Bitcoin Forum
November 20, 2018, 12:55:08 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hacker can hacked your crypto wallet by getting help from Telecoms Operator  (Read 72 times)
Coolcryptovator
Copper Member
Full Member
***
Offline Offline

Activity: 238
Merit: 320


♻️Prevention is better than cure


View Profile WWW
August 18, 2018, 05:13:38 PM
 #1

Just now read a story about how hackers can hacked your wallet even you used 2FA. Hackers can break google 2FA if there is question of million. But recently we can see a complain about mobile 2FA. Your mobile number can be hack  by hacker. I wast thought mobile number can be hacked. Please read full details below how they hacked.

Read full details on cointelegraph

I have collect small quote from cointelegraph ,
SIM swapping is a process of leading a telecoms provider like, say, T-Mobile transferring the target’s phone number to a SIM card held by the attacker. Once they receive the phone number, hackers can use it to reset the victims’ passwords and break into their accounts, including accounts on cryptocurrency exchanges.

Occasionally, that allows thieves to bypass even two-factor authentication, as Motherboard writes. According to their investigation, SIM swapping “is relatively easy to pull off and has become widespread,” adding that “cryptocurrency accounts are common targets.”

The tactics employed by criminals to perform such hacks may vary. Sometimes, they trick customer representatives into believing they are the targets and make them hand over their data. However, as per Motherboard, fraudsters often use the so-called “plugs”: telecom company insiders who get paid to do illegal swaps. An anonymous SIM hijacker told the publication

1542718508
Hero Member
*
Offline Offline

Posts: 1542718508

View Profile Personal Message (Offline)

Ignore
1542718508
Reply with quote  #2

1542718508
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542718508
Hero Member
*
Offline Offline

Posts: 1542718508

View Profile Personal Message (Offline)

Ignore
1542718508
Reply with quote  #2

1542718508
Report to moderator
1542718508
Hero Member
*
Offline Offline

Posts: 1542718508

View Profile Personal Message (Offline)

Ignore
1542718508
Reply with quote  #2

1542718508
Report to moderator
1542718508
Hero Member
*
Offline Offline

Posts: 1542718508

View Profile Personal Message (Offline)

Ignore
1542718508
Reply with quote  #2

1542718508
Report to moderator
mjglqw
Sr. Member
****
Offline Offline

Activity: 756
Merit: 429


⭐Coinsources.io | All-in-one Crypto Sources


View Profile WWW
August 18, 2018, 05:21:02 PM
 #2

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.

bitmover
Sr. Member
****
Online Online

Activity: 294
Merit: 473



View Profile
August 18, 2018, 07:39:13 PM
 #3

It's only possible to do this if you are using some week 2fa service.

Google authenticatior is not hackable that way.

If you are using authy and you haven't check "allow new devices" you are fine.

Anyway that's a nice warning, and everyone who keeps high amounts on exchanges should be aware about that.

▄███████████████████▄
████████████████████▀
██████████████████▀
█████████████▀  ▀   ▄█
███████████▀   ▄  ▄███
████▀▀███▀   ▄████████
██▀    ▀   ▄██████████
    ▄   ▄████████████
   ▄███▄████▀██▀▀█▀█▀█
 ▄██████████ █ ███ █ █
▀███████████▄█▄▄▄█▄▄█▀
   ▐███▀
   ▐█▀
iCumulate
.Investing in the future together     
███████ █▄
███████ ███▄
███████▄▄▄▄▄
████████████
████████████
████████████
████████████
.
WHITEPAPER
▀▀▀▀▀▀▀  ▀▀▀▀  ▀▀▀  ▀▀  ▀
███████ █▄
███████ ███▄
███████▄▄▄▄▄
████████████
████████████
████████████
████████████
.
ONE PAGER
▀▀▀▀▀▀▀  ▀▀▀▀  ▀▀▀  ▀▀  ▀
▄▄█████████▄▄
▄█████████████████▄
▄██████████▀▀▀▀███████▄
▄█████████▀     ████████▄
▄██████████   ████████████▄
█████████        ██████████
█████████▄▄   ▄▄███████████
███████████   █████████████
▀██████████   ████████████▀
▀█████████   ███████████▀
▀████████▄▄▄██████████▀
▀█████████████████▀
▀▀█████████▀▀
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████████████▀▀█████▄
▄████████████▀▀▀    ██████▄
████████▀▀▀   ▄▀   ████████
█████▄     ▄█▀     ████████
████████▄ █▀      █████████
▀████████▌▐       ████████▀
▀████████ ▄██▄  ████████▀
▀█████████████▄███████▀
▀█████████████████▀
▀▀█████████▀▀
gentlemand
Legendary
*
Online Online

Activity: 1820
Merit: 1296


Hello You


View Profile
August 18, 2018, 08:19:22 PM
 #4

I truly don't understand why anyone uses phone-based 2FA anyway. At least half the time I never receive the bloody SMS. This is an extra reason to never touch it but I think America will be worse for this as I've never had a British phone company let me in when I couldn't come up with the details. In addition to a password they often ask for numbers from your bank account as well.

jseverson
Hero Member
*****
Offline Offline

Activity: 784
Merit: 646


View Profile
August 19, 2018, 12:28:14 AM
 #5

Yeah, SMS authentication has been exposed as a weak form of 2FA for a while now. Besides the method you've said, they can also be intercepted a number of ways:

https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factor-authentication/

As the article noted, however, some form of protection is still protection. This telco phishing attack, for one, likely won't work if you don't overshare on social media and/or if you don't give your details away to shit ICOs, barring a data leak from a trusted service. That's just one of the many reasons you should try your best to protect your identity.

