Motherboard Investigation: How cybercriminals steal mobile numbers with the help of telecom companies
The Motherboard edition has published material on attacks on users of large mobile operators. According to journalists, cybercriminals are increasingly bribing employees of telecom companies to transfer customer numbers to new SIM cards.
SIM Swap and Telecom Security
In some cases, mobile numbers may be "reassigned" from one SIM card to another. This is a completely legitimate action, encountered in the practice of any telecom provider. Common examples of SIM Swap are restoring a SIM card of a lost phone, re-issuing a card in case of a breakdown or the need to change the size (nano-SIM, microSIM, etc.).
However, if an attacker can unlink a number from one SIM card and bind it to another one by intruders, this can lead to serious problems for the victims of attacks. In this case, criminals can bypass most two-factor authentication systems and get access to a variety of accounts of victims.
Recent studyshowed that there is currently a wave of similar attacks in the United States. As a result, mobile users lose access to their accounts in social networks, and sometimes large amounts of money are lost from their bank accounts. To carry out such an attack, hackers often do not need to perform any complicated actions - the main thing is to find an employee of a telecom company with the necessary level of access to perform a SIM Swap and convince them to perform the desired action.
The attackers are looking for employees of telecommunications companies on the Internet - they analyze LinkedIn profiles, posts on Instagram and other social networks. And then from fake accounts they write messages with an offer to earn extra money.
Journalists managed to talk with several employees of large telecommunications companies from the United States. One of them, an employee of T-Mobile, said that he was offered $ 100 in cryptocurrency for rebinding one number. The offender promised him up to 10 orders per week, so that weekly earnings could be $ 1000.
According to the Motherboard, employees of other companies, for example Verizon, also faced similar proposals - an employee of this organization was promised "$ 100,000 for a couple of months."
How do telecom companies react?
According to some employees of telecommunications companies interviewed by journalists, such attacks become possible due to insufficient attention to the activities of insiders. For example, in the AT & T platform, ordinary employees have access rights that allow them to bypass security system functions, such as passwords for transferring numbers (this password can be changed and a SIM Swap can be immediately performed).
An employee of T-Mobile told about the availability of similar access rights. At the same time, in his opinion, the company has long been aware of this problem, but does not take any action to solve it.
In theory, the security systems of telecommunications companies should track each case of re-binding the number to a new SIM card. However, in a conversation with the Motherboard hacker under the nickname Moe The God - not so long ago he "hijacked a Twitter account of a wrestling star using a SIM Swap - said that he has moles in AT & T and Verizon. The first of them has been working for him since February 2018, and the second since April, and the criminal has no problems all this time.
According to experts from Positive Technologies, in Russia the problems described in the Motherboard study are also quite common. The level of access required to re-issue SIM-cards is in the ordinary employees of points of sale of telecom companies - so the attackers pay their moles less than in the US. However, in our country, operators are closely watching the activity of replacing and reissuing cards, the actions of employees are logged, so the probability of being caught and left without work is very high.