Bitcoin Forum
November 17, 2019, 06:59:24 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [BEWARE] Sim Port Attack  (Read 491 times)
Ipwich
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 529


For the love of SegWit


View Profile
May 26, 2019, 01:39:18 AM
 #21

I avoided downloading files online using my phone to prevent from getting hack, but hackers now are getting smarter.
This attack has nothing to do with malware or downloading software. It is a social engineering attack that tricks your cell phone carrier into transferring your service to another phone so the attacker can receive your text messages.
Yeah I understand, thanks for clarifying it.

So this is riskier than downloading files in the internet, this one, even if you are online, you can still be victim of hack.
As I have stated, what I only avoid is downloading files online but don't know it's still possible to get hack with the new way of hack shared by OP.

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
1573973964
Hero Member
*
Offline Offline

Posts: 1573973964

View Profile Personal Message (Offline)

Ignore
1573973964
Reply with quote  #2

1573973964
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573973964
Hero Member
*
Offline Offline

Posts: 1573973964

View Profile Personal Message (Offline)

Ignore
1573973964
Reply with quote  #2

1573973964
Report to moderator
1573973964
Hero Member
*
Offline Offline

Posts: 1573973964

View Profile Personal Message (Offline)

Ignore
1573973964
Reply with quote  #2

1573973964
Report to moderator
1573973964
Hero Member
*
Offline Offline

Posts: 1573973964

View Profile Personal Message (Offline)

Ignore
1573973964
Reply with quote  #2

1573973964
Report to moderator
r1s2g3
Sr. Member
****
Offline Offline

Activity: 630
Merit: 388


I am alive but in hibernation.


View Profile
May 26, 2019, 02:32:25 AM
 #22

I will like to reply all you guys that are saying it is identity breach or it major security flaw in provider service.
~
So anybody who has eavesdropped you can successfully do this attack without having any kind of your physical  identity.
imo it's a security flaw in the the sim card replacement procedure,
a simple confirmation call from provider to old sim card should help mitigate this attack
if this can't be done, then it requires "a personal visit to store and proof of identity" like Lucius said

They should be, but they heavily rely on last 4 digit of SSN. If your last 4 digit of SSN become public a lot of  attacks like (sim port), I guess can be successfully launched.

If by chance , if your all 10 digit of SSN are known, then somebody will able to take the bank loan on it. (Again no physical identity paper (SSN) required.

.
Game that
pays for
Playing











A
blockchain
based game
Ask me anything
about the game
in Bitcointalk.











A game
that recognize
your ownership
Join the
exciting game
of splinterlands











              ▄▄▄▄▄▄██████▄▄▄▄▄▄
          ▄▄██████████████████████▄▄
        ███████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀███████
     ████████▌    ▄▄▄▄▄▄▄▄    ▐████████
   ▄██████████▌  █████ ▀ ▀███  ▐██████████▄
  ▐███████████▌ ████▄▄ ██ ▐███ ▐███████████▌
  ████████████▌▐█████     ████▌▐████████████
 █████████████▌ ███▄▄ ██ ▐████ ▐█████████████
 █████████████▌  ███    ▄████  ▐█████████████
██████████████▌    ▀▀▀▀▀▀▀▀    ▐██████████████
██████████████████████████████████████████████
▀████████████████████████████████████████████▀
   ▐██████████████████████████████████████▌
   ▐█████████████▀▀▀▀▀▀▀▀▀▀▀▀█████████████▌
    ▀▀██████▀▀                  ▀▀██████▀▀
PrimeNumber7
Sr. Member
****
Offline Offline

Activity: 266
Merit: 334



View Profile
August 15, 2019, 05:27:13 AM
 #23

I avoided downloading files online using my phone to prevent from getting hack, but hackers now are getting smarter.
This attack has nothing to do with malware or downloading software. It is a social engineering attack that tricks your cell phone carrier into transferring your service to another phone so the attacker can receive your text messages.
Yeah I understand, thanks for clarifying it.

So this is riskier than downloading files in the internet, this one, even if you are online, you can still be victim of hack.
As I have stated, what I only avoid is downloading files online but don't know it's still possible to get hack with the new way of hack shared by OP.
You can avoid the effects of this attack by not using your phone number (receiving a phone call or SMS message) as a means to unlock any financial account. Not as a second factor, and not as a means to reset your password.

smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Make your Cryptos untraceable!
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.

NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.

NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Kakmakr
Legendary
*
Offline Offline

Activity: 1834
Merit: 1382

CryptoTalk.Org - Get Paid for every Post!


View Profile
August 15, 2019, 07:28:16 AM
Merited by GreatArkansas (1)
 #24

Sim swaps in my country happens very often, because there are criminal syndicates working within the mobile network providers that are doing these illegal Sim swaps. I also know about incidents where employees were blackmailed to help these criminals to swap some of these Sim cards. <They find employees weak points and they exploit it>  Angry

A friend of mine had his whole Bank account swept, because someone within the Bank, worked with these syndicates to hijack his mobile phone and to clone his ATM card. <They swamped him with telephone calls at night and was forced to switch off his phone, so he missed all the notification to his phone that they were drawing money from his account.>  Angry Angry Angry

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
Baofeng
Hero Member
*****
Offline Offline

Activity: 952
Merit: 635


View Profile
August 29, 2019, 11:45:41 AM
 #25

Just some update here:

Quote
The unscrupulous operators of the TrickBot trojan -- one of today's most active and widespread malware strains -- are now capable of carrying out SIM swapping attacks, security researchers from Secureworks have told ZDNet today.

This is possible because over the past month, TrickBot operators have developed a new version of the malware that can intercept login credentials and PIN codes for Sprint, T-Mobile, and Verizon Wireless web accounts.

The data TrickBot collects can allow its operators to carry out a so-called SIM swapping attack, porting a victim's phone number to a SIM card under their control.

This would allow the TrickBot gang (or someone else) to bypass SMS-based multi-factor authentication solutions and reset passwords for a victim's bank accounts, email accounts, or cryptocurrency exchange portals.


https://www.zdnet.com/article/trickbot-todays-top-trojan-adds-feature-to-aid-sim-swapping-attacks/

Really scary how these cyber criminals are evolving.


..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Velkro
Legendary
*
Offline Offline

Activity: 1974
Merit: 1011


<3 Vanity Addresses :)


View Profile
August 30, 2019, 10:34:26 PM
 #26

    Tips to avoid this
    • Avoid storing your coins or funds for long term in a centralized exchange.
    • Avoid using centralized cryptocurrency wallet.
    • User hardware wallet or cold wallet.

    Aside of this complicated kind of attack, these are in general pretty basic rules of crypto security.
    Storing on centralized exchange is biggest mistakes people can make in crypto world.
    I would add to that list also paper wallet as cheaper  (free) way of storing crypto. Hardware wallets cost from $20-$100.[/list]

    Stedsm
    Legendary
    *
    Offline Offline

    Activity: 1848
    Merit: 1143


    Piiiii Kaaaaaa Chuuuuuuu


    View Profile
    August 30, 2019, 10:53:00 PM
     #27

    And then they say that it's crypto where people lose their money. I'm sure most people here will be blaming crypto alone without even understanding that in this case, the subsistence of services provided by these carriers is to be blamed because their system itself comes under the fault as they allow people to swap their Sim cards with minimum info needed. I can understand that their major concern is to give their customers with quick resolutions but this is where they compromise with their security as well. This incident shows that nothing should be trusted (even your phone number). The person who lost $100k shouldn't have used phone or SMS verification in 2fa at the first place, they must have gone for Google's 2fa).

    hatshepsut93
    Hero Member
    *****
    Offline Offline

    Activity: 1330
    Merit: 928


    Bitcoin realist


    View Profile
    August 30, 2019, 10:59:28 PM
     #28

    I have recently removed my mobile number from accounts like gmail, because of the risk that sim swap can be executed against me. It's a weird case when a security measure can make you less secure, instead of at least being just useless. I just can't trust that greedy mobile operators from my country won't sell my number to hackers for a bribe, or hire staff competent enough to recognize hacker's attempts to hijack a number.

    PrimeNumber7
    Sr. Member
    ****
    Offline Offline

    Activity: 266
    Merit: 334



    View Profile
    August 31, 2019, 02:50:11 AM
    Merited by Baofeng (1)
     #29

    Twitter CEO Jack Dorsey recently has his twitter account hacked via what appears to be a SIM port attack in which someone was able to send many racist tweets on his behalf.

