• Latest
CoinDesk Explains SIM Jacking – CoinDesk

CoinDesk Explains SIM Jacking – CoinDesk

February 26, 2020
Bitcoin Impact? Billionaire Fund Supervisor Sells 1.8M Tesla Shares for Customers

Bitcoin Impact? Billionaire Fund Supervisor Sells 1.8M Tesla Shares for Customers

March 4, 2021
Bitcoin on Again Foot as Concentration Turns to Powell Speech What to Anticipate?

Bitcoin on Again Foot as Concentration Turns to Powell Speech What to Anticipate?

March 4, 2021
OKEx Lists Chiliz, Permits CHZ/USDT and CHZ/BTC Spot Trading

OKEx Lists Chiliz, Permits CHZ/USDT and CHZ/BTC Spot Trading

March 4, 2021
Bitcoin Turns Attractive Above $50K, Why BTC Could Rally To $55K

Bitcoin Turns Attractive Above $50K, Why BTC Could Rally To $55K

March 4, 2021
Gold is Useless, Bitcoin and Ethereum Are Nowadays

Gold is Useless, Bitcoin and Ethereum Are Nowadays

March 4, 2021
Why Traders Are Cautious On Bitcoin Proper Now

Why Traders Are Cautious On Bitcoin Proper Now

March 3, 2021
traders explore what is coming future in small-time period

traders explore what is coming future in small-time period

March 3, 2021
Erik Voorhees – Cointelegraph Magazine

Erik Voorhees – Cointelegraph Magazine

March 3, 2021
Government Sees BTC/USD At $60,000

Government Sees BTC/USD At $60,000

March 3, 2021
DeFi Protocol Curve Finance’s Token Surges Soon after News Of PayPal’s Acquisition Of Curv

DeFi Protocol Curve Finance’s Token Surges Soon after News Of PayPal’s Acquisition Of Curv

March 3, 2021
Ethereum Flips Powerful Resistance Levels as Cost Eyes $2,000-Retest

Ethereum Flips Powerful Resistance Levels as Cost Eyes $2,000-Retest

March 3, 2021
Bitcoin Holding Gains, Why BTC Could Surge Over $50K

Bitcoin Holding Gains, Why BTC Could Surge Over $50K

March 3, 2021
  • Home
  • Coin Market Cap
  • ICO Live
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • ICO
  • Business
CoinNewsDaily
  • Home
  • Coin Market Cap
  • ICO Live
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • ICO
  • Business
No Result
View All Result
  • Home
  • Coin Market Cap
  • ICO Live
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • ICO
  • Business
No Result
View All Result
CoinNewsDaily
No Result
View All Result
Home Business

CoinDesk Explains SIM Jacking – CoinDesk

coinnewsdaily by coinnewsdaily
February 26, 2020
in Business
0
CoinDesk Explains SIM Jacking – CoinDesk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Related articles

Binance Lets Turkish Customers Directly Deposit Fiat With Bank Integration

Binance Lets Turkish Customers Directly Deposit Fiat With Bank Integration

March 3, 2020
Ex-Employee Steals User Data From Derivatives Exchange Digitex

Ex-Employee Steals User Data From Derivatives Exchange Digitex

February 28, 2020

For early access before our regular noon Eastern time releases, subscribe with Apple Podcasts, Spotify, Pocketcasts, Google Podcasts, Castbox, Stitcher, RadioPublica or RSS.

In the pantheon of crypto hacks, “SIM jacking” is one of the worst. The hack, which is less a hack and more social engineering, is basically a form of identity theft, with the attacker swapping a victim’s SIM card remotely, usually with the help of your cell-phone carrier, and then breaking into that victim’s email, crypto, bank accounts, basically all the stuff you definitely don’t want someone to break into. And the consequences can be dire, it’s also netted attackers tens of millions in loot over the past few years.

It’s audacious but it’s also preventable, with a little awareness. 

In this episode of CoinDesk Explains, CoinDesk editors Adam B. Levine and John Biggs explain the attack, what it could mean for you, how it works and what you can do to prevent it in a way that even John could understand. Special thanks to security guru Ralph Echemendia for the advice in today’s podcast.

For early access before our regular noon Eastern time releases, subscribe with Apple Podcasts, Spotify, Pocketcasts, Google Podcasts, Castbox, Stitcher, RadioPublica or RSS.

Transcript

In the pantheon of crypto hacks, “SIM jacking” is one of the worst. The hack, which is less a hack and more social engineering, is basically a form of identity theft, with the attacker swapping a victim’s SIM card remotely, usually with the help of your cell-phone carrier, and then breaking into your email, crypto, bank accounts, basically all the stuff you definitely don’t want someone to break into. It’s audacious but it’s also preventable with a little awareness. And the consequences can be dire, it’s also netted attackers tens of millions in loot over the past few years.

