• Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
Sunday, May 22, 2022
  • Login
  • Register
Coin24h.com
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
  • en English
    ar Arabiczh-CN Chinese (Simplified)nl Dutchen Englishfr Frenchde Germanit Italianpt Portugueseru Russianes Spanish
No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
  • en English
    ar Arabiczh-CN Chinese (Simplified)nl Dutchen Englishfr Frenchde Germanit Italianpt Portugueseru Russianes Spanish
No Result
View All Result
Coin24h.com
No Result
View All Result
Ledger Nano X - The secure hardware wallet
ADVERTISEMENT

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

21 August 2020
in Blockchain
Reading Time: 6 mins read
A A
0
These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter
cryptotrader
ADVERTISEMENT


Next time your phone rings and the caller ID says it’s your bank, telecom company or employer’s IT department, it might be someone else.

That’s because little-discussed types of SIM cards offer the ability to spoof any number, can be encrypted and in some cases allows the user’s voice to be altered and cloaked. Such SIM cards are favored by criminals, and they can make social engineering attacks like those that struck Twitter last month easier to execute. 

A SIM (Subscriber Identity Module) card is essentially what stores information about a phone’s user, including country, service provider, and a unique idea that matches it to its owner. 

While spoofing a phone number is an old trick, these SIMs offer a streamlined way to do it. They underscore the wide array of vulnerabilities companies and individuals face when trying to protect against social engineering attacks. 

Twitter was the victim of a phone spear-phishing attack, in which a person posing as a company insider (often supposedly from the IT department) calls a real employee to extract information. That attack, which led to the takeover of 130 accounts, including high-profile ones such as Elon Musk and Kanye West, to scam their followers out of $120,000 worth of bitcoin, has brought increased attention to the practice. Tools like these SIMs are one way for attackers to try and stay ahead of suspecting companies. 

See also: ‘Crypto Instagram’ Is Becoming a Thing, Scams and All

“Other companies might be a softer target for these same techniques,” said Allison Nixon, chief research officer at Unit221B, a cybersecurity firm. “And they’re just not going to be prepared in the same way that battle-scarred telecommunications companies have been.”

Indeed, since the Twitter hack, there has reportedly been a rise in spear-phishing attacks across companies, individuals, and cryptocurrency exchanges.

White SIMs

The cards are known as White SIMS, owing to their color and lack of branding. 

“White SIMS make it extremely easy to conduct outgoing spoofed calls,” said Hartej Sawhney, Principal at cybersecurity agency Zokyo. “They are illegal basically everywhere.”

Given the wide array of services SIMs such as these offer, they make social engineering just a little easier, and sometimes that’s all an attacker needs. SIMS can generally be bought on the Dark Web or related sites, using bitcoin. 

Social engineering often relies on an attacker tricking someone into doing something he or she shouldn’t. It can look as simple as a phishing attack, but can also involve more elaborate means such as SIM swapping, voice spoofing or extensive phone conversations, all to gain access to someone’s information or data. 

See also: Student Gets 10-Year Jail Term for SIM-Swap Crypto Thefts Worth $7.5 Million

For years the cryptocurrency community has been the target of SIM swaps, a subset of social engineering. It involves an attacker fooling a telecommunications company employee into porting the victim’s number to the attacker’s device, which lets them bypass two-factor authentication protections to an exchange account or social media profile. 

“Spoof calling is a flaw at the protocol layer and is not something that can be fixed overnight. It requires essentially rewriting the internet,” said Sawhney. “What’s interesting to note is that 99% of telecom employees have access to all customer accounts, meaning you only need to social engineer one of them.”

These SIMs present challenges for those working to protect against social engineering, including banks and other financial institutions. 

A business like any other

Social engineering attackers pick their targets by weighing the money, time and effort required to dupe them against the payoff, said Paul Walsh, CEO of the cybersecurity company MetaCert.

“It’s easier, cheaper and faster to compromise a person a human through social engineering than it is to try and take advantage of a computer or computer network,” said Walsh. “So any tools or processes like these that make that job quicker and easier for them is obviously good, in their eyes.”

The ability to mimic a specific phone number is what makes these SIMs dangerous. For example, spam callers often spoof their number to make it seem they’re calling from a number in the recipient’s local area. But these SIM cards allow an attacker to spoof a specific number, making it more likely someone will answer the phone. 

See also: A New Ultrasonic Hack Can Exploit Your Siri

A person with a number-spoofing SIM could easily imitate the number of Bank of America, for example, said Walsh, making it more likely people would give out sensitive personal information. If the number comes up as Bank of America, why would you have reason to immediately think otherwise?

Walsh also said a lot of systems will automatically detect the number you’re calling from, and use that as a piece of information verifying your identity. 