    The above is the only details released by Twitter, and it is possible there is more to the story. This does show that anyone can be a victim of these types of attacks.

    smartmixer.io▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Make your Cryptos untraceable!
    (( ███████ ((    TELEGRAM    )) ███████ ))
    ▄▄███████▄▄
    ▄███████▀███████▄
    ▄███▀▀▀ ▄▄▄ ▀▀▀███▄
    ▄███ ▄▀▀▀   ▀▀▀▄ ███▄
    ████ █  ▄   ▄█ █ ████
    ████▌▐▌ ▀█▄█▀ ▐▌▐████
    ▀████ ▀▄  ▀  ▄▀ ████▀
    ▀████▄ ▀▄▄▄▀ ▄████▀
    ▀█████▄▄ ▄▄█████▀
    ▀▀███████▀▀
    .

    NO LOGS
    ▄▄███████▄▄
    ▄██████▀▀▀██████▄
    ▄█████▀ ▄▄▄ ▀█████▄
    ▄██████ ▀   █ ██████▄
    ███████   █▀  ███████
    ████████▄ ▄ ▄████████
    ▀████▀         ▀████▀
    ▀███   ▄   ▄   ███▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    NO SIGN-UP
    ▄▄███████▄▄
    ▄███████████████▄
    ▄███████▀   ▀█████▄
    ▄████▀  ▀      █████▄
    ████     ▄▀▄  ▀ ▀████
    ███    ▄▀▄ ▄▀▄    ███
    ▀███▄▄  ▀█ █▀   ▄███▀
    ▀████████ ████████▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    70% COMSN
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
    MIX NOW!
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Baofeng
    Hero Member
    *****
    Offline Offline

    Activity: 952
    Merit: 635


    View Profile
    August 31, 2019, 07:03:45 AM
     #30

    Twitter CEO Jack Dorsey recently has his twitter account hacked via what appears to be a SIM port attack in which someone was able to send many racist tweets on his behalf.

    The above is the only details released by Twitter, and it is possible there is more to the story. This does show that anyone can be a victim of these types of attacks.

    I was about to post this info as well but you beat me to it. Anyways, you are right even the CEO of Twitter was hack and it could be this method as well so no one is really safe from this online criminals.

    Quote
    How did it happen?

    A source at the company confirmed to the BBC that the hackers had used a technique known as "simswapping" (or "simjacking") in order to control Mr Dorsey's account.

    https://www.bbc.com/news/technology-49532244

    ..bustadice..         ▄▄████████████▄▄
         ▄▄████████▀▀▀▀████████▄▄
       ▄███████████    ███████████▄
      █████    ████▄▄▄▄████    █████
     ██████    ████████▀▀██    ██████
    ██████████████████   █████████████
    █████████████████▌  ▐█████████████
    ███    ██████████   ███████    ███
    ███    ████████▀   ▐███████    ███
    ██████████████      ██████████████
    ██████████████      ██████████████
     ██████████████▄▄▄▄██████████████
      ▀████████████████████████████▀
                         ▄▄███████▄▄
                      ▄███████████████▄
       ███████████  ▄████▀▀       ▀▀████▄
                   ████▀      ██     ▀████
     ███████████  ████        ██       ████
                 ████         ██        ████
    ███████████  ████     ▄▄▄▄██        ████
                 ████     ▀▀▀▀▀▀        ████
     ███████████  ████                 ████
                   ████▄             ▄████
       ███████████  ▀████▄▄       ▄▄████▀
                      ▀███████████████▀
                         ▀▀███████▀▀
               ▄██▄
               ████
                ██
                ▀▀
     ▄██████████████████████▄
    ██████▀▀██████████▀▀██████
    █████    ████████    █████
    █████▄  ▄████████▄  ▄█████
    ██████████████████████████
    ██████████████████████████
        ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
           ████████████
    ......Play......
    PrimeNumber7
    Sr. Member
    ****
    Offline Offline

    Activity: 266
    Merit: 334



    View Profile
    August 31, 2019, 04:00:35 PM
     #31

    Twitter CEO Jack Dorsey recently has his twitter account hacked via what appears to be a SIM port attack in which someone was able to send many racist tweets on his behalf.