Welcome to CoinDesk Explains, an occasional series from the Markets Daily team where we break down and explore the complex world of Blockchains and Cryptocurrencies like Bitcoin. I’m John Biggs…

…and I’m Adam B. Levine. In today’s tightly connected world it always sucks to lose your phone, but when you add “your money” to that sentence it’s even more painful.  

So this time we’re talking about how some people have lost their phones [and], with the help of some clever social engineering, sometimes tens of millions of dollars along with it.

So John, you experienced this firsthand, right?

Absolutely. Back in 2017  some jackass swapped their SIM card with mine, I guess by calling T-Mobile and pretending to be me.  They were like, “Hello, this is John Biggs, I upgraded my phone or something and need you to transfer service to my new phone.” Now, clearly this was not me calling, but T-Mobile must have believed them and made it happen.  

AND NOW A DRAMATIC RE-ENACTMENT, FEATURING JOHN BIGGS AS THE PHONE COMPANY REP AND ADAM B. LEVINE AS THE FAKE JOHN BIGGS.

Thanks for calling your phone company, how can I help you today?

Hi, yeah, I’m John Biggs and I need you to activate my new SIM card.

I’m happy to help you with that. Can you verify your account with your Social Security number, your blood type and your shoe size?

Actually no, I’m in a big hurry and just need you to help me out.

I’m sorry sir, I can’t help you if you can’t verify your account. 

Darn, OK, I’ll call back later.

Hello, this is another rep from your phone company. How can I help you?

Hi, I’m John Biggs and need you to activate my new phone.

Can you verify your account?

That’s fine, let me make that change now.

It’s pretty much that easy. The real trick is that if you don’t succeed with the first rep, you can call back basically an unlimited number of times until your phone company support slips up, forgets security protocol and agrees to make the change.  And these guys are really clever, with like crying baby sounds in the background and stuff.

That’s the social engineering part. Nobody is actually hacking or attacking your phone itself, they’re taking advantage of the fact that T-Mobile support wants to help you, or at least not get yelled at by you too much.  So when somebody calls up and pretends to be you, they can wind up helping someone trying to steal from you instead. So what happened?

Yeah, my carrier bought it alright, and helped them out by activating their new phone with my current number.  That, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password and to text on my behalf. 

Ok, so now they have your cell phone, they get your phone calls, they get your text messages and you don’t. But how does that get them the ability to change all those passwords?

Just about every service out there from Gmail to Facebook to Coinbase to BYNANCE are concerned that you’re not going to do a good job of managing your passwords. So they did something even more insecure by adding two-factor authentication via text message. A lot of companies have stopped this, but it’s still a huge hole.

So when your phone became their phone, now they were the ones who could reset your password.

That’s right. All of the two-factor notifications went, by default, to my phone number, which was now their phone number, so I received none of the notifications and in about two minutes I was locked out of my digital life.

Yeah… I noticed all of this at about 10 p.m. and I was lucky. I knew what was happening and called T-Mobile. By 10:30 p.m. I reset my old SIM and began the process of changing all of my passwords and hardening my two-factor accounts and T-Mobile account.

So, this is a funny story. A week before I was talking to someone in crypto on Facebook. I forget what about. So a few days after that I got a message from that guy on Facebook Messenger saying, “Hey, I’m in a really bad financial situation and I can’t get to my crypto. Can you send me six bitcoin right and I’ll send you eight tomorrow?” 

And I’m like “Huh, that sounds like a good deal!”

Luckily, no, but that was the MO. When I was locked out of my accounts, the hackers pretended to be me and asked my friends to send them bitcoin. One of them texted one of my friends and said, “If I don’t get this crypto right now they’ll pull the plug on my dad at the hospital.” They had figured out my dad was sick. And the crypto friend was like “Uh, yeah, that’s not how hospitals work.”

There was also the case of Nicholas Truglia, a 21-year-old New Yorker who hijacked multiple phones and actually stole millions of dollars. According to court documents, Truglia is alleged to have stolen from his father and even a dead man.

Most notably, Truglia got Michael Terpin, a cryptocurrency investor. He used one of these socially engineered SIM swaps with Terpin’s phone to steal $24 million in crypto, which led to Terpin opening a $200 million lawsuit against his cell phone provider, AT&T. 

How much did this guy have? According to court documents, he had a number of Trezors. “One had over $40 million in cash value of various cryptos, and the other one had over $20 million cash value of various cryptos.” It’s nuts.

So how do you fight back?

My buddy Ralph, CEO of Seguru and Oliver Stone’s tech guy, has some ideas. I talked to him today about protecting yourself from SIM hacks.

So SIM locks and two-factor everything, but not with text messages.