“So you call your bank and if you can confirm with your phone number and maybe one other piece of information, you gain access to all kinds of information like your bank balance and last transaction,” said Walsh. “That information alone might be useful in the context of social engineering by calling the bank without additional information you need to target someone, and acquiring it through the bank.”

Voice mimicking tech on the way

What concerns Haseeb Awan, CEO of Efani, a company that specifically works to protect against SIM hacks, is the way these SIMS might be used with other tech, such as voice spoofing. Technology that can be used to recreate someone’s voice is readily available online, and people’s voices can be reconstructed from just a few snippets of speech. 

“If you’re able to replicate anyone’s voice, and couple that with their phone number, that’s what starts to worry me the most,” said Awan. “A lot of companies are now using your voice as an authentication method, so this is where the risk of fraud is going to get really high.”

See also: North Korean Hackers Ramp Up Efforts to Steal Crypto Amid Coronavirus Pandemic

And while most people might think they’d be able to tell if someone’s voice was altered, or sounded off, Awan, who was born in Pakistan but lives in the U.S., is quick to point out the tech has gotten so good he’s seen it able to replicate his accent. In fact, one study found our brains fare poorly at differentiating a fake voice from a real one, even when we’re told it is going to be fake. 

Unlike the near-universally illegal White SIMs, encrypted anonymous SIMs that also alter your voice in real time can be easily purchased in the open. For example, the U.K. company Secure Sims, which did not respond to a request for comment by press time, offers one for sale that disables your location and encrypts data, among a variety of other features. 

It’s listed for sale for £600-£1,000 ($794-$1,322).

Disclosure

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.





Source link

Related articles

Market Wrap: Cryptos Decline Amid Choppy Trading, DeFi Tokens Underperform

20 May 2022

Las criptomonedas deberían cumplir con las mismas normas que las finanzas regulares, dice el G7

20 May 2022
Cryptohopper
ADVERTISEMENT
[crypto-donation-box]
Tags: CardsEasierHacksIllicitMakingSIMTwitters
Share76Tweet47
Ledger Nano X - The secure hardware wallet
Previous Post

US congressman declares ‘XRP is not a security’

Next Post

This is the 4th longest streak of Bitcoin above $10k in history

Related Posts

Market Wrap: Cryptos Decline Amid Choppy Trading, DeFi Tokens Underperform

20 May 2022
0

Risk-off conditions remain intact as volatility returns to stocks and cryptos. Meanwhile, DeFi tokens are lagging behind bitcoin (BTC). Source...

Las criptomonedas deberían cumplir con las mismas normas que las finanzas regulares, dice el G7

20 May 2022
0

Los ministros de Economía y Finanzas quieren que la estabilidad financiera y los estándares de lavado de dinero entren en...

las aplicaciones DeFi de Terra han perdido $28.000 millones

20 May 2022
0

"Se ha perdido la confianza, pero en caso de compensación por pérdidas y devolución de fondos, hay posibilidades de que...

Dai Creator Rune Christensen on Terra's Collapse

20 May 2022
0

The MakerDAO founder wasn’t in the mood to say “I told you so,” following Terra’s stablecoin collapse, on CoinDesk TV’s...

There Was No Terra ‘Attack’

20 May 2022
0

There’s a natural impulse to want to protect people who might not understand those risks. At the same time, a...

Load More
Next Post
This is the 4th longest streak of Bitcoin above $10k in history

This is the 4th longest streak of Bitcoin above $10k in history

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
7 Cryptos to Watch as the Sector Battles at Key Support Levels

ISO 20022 Cryptos: 5 Compliant Cryptos to Keep an Eye on in 2022

22 December 2021
What happened to the stock market today?

What happened to the stock market today?

28 September 2021
Dogecoin price enters buy zone before breaking out to $0.28

Dogecoin liquidity deepens as DOGE goes live on Thorchain

18 January 2022
All Legendary Weapons in Ruined King

All Legendary Weapons in Ruined King

4 December 2021
XRP | Digital Asset for Real-Time Global Payments |

SEC v. Ripple: Judge may be “digging the fair notice defense”, said expert

4543
Bitwise Asset Management | Cryptocurrency

Bitwise’s Crypto Index Fund Becomes Available To U.S. Investors

75
Crypto Currency | Binance | Crypto Exchange

Hours Before S. Korean Registration Deadline, Only 10 Exchanges Have Submitted Applications

69
Allianz Chief Economist Who Bought 2018 Bottom: I Sold My Bitcoin Today

Allianz Chief Economist Who Bought 2018 Bottom: I Sold My Bitcoin Today

46

DOGE Is Now Among Top 10 Purchased Coins by BNB Whales By Benzinga

22 May 2022

How Does it Rank Sunday on Long-Term Trading Metrics?