    The above is the only details released by Twitter, and it is possible there is more to the story. This does show that anyone can be a victim of these types of attacks.

    I was about to post this info as well but you beat me to it. Anyways, you are right even the CEO of Twitter was hack and it could be this method as well so no one is really safe from this online criminals.

    Quote
    How did it happen?

    A source at the company confirmed to the BBC that the hackers had used a technique known as "simswapping" (or "simjacking") in order to control Mr Dorsey's account.

    https://www.bbc.com/news/technology-49532244
    The hacker apparently was able to tweet via sending text messages from the number in question, making compromising the number the only thing needed to access the twitter account.

    In theory, hackers might be able to spoof the number text messages are from in order to send tweets, which might make SIM porting the number unnecessary.

    smartmixer.io▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Make your Cryptos untraceable!
    (( ███████ ((    TELEGRAM    )) ███████ ))
    ▄▄███████▄▄
    ▄███████▀███████▄
    ▄███▀▀▀ ▄▄▄ ▀▀▀███▄
    ▄███ ▄▀▀▀   ▀▀▀▄ ███▄
    ████ █  ▄   ▄█ █ ████
    ████▌▐▌ ▀█▄█▀ ▐▌▐████
    ▀████ ▀▄  ▀  ▄▀ ████▀
    ▀████▄ ▀▄▄▄▀ ▄████▀
    ▀█████▄▄ ▄▄█████▀
    ▀▀███████▀▀
    .

    NO LOGS
    ▄▄███████▄▄
    ▄██████▀▀▀██████▄
    ▄█████▀ ▄▄▄ ▀█████▄
    ▄██████ ▀   █ ██████▄
    ███████   █▀  ███████
    ████████▄ ▄ ▄████████
    ▀████▀         ▀████▀
    ▀███   ▄   ▄   ███▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    NO SIGN-UP
    ▄▄███████▄▄
    ▄███████████████▄
    ▄███████▀   ▀█████▄
    ▄████▀  ▀      █████▄
    ████     ▄▀▄  ▀ ▀████
    ███    ▄▀▄ ▄▀▄    ███
    ▀███▄▄  ▀█ █▀   ▄███▀
    ▀████████ ████████▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    70% COMSN
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
    MIX NOW!
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Baofeng
    Hero Member
    *****
    Offline Offline

    Activity: 952
    Merit: 635


    View Profile
    September 05, 2019, 11:00:35 PM
     #32

    Twitter CEO Jack Dorsey recently has his twitter account hacked via what appears to be a SIM port attack in which someone was able to send many racist tweets on his behalf.

    The above is the only details released by Twitter, and it is possible there is more to the story. This does show that anyone can be a victim of these types of attacks.

    I was about to post this info as well but you beat me to it. Anyways, you are right even the CEO of Twitter was hack and it could be this method as well so no one is really safe from this online criminals.

    Quote
    How did it happen?

    A source at the company confirmed to the BBC that the hackers had used a technique known as "simswapping" (or "simjacking") in order to control Mr Dorsey's account.

    https://www.bbc.com/news/technology-49532244
    The hacker apparently was able to tweet via sending text messages from the number in question, making compromising the number the only thing needed to access the twitter account.

    In theory, hackers might be able to spoof the number text messages are from in order to send tweets, which might make SIM porting the number unnecessary.

    Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

    Quote
    Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers.
    Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS.

    https://thehackernews.com/2019/09/tweet-via-sms-text-message-hacking.html

    So it looks like they temporarily 'Tweeting via SMS", disable it after the Dorsey fiasco. Seems the least they can do right now to prevent such exploit in the future.

