Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security IT Technology

Hackers Plan To Use Stolen Cryptocurrency Exchange Data for SIM Swapping (vice.com) 10

Posted by msmash from the security-woes dept.
Hackers who obtained personal data on users of Canadian cryptocurrency exchange Coinsquare say they plan to use the information to perform so-called SIM swapping attacks, according to one of the hackers. Motherboard: The news shows hackers' continued interest in trying to leverage security issues with telecom-based forms of authentication. In a SIM swapping attack, a hacker takes control of a target's phone number, which then gives them the ability to request password resets for some websites or a victim's two-factor authentication code. Often, SIM swappers will use these techniques to steal cryptocurrency. The breach also signals the continued risk of insider access, with Coinsquare telling Motherboard a former employee was responsible for stealing the data. "The original intent was to sell it [the data] but we figured we would make more money by SIM swapping the accounts," a pseudonymous hacker who provided the Coinsquare data to Motherboard said in an online chat.
This discussion has been archived. No new comments can be posted.

Hackers Plan To Use Stolen Cryptocurrency Exchange Data for SIM Swapping More

Hackers Plan To Use Stolen Cryptocurrency Exchange Data for SIM Swapping

Comments Filter:

  • Just the phone number? I thought it was a factor of "device ID" cloning?

    I thought you activated the SIM as a device ID with the username/password AND phone # to the account and the phone # acts as a logical number for the device ID.

    Now granted if you used the same email address/password with the phone company it'd be easy to hijack...

    • Re: (Score:3)

      by EvilSS ( 557649 )
      It's a social engineering / inside man scam, nothing overly technical about it. You trick or bribe someone at the phone company to move your target's mobile number to a new device that you control. Boom, done. Now the SMS 2FA flows to your phone and not theirs. Of course you still need some other info to pull off the crypto theft, but that's all it takes for the sim swapping part.
  • I use a landline phone.

  • Hacker? (Score:3)

    by kaatochacha ( 651922 ) on Tuesday June 02, 2020 @02:05PM (#60136556)

    I was unaware that working for a company and stealing the data made you a "hacker".
    Really intelligenet exploit there, getting a job and all.

    Yes, yes, I know: Social Engineering.
    But that's more "hey, i'm pretending to work for the phone company and getting the data by talking someone into it" than "I got a job that gave me access, and took it"

    • I just finished security training for my company.

      A hacker is obviously anybody that wears a hoodie with dark sunglasses. I'm aware of this now and keeping my eyes peeled for such a person in my company (which is practically everyone)

  • I feel left out- I have no Bitcoin to steal.

    I'll never get to tell a cool story about how I had a $HUGE_AMOUNT of money in Bitcoin and then the exchange got hijacked or I lost my wallet or insiders stole the money or someone hacked my shit and I lost it all.

    Is it too late for me to sell everything I own and invest in Bitcoin? My kid can wait for his brain operation, I don't want to miss the next big jump in the purely subjective price of this vaporware currency!

  • Telling the public about their next heist plans sounds oh so clever. Well, maybe their fellow cell neighbors will at some point teach them that one of the basic concepts of being a thief is acting covertly, not telling others about it.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close