Even with considerable security precautions in place, Twitter CEO Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his telephone number.
Dorsey became the latest target of so-called “SIM swap” fraud, which enables a fraudster to trick a mobile carrier into transferring a number — potentially causing people to lose control not only of social media, but bank accounts and other sensitive information.
This type of attack targets a weakness in “two-factor authentication” via text message to validate access to an account, which has become a popular break-in method in the past few years.
Twitter on Friday last week said that the account was restored after a brief time in which the attackers posted a series of offensive tweets.
However, Ori Eisen, founder of Arizona-based security firm Trusona, which specializes in authentication without passwords, said that the rapid fix should not be seen as an answer to the broad problem of SIM card swap fraud.
“The problem is not over,” Eisen said, adding that these kinds of attacks have been used to take over other high-profile social media accounts and for various kinds of fraud schemes.
It was not clear how many people are attacked in this manner, Eisen said, but added that automated technology could create billions of calls that lure people into giving up information or passwords.
Some analysts have said that hackers have found ways to easily get enough information to get a telecom to transfer a number to a fraudster’s account, especially after hacks of large databases that result in personal data sold on the so-called “dark Web.”
“Mobile accounts’ text messages can be hijacked by sophisticated hardware techniques, but also by so-called ‘social engineering’ — convincing a mobile provider to migrate your account to another, unauthorized phone,” said R. David Edelman, a former White House adviser who heads a cybersecurity research center at the Massachusetts Institute of Technology. “It only takes a few minutes of confusion to make mischief like Dorsey experienced.”
Thousands of these attacks have been reported in countries where mobile payments are common, including in Brazil, Mozambique, India and Spain.
Researchers at security firm Kaspersky have said that security systems by many mobile operators “are weak and leave customers open to SIM swap attacks,” especially if the attackers are able to gather information such as birth dates.
In a blogpost, Kaspersky researchers Fabio Assolini and Andre Tenreiro said that some cases come from cybercriminals paying off corrupt employees of mobile carriers — for as little as US$10 to US$15 per victim.
“The interest in such attacks is so great among cybercriminals that some of them decided to sell it as a service to others,” they wrote.
In Brazil, some criminals have taken over victims’ WhatsApp accounts, using it to ask the person’s friends for “urgent payment,” they added.
‘CHILD PORNOGRAPHY’: The doll on Shein’s Web site measure about 80cm in height, and it was holding a teddy bear in a photo published by a daily newspaper France’s anti-fraud unit on Saturday said it had reported Asian e-commerce giant Shein (希音) for selling what it described as “sex dolls with a childlike appearance.” The French Directorate General for Competition, Consumer Affairs and Fraud Control (DGCCRF) said in a statement that the “description and categorization” of the items on Shein’s Web site “make it difficult to doubt the child pornography nature of the content.” Shortly after the statement, Shein announced that the dolls in question had been withdrawn from its platform and that it had launched an internal inquiry. On its Web site, Le Parisien daily published a
China’s Shenzhou-20 crewed spacecraft has delayed its return mission to Earth after the vessel was possibly hit by tiny bits of space debris, the country’s human spaceflight agency said yesterday, an unusual situation that could disrupt the operation of the country’s space station Tiangong. An impact analysis and risk assessment are underway, the China Manned Space Agency (CMSA) said in a statement, without providing a new schedule for the return mission, which was originally set to land in northern China yesterday. The delay highlights the danger to space travel posed by increasing amounts of debris, such as discarded launch vehicles or vessel
RUBBER STAMP? The latest legislative session was the most productive in the number of bills passed, but critics attributed it to a lack of dissenting voices On their last day at work, Hong Kong’s lawmakers — the first batch chosen under Beijing’s mantra of “patriots administering Hong Kong” — posed for group pictures, celebrating a job well done after four years of opposition-free politics. However, despite their smiles, about one-third of the Legislative Council will not seek another term in next month’s election, with the self-described non-establishment figure Tik Chi-yuen (狄志遠) being among those bowing out. “It used to be that [the legislature] had the benefit of free expression... Now it is more uniform. There are multiple voices, but they are not diverse enough,” Tik said, comparing it
RELATIONS: Cultural spats, such as China’s claims over the origins of kimchi, have soured public opinion in South Korea against Beijing over the past few years Chinese President Xi Jinping (習近平) yesterday met South Korean counterpart Lee Jae-myung, after taking center stage at an Asian summit in the wake of US President Donald Trump’s departure. The talks on the sidelines of the APEC gathering came the final day of Xi’s first trip to South Korea in more than a decade, and a day after his meeting with the Canadian prime minister that was a reset of the nations’ damaged ties. Trump had flown to South Korea for the summit, but promptly jetted home on Thursday after sealing a trade war pause with Xi, with the two
RSS