    ..bustadice..         ▄▄████████████▄▄
         ▄▄████████▀▀▀▀████████▄▄
       ▄███████████    ███████████▄
      █████    ████▄▄▄▄████    █████
     ██████    ████████▀▀██    ██████
    ██████████████████   █████████████
    █████████████████▌  ▐█████████████
    ███    ██████████   ███████    ███
    ███    ████████▀   ▐███████    ███
    ██████████████      ██████████████
    ██████████████      ██████████████
     ██████████████▄▄▄▄██████████████
      ▀████████████████████████████▀
                         ▄▄███████▄▄
                      ▄███████████████▄
       ███████████  ▄████▀▀       ▀▀████▄
                   ████▀      ██     ▀████
     ███████████  ████        ██       ████
                 ████         ██        ████
    ███████████  ████     ▄▄▄▄██        ████
                 ████     ▀▀▀▀▀▀        ████
     ███████████  ████                 ████
                   ████▄             ▄████
       ███████████  ▀████▄▄       ▄▄████▀
                      ▀███████████████▀
                         ▀▀███████▀▀
               ▄██▄
               ████
                ██
                ▀▀
     ▄██████████████████████▄
    ██████▀▀██████████▀▀██████
    █████    ████████    █████
    █████▄  ▄████████▄  ▄█████
    ██████████████████████████
    ██████████████████████████
        ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
           ████████████
    ......Play......
    hd49728
    Sr. Member
    ****
    Offline Offline

    Activity: 448
    Merit: 375



    View Profile
    September 07, 2019, 04:30:13 AM
     #33

    I have not noticed the feature to tweet via SMS. I always log in my Twitter account, and honestly I simply read others' tweets. In my nation, there is very limited proportion of Tweeters, so I join Twitter mainly because powerful guys prefer to use Twitter to spread their important news, perspectives, analyses, etc. fastly.

    The hack demonstrates that activate 2FA security for accounts is important, not only with Twitter, but also with Facebook, Instagram, exchanges, casinos.


    [ Mix coins ]
     
    Your BITCOIN Transaction
    made Truly ANONYMOUS
     

    ███████
    █████████████████
    ████████████████████████
    █████████████████████████████
    ██████████                    ██████████
    █████████                          █████████
    ███████                                    ████████
              ███████                                        ███████        ██
              █████████████████████████████████████      ███
              █████████████████████████████████████  █████
              ████████████████████████████████████  ██████
            ██████████████████████████████████████████
      █████████████████████████████████████████
    █████                                        ████████████
                                      ██████████████
    ██                          █████████████████████          ██     
    █████              ███████████████████████          ████     
    █████████████████████████████            █████████     
    ██████████████████                      ████████████       
    ██████████████████████████████████████     
    ████████████████████████  ███████ 
        ██████████              █████
                          ████████
          ████████████████    █
            ██████████████████
                      █████      ███
                          █████
                        ████

    Blender
     
    The ULTIMATE BITCOIN Mixer
    with an ADVANCED TECHNOLOGY
     

    ███████████   
    ███████████████████████   
    ████████████████████████████     
    ██████████████████████████████     
    ██████████████████████████████   
     

                                              █████████████
                                              ███████████
    ██████
                                              ███████████
    ██████
                                              ███████████
            ██
                                            ████████████
            ██
        ██                              █████████████
            ██
        ████                      ███████████████
            ██
        ██████              █████████████████
            ██
        █████████████████████████████
              ██ 
          ███████████████████████████
              ███
          ██████  ████████████████████
            ████
          ██████████████████████████
      ██████
          ██████████████████████████
    ███████
      █████      ████████████████████
    ███
    ████          ████████████████
    ████ 
    ████          ████████████████       
    ████████████████████████


     
    █████████████████████████       
    ███████████████████████████       
    █████████    ██    ███    ██████████     
    ███████████    ██    ███     ██████████       
    ███████████    ██    ███     ███████████     
    ██████████████████████████████████     
    ██████████████████████████████████       
    PrimeNumber7
    Sr. Member
    ****
    Offline Offline

    Activity: 266
    Merit: 334



    View Profile
    September 07, 2019, 03:51:46 PM
     #34

    Twitter CEO Jack Dorsey recently has his twitter account hacked via what appears to be a SIM port attack in which someone was able to send many racist tweets on his behalf.

    The above is the only details released by Twitter, and it is possible there is more to the story. This does show that anyone can be a victim of these types of attacks.

    I was about to post this info as well but you beat me to it. Anyways, you are right even the CEO of Twitter was hack and it could be this method as well so no one is really safe from this online criminals.

    Quote
    How did it happen?

    A source at the company confirmed to the BBC that the hackers had used a technique known as "simswapping" (or "simjacking") in order to control Mr Dorsey's account.

    https://www.bbc.com/news/technology-49532244
    The hacker apparently was able to tweet via sending text messages from the number in question, making compromising the number the only thing needed to access the twitter account.