Disclosure Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Credit: Source link

Share76Tweet47
Previous Post

Compound Extends DeFi Ethos to Itself, Launches Governance Token

Next Post

Price Analysis Feb 26: BTC, ETH, XRP, BCH, BSV, LTC, EOS, BNB, XTZ, ADA

coinnewsdaily

coinnewsdaily

CoinNewsDaily.com is an online Crypto Coin News Website that aims to provide latest trendy news from market and around the world.

Related Posts

Binance Lets Turkish Customers Directly Deposit Fiat With Bank Integration
Business

Binance Lets Turkish Customers Directly Deposit Fiat With Bank Integration

March 3, 2020
Ex-Employee Steals User Data From Derivatives Exchange Digitex
Business

Ex-Employee Steals User Data From Derivatives Exchange Digitex

February 28, 2020
Secretive Digital Fiat Project Emerges With New Partner as CBDC Chatter Grows
Business

Secretive Digital Fiat Project Emerges With New Partner as CBDC Chatter Grows

February 24, 2020
Crypto News Roundup for Feb. 24,  2020
Business

Crypto News Roundup for Feb. 24, 2020

February 24, 2020
Binance Now Supports Deposits and Withdrawals in Hong-Kong Dollars
Business

Binance Now Supports Deposits and Withdrawals in Hong-Kong Dollars

February 24, 2020
When Money Becomes Programmable – Part 1
Business

When Money Becomes Programmable – Part 1

February 22, 2020
Load More
Next Post
Price Analysis Feb 26: BTC, ETH, XRP, BCH, BSV, LTC, EOS, BNB, XTZ, ADA

Price Analysis Feb 26: BTC, ETH, XRP, BCH, BSV, LTC, EOS, BNB, XTZ, ADA

Categories

  • Alt Coin
  • Bitcoin
  • Business
  • Ethereum
  • ICO
  • Litecoin
  • Mining
  • Ripple
  • Tech
  • Trading

What New here?

  • Bitcoin Impact? Billionaire Fund Supervisor Sells 1.8M Tesla Shares for Customers
  • Bitcoin on Again Foot as Concentration Turns to Powell Speech What to Anticipate?
  • OKEx Lists Chiliz, Permits CHZ/USDT and CHZ/BTC Spot Trading

Subscribe to Get More!

Loading
  • About Us
  • Contact Us
  • Privacy & Policy

© 2018-2020 CoinNewsDaily.com by CoinNewsDaily Inc. Crafted with Love by iFtiDev

No Result
View All Result
  • Home
  • Coin Market Cap
  • ICO Live
  • Bitcoin
  • Ethereum
  • Ripple
  • Litecoin
  • Alt Coin
  • ICO
  • Business

© 2018-2020 CoinNewsDaily.com by CoinNewsDaily Inc. Crafted with Love by iFtiDev

  • bitcoinBitcoin(BTC)$49,567.00
  • ethereumEthereum(ETH)$1,582.87
  • cardanoCardano(ADA)$1.16
  • tetherTether(USDT)$1.00
  • rippleXRP(XRP)$0.457698
  • litecoinLitecoin(LTC)$186.11
  • bitcoin-cashBitcoin Cash(BCH)$517.75
  • stellarStellar(XLM)$0.415295
  • nemNEM(XEM)$0.73
  • dogecoinDogecoin(DOGE)$0.050139
  • moneroMonero(XMR)$215.91
  • tronTRON(TRX)$0.052413
  • eosEOS(EOS)$3.83
  • iotaIOTA(MIOTA)$1.23
  • vechainVeChain(VET)$0.052197
  • neoNEO(NEO)$38.94
  • dashDash(DASH)$218.75
  • zilliqaZilliqa(ZIL)$0.125110
  • zcashZcash(ZEC)$125.09
  • ethereum-classicEthereum Classic(ETC)$11.36
  • iconICON(ICX)$2.01
  • wavesWaves(WAVES)$9.66
  • iostokenIOST(IOST)$0.047871
  • ontologyOntology(ONT)$1.00
  • loopringLoopring(LRC)$0.57
  • nanoNano(NANO)$5.22
  • omisegoOMG Network(OMG)$4.83
  • qtumQtum(QTUM)$5.66
  • siacoinSiacoin(SC)$0.010668
  • bitcoin-goldBitcoin Gold(BTG)$28.21
  • liskLisk(LSK)$3.16
  • statusStatus(SNT)$0.087668
  • vergeVerge(XVG)$0.020151
  • bitcoin-diamondBitcoin Diamond(BCD)$1.08
  • steemSteem(STEEM)$0.443978
  • wanchainWanchain(WAN)$0.83
  • bitsharesBitShares(BTS)$0.050161
  • bytomBytom(BTM)$0.080981
  • stratisStratis(STRAX)$1.33
  • aionAion(AION)$0.194110
  • aeternityAeternity(AE)$0.254755
  • populousPopulous(PPT)$1.79
  • hshareHyperCash(HC)$0.65