22 May 2022

Will PacMan Frog (PAC) rank as high as Sandbox (SAND) and ApeCoin (APE)? Many believe so.

22 May 2022

DOGE Is Now Among Top 10 Purchased Coins by BNB Whales

22 May 2022

We publish a comprehensive news feed covering all news relevant to the crypto user, covering main industry news, politics and regulation as well as consumer-level “news you can use” (practical stuff), including handy DIY tips, links to useful tools, unbiased reviews and opinions revolving around cryptocurrency. Simple logic and real-world examples are preferred before technical jargon and personal rants.

Categories

  • Altcoin
  • Bitcoin
  • Blockchain
  • BNB
  • Cardano
  • Cryptocurrency
  • DOGE
  • DOT
  • Ethereum
  • Litecoin
  • Market
  • Meta News
  • Mining
  • NFT
  • Regulation
  • SHIBA
  • Solano
  • Tether
  • Uncategorized
  • XDC
  • XLM
  • XRP

What’s New Here!

  • DOGE Is Now Among Top 10 Purchased Coins by BNB Whales By Benzinga
  • How Does it Rank Sunday on Long-Term Trading Metrics?
  • Will PacMan Frog (PAC) rank as high as Sandbox (SAND) and ApeCoin (APE)? Many believe so.

Newsletter

  • About Us
  • Privacy Policy
  • Contact Us

© 2022 coin24h.com

No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining

© 2020 coin24h.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • bitcoinBitcoin(BTC)$45,716.00-1.31%
  • ethereumEthereum(ETH)$3,456.77-0.85%
  • tetherTether(USDT)$1.000.04%
  • binancecoinBNB(BNB)$439.95-1.61%
  • usd-coinUSD Coin(USDC)$1.00-0.21%
  • SolanaSolana(SOL)$128.84-4.73%
  • rippleXRP(XRP)$0.82-1.94%
  • TerraTerra(LUNA)$111.19-1.25%
  • cardanoCardano(ADA)$1.190.55%
  • AvalancheAvalanche(AVAX)$92.73-3.81%
  • polkadotPolkadot(DOT)$22.10-4.14%
  • dogecoinDogecoin(DOGE)$0.144901-0.44%
  • Binance USDBinance USD(BUSD)$1.000.03%
  • TerraUSDTerraUSD(UST)$1.00-0.03%
  • Shiba InuShiba Inu(SHIB)$0.000026-1.07%
  • wrapped-bitcoinWrapped Bitcoin(WBTC)$45,705.00-1.34%
  • CronosCronos(CRO)$0.473031-1.56%
  • matic-networkPolygon(MATIC)$1.63-2.68%
  • Lido Staked EtherLido Staked Ether(STETH)$3,455.57-0.80%
  • NEAR ProtocolNEAR Protocol(NEAR)$15.62-3.50%
  • daiDai(DAI)$1.00-0.09%
  • cosmosCosmos Hub(ATOM)$30.76-3.98%
  • litecoinLitecoin(LTC)$123.39-2.73%
  • chainlinkChainlink(LINK)$17.14-5.68%
  • tronTRON(TRX)$0.069912-3.60%
  • bitcoin-cashBitcoin Cash(BCH)$370.86-0.90%
  • FTX TokenFTX Token(FTT)$49.41-1.74%
  • ethereum-classicEthereum Classic(ETC)$45.69-1.36%
  • Power CashPower Cash(PRCH)$0.017570881.24%
  • algorandAlgorand(ALGO)$0.88-4.27%
  • stellarStellar(XLM)$0.231372-0.55%
  • leo-tokenLEO Token(LEO)$5.95-0.02%
  • OKBOKB(OKB)$20.68-0.82%
  • UniswapUniswap(UNI)$11.31-3.17%
  • vechainVeChain(VET)$0.076890-1.96%
  • Axie InfinityAxie Infinity(AXS)$63.07-4.37%
  • HederaHedera(HBAR)$0.235142-4.16%
  • Internet ComputerInternet Computer(ICP)$21.47-0.24%
  • filecoinFilecoin(FIL)$24.44-2.18%
  • ElrondElrond(EGLD)$189.04-2.56%
  • decentralandDecentraland(MANA)$2.61-2.92%
  • The SandboxThe Sandbox(SAND)$3.40-2.47%
  • FantomFantom(FTM)$1.52-3.28%
  • moneroMonero(XMR)$214.53-0.30%
  • wavesWaves(WAVES)$37.59-24.48%
  • theta-tokenTheta Network(THETA)$3.76-6.47%
  • cETHcETH(CETH)$69.26-1.11%
  • tezosTezos(XTZ)$3.80-4.12%
  • ApeCoinApeCoin(APE)$11.60-3.99%
  • The GraphThe Graph(GRT)$0.480061-4.90%