    In theory, hackers might be able to spoof the number text messages are from in order to send tweets, which might make SIM porting the number unnecessary.

    Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

    Quote
    Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers.
    Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS.

    https://thehackernews.com/2019/09/tweet-via-sms-text-message-hacking.html

    So it looks like they temporarily 'Tweeting via SMS", disable it after the Dorsey fiasco. Seems the least they can do right now to prevent such exploit in the future.
    Twitter previously said they had kept the feature available because some parts of the word have very expensive internet/data and twitter wanted to keep the availability of tweeting to as wide of population as possible.

    At a minimum, Twitter should reply to SMS tweets with a request to enter a password, but ideally, someone would need to send a time based code that is good for perhaps several minutes to an hour each time they want to SMS tweet.

    smartmixer.io▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Make your Cryptos untraceable!
    (( ███████ ((    TELEGRAM    )) ███████ ))
    ▄▄███████▄▄
    ▄███████▀███████▄
    ▄███▀▀▀ ▄▄▄ ▀▀▀███▄
    ▄███ ▄▀▀▀   ▀▀▀▄ ███▄
    ████ █  ▄   ▄█ █ ████
    ████▌▐▌ ▀█▄█▀ ▐▌▐████
    ▀████ ▀▄  ▀  ▄▀ ████▀
    ▀████▄ ▀▄▄▄▀ ▄████▀
    ▀█████▄▄ ▄▄█████▀
    ▀▀███████▀▀
    .

    NO LOGS
    ▄▄███████▄▄
    ▄██████▀▀▀██████▄
    ▄█████▀ ▄▄▄ ▀█████▄
    ▄██████ ▀   █ ██████▄
    ███████   █▀  ███████
    ████████▄ ▄ ▄████████
    ▀████▀         ▀████▀
    ▀███   ▄   ▄   ███▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    NO SIGN-UP
    ▄▄███████▄▄
    ▄███████████████▄
    ▄███████▀   ▀█████▄
    ▄████▀  ▀      █████▄
    ████     ▄▀▄  ▀ ▀████
    ███    ▄▀▄ ▄▀▄    ███
    ▀███▄▄  ▀█ █▀   ▄███▀
    ▀████████ ████████▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    70% COMSN
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
    MIX NOW!
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    GreatArkansas
    Hero Member
    *****
    Offline Offline

    Activity: 672
    Merit: 679



    View Profile WWW
    September 11, 2019, 06:25:59 AM
     #35

    I found an article about cases on sim port attack, but this article was on June 2019. But it is said that most of the victims or almost compromised are into cryptocurrency, check here: Wave of SIM swapping attacks hit US cryptocurrency users.
    And it was stated by one of the detective about this case, possible 3 ways:
    Quote
    The first is when the attacker bribes or blackmails a mobile store employee into assisting in the crime. The second involves current and/or former mobile store employees who knowingly abuse their access to customer data and the mobile company's network. Finally, crooked store employees may trick unwitting associates at other stores into swapping a target's existing SIM card with a new one.


    .Mix coins.
     
    Your BITCOIN Transaction
    made Truly ANONYMOUS
     

    ███████
    █████████████████
    ████████████████████████
    █████████████████████████████
    ██████████                    ██████████
    █████████                          █████████
    ███████                                    ████████
              ███████                                        ███████        ██
              █████████████████████████████████████      ███
              █████████████████████████████████████  █████
              ████████████████████████████████████  ██████
            ██████████████████████████████████████████
      █████████████████████████████████████████
    █████                                        ████████████
                                      ██████████████
    ██                          █████████████████████          ██     
    █████              ███████████████████████          ████     
    █████████████████████████████            █████████     
    ██████████████████                      ████████████       
    ██████████████████████████████████████     
    ████████████████████████  ███████ 
        ██████████              █████
                          ████████
          ████████████████    █
            ██████████████████
                      █████      ███
                          █████
                        ████

    Blender
     
    The ULTIMATE BITCOIN Mixer
    with an ADVANCED TECHNOLOGY
     

    ███████████   
    ███████████████████████   
    ████████████████████████████     
    ██████████████████████████████     
    ██████████████████████████████     
     