TryNinja
Hero Member
*****
Online Online

Activity: 826
Merit: 802


ChipMixer's Badge of Honor


View Profile
August 19, 2018, 01:39:36 AM
 #6

Yeah, SMS authentication has been exposed as a weak form of 2FA for a while now. Besides the method you've said, they can also be intercepted a number of ways:
Look at the article just published today: SIM Swapping: How Hackers Stole Millions Worth of Crypto Via Victims Cell Phone Provider

"Terpin claims that he lost $24 million worth of cryptocurrencies as a result of two hacks that occurred over the course of seven months."

I wouldn't even bother thinking about setting up an SMS 2FA if OTP 2FA was available.

joniboini
Sr. Member
****
Offline Offline

Activity: 378
Merit: 644


@bountybagus


View Profile WWW
August 19, 2018, 03:14:34 AM
 #7

I truly don't understand why anyone uses phone-based 2FA anyway.

Probably because they feel it is safe enough. I have a hunch that most people think a password is strong enough to protect their assets. According to this[1], less than one-third of Americans are using 2FA while the rest didn't even know of it. Interestingly, only less than 10% Gmail account uses 2FA.

People love to learn the hard way.

[1] https://www.cnet.com/news/why-more-people-dont-use-simple-two-factor-authentication/

▄██▄░░░░░░░░░▄█▄░░░░░░░░░▄██▄
██████░░░░░░███████░░░░░░██████
███░░████░░████░░░████░░░███░░███
███░░░░██████░░░░░░░██████░░░░███
███░░░░░████░░░░░░░░░████░░░░░███
███░░░░░░░███░░░░░░░███░░░░░░░███
███░░░░░░░░███░░░░░███░░░░░░░░███
███░░░░░░░░░███░░░███░░░░░░░░░███
███░░░░░░░░░░██████░░░░░░░░░░███
███░░░░░░░░░░░█████░░░░░░░░░░░███
███░░░░░░░░░░░░███░░░░░░░░░░░░███
███░░░░░░░░░░░███░░░░░░░░░░░░░███
███░░░░░░░░░░███░░░░░░░░░░░░░░███
███░░░░░░░░░███░░░░░░░░░░░░░░░███
██▄.░░░░░▐███░░░░░░░░░░░░░░░███
███░░░░▄██▀░░░░░░░░░░░░░░░███
███░░▐██▀░░░░░░░░░░░░░░░███
█████▌░░░░░░░░░░░░░░░███
█████░░░░░░░░░░░░░░████
████░░░░░░░░░░░████
████▄░░░░░▄████
██████████
▀▀▀
AMSTERDEX




























www.crypago.com
Jr. Member
*
Offline Offline

Activity: 51
Merit: 1


View Profile
August 19, 2018, 05:01:35 AM
 #8

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.
lot's of things that are unconventional are referred to as "hacks". It doesn't have to be specifically a computer hack. I think you're misunderstanding how they are doing it. They are taking over peoples entire goog accounts.
madnessteat
Member
**
Offline Offline

Activity: 252
Merit: 25


View Profile
August 19, 2018, 05:34:33 AM
 #9

For big money people are ready for everything. Therefore, it is better to keep the funds not on the cryptocurrency exchange, but on the hardware wallet. For an interesting article, thank you. I didn't even think about it.

DRIFE  ●●●●●●     Pre-sale: December 2018
██ BNEXGEN DECENTRALIZED RIDE HAILING PLATFORM ██
  ●●● Facebook ●● Twitter ●● Telegram ●● BTC ●● Whitepaper ●●● 
sprite2516
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
August 19, 2018, 06:00:17 AM
 #10

For cases like this it might be done by those who recognize the target (the closest person)
mjglqw
Sr. Member
****
Offline Offline

Activity: 756
Merit: 429


⭐Coinsources.io | All-in-one Crypto Sources


View Profile WWW
August 19, 2018, 06:12:14 AM
 #11

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.
lot's of things that are unconventional are referred to as "hacks". It doesn't have to be specifically a computer hack. I think you're misunderstanding how they are doing it. They are taking over peoples entire goog accounts.

Yes, they can take control over people's Google accounts that's for sure, through the usage of using the mobile numbers they acquired, but I was referring to the actual method how they acquired the victim's mobile number; which is through a social engineering attack. But yea I guess you could also classify it as a psychological hack.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!