 is that researchers who developed the SS7 protocol in the 1970s said "If the voice layer is separated from the signal layer Kaspersky argues that it is because nobody can access the signaling channel except a telephone switchboard. "

However, in 2000, the protocol group called SIGTRAN that transmits and receives SS7 signals over Internet Protocol (IP) was born, so that the signal layer of SS7 was exposed to external access. In order to access the PSTN via the Internet, special equipment called the SS7 hub is required, but anyone can easily access the SS7 network easily because any such special equipment can be easily purchased It is said that it is. Therefore, in fact the black market is overflowing with illegal traders offering connection service to the SS7 hub.

The problem with the SS7 network is that it does not authenticate who sent the access request. Therefore, even if a government agency, a security surveillance company, or a cyber criminal accesses the SS7 network, the SS7 network only processes the command in the same way as when sending mail or making a phone call. A cyber criminal logs in to a bank account using the user name and password of an online banking acquired in advance by a phishing fraud and remittances illegally. At this point the bank's system with 2-step verification sends a confirmation email to the account owner, but the cyber criminal looks at the mail by sniffing the SS7 network and breaks the 2-step certification I will excuse you.

In 2017 the cyber criminals were illegally pulled out the gold from the Bank of Germany in the SS7 attack has been reported . In addition, it seems that Metrobank also suffered from the abuse of SS7. A Metro Bank spokesperson said, "At Metrobank, we are taking comprehensive safeguards to take customer security seriously and protect customers from fraud.We keep telecommunications operators and law enforcement in the industry We support by scale survey, "I reply to the interview of Motherboard by e-mail.

UK Finance, a British financial industry organization, said, "Protection of customer accounts is an absolute priority for the industry and we received several incidents reports and related telecommunications business organizations to solve the problem I am aware that it is moving. "

BT , a major British telephone company, told Motherboard, "We are aware that there is a possibility that the SS7 network could be used for banking fraud." "We are taking special security measures to protect customers from SS7's vulnerability issues that occurred over the past few years and will affect Vodafone's customers," said a spokesperson for mobile operators Vodafone. There is no evidence to show that there is. "About this issue Vodafone cooperates closely with the GSM association , banks and security experts."

A survey by Motherboard says that in the black market in the net, a supplier who acts as an interceptor for a bank token via SS 7 was advertised. Also, from a source familiar with the black market, he said that he got a testimony that "When I purchased and tested the connection service from the vendor to the SS7 hub, I successfully connected to the SS7 network". According to a Daily Beast article that actually contacted the SS7 network broker and made an SS7 connection, the price was about $ 9,250 (about 1 million yen). However, it is said that many deceptive agents are involved in such SS7 attacks.

A stakeholder of Adaptive Mobile, a mobile network security company, said: "I think that these cybercriminals will not go out with anyone to avoid dangers by exposing their hands, I will do SS7 attacks I think that it is a small group of professionals who are doing it. "