                                              █████████████
                                              ███████████
    ██████
                                              ███████████
    ██████
                                              ███████████
            ██
                                            ████████████
            ██
        ██                              █████████████
            ██
        ████                      ███████████████
            ██
        ██████              █████████████████
            ██
        █████████████████████████████
              ██ 
          ███████████████████████████
              ███
          ██████  ████████████████████
            ████
          ██████████████████████████
      ██████
          ██████████████████████████
    ███████
      █████      ████████████████████
    ███
    ████          ████████████████
    ████ 
    ████          ████████████████       
    ████████████████████████


       
    █████████████████████████       
    ███████████████████████████       
    █████████    ██    ███    ██████████     
    ███████████    ██    ███     ██████████       
    ███████████    ██    ███     ███████████     
    ██████████████████████████████████     
    ██████████████████████████████████       
    masulum
    Hero Member
    *****
    Offline Offline

    Activity: 588
    Merit: 542


    coming soon - cryptoblog.my.id


    View Profile WWW
    September 30, 2019, 04:48:48 AM
    Merited by GreatArkansas (1)
     #36

    Today I read another news related with SIM attack, Called WIB (Wireless Internet Browser) attack.

    This is explanation about WIBAttack


    Copyrights: Ginnoslab.org

    Quote from: ginnoslab.org pages
    What is WIB?

    As an alternative to static SIM toolkit applications with a fixed pre-installed menu, some operators opt for dynamic SIM toolkit, where the menus and user dialogs are generated on the fly based on information provided by a central server. SIM applications that provide this functionality are generally referred to as SIM-browsers or µ-browsers.

    Two browsers are currently available, the Wireless Internet Browser (WIB) which was the first successful browser released and promoted on the market by SmartTrust.

    The Wireless Internet Browser (WIB) is specified by SmartTrust and is the market leading solution for SIM toolkit based browsing. The WIB-enabled SIM has a menu stored on the SIM. This menu can be managed and updated using Over The Air (OTA) services.

    Read full articles and explanation here: https://ginnoslab.org/2019/09/21/wibattack-vulnerability-in-wib-sim-browser-can-let-attackers-globally-take-control-of-hundreds-of-millions-of-the-victim-mobile-phones-worldwide-to-make-a-phone-call-send-sms-to-any-phone-numbers/

    Demo how attacker sending SMS from same number to get a victim can be found at articles. or you can check this video directly


    smartmixer.io▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    .Make your Cryptos untraceable!.
    (( ███████ ((    TELEGRAM    )) ███████ ))
    ▄▄███████▄▄
    ▄███████▀███████▄
    ▄███▀▀▀ ▄▄▄ ▀▀▀███▄
    ▄███ ▄▀▀▀   ▀▀▀▄ ███▄
    ████ █  ▄   ▄█ █ ████
    ████▌▐▌ ▀█▄█▀ ▐▌▐████
    ▀████ ▀▄  ▀  ▄▀ ████▀
    ▀████▄ ▀▄▄▄▀ ▄████▀
    ▀█████▄▄ ▄▄█████▀
    ▀▀███████▀▀
    .
    NO LOGS
    ▄▄███████▄▄
    ▄██████▀▀▀██████▄
    ▄█████▀ ▄▄▄ ▀█████▄
    ▄██████ ▀   █ ██████▄
    ███████   █▀  ███████
    ████████▄ ▄ ▄████████
    ▀████▀         ▀████▀
    ▀███   ▄   ▄   ███▀
    ▀███████████████▀
    ▀▀███████▀▀
    .
    NO SIGN-UP
    ▄▄███████▄▄
    ▄███████████████▄
    ▄███████▀   ▀█████▄
    ▄████▀  ▀      █████▄
    ████     ▄▀▄  ▀ ▀████
    ███    ▄▀▄ ▄▀▄    ███
    ▀███▄▄  ▀█ █▀   ▄███▀
    ▀████████ ████████▀
    ▀███████████████▀
    ▀▀███████▀▀
    .

    70% COMSN
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
    MIX NOW!
    .
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    ▄  ▄  ▄  ▄  ▄

    ▀  ▀  ▀  ▀  ▀
    Pages: « 1 [2]  All
      Print  
     
    Jump to:  

    Sponsored by , a Bitcoin-accepting VPN.
    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!