Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world have been able to access the Telegram messenger and the data of high-profile email individuals in the cryptocurrency business.
Well prepared hackers
Hackers who carry out an SS7 attack can track a user's text messages and calls while receiving information for the location of its device as if it were registered in a different network (roaming scenario).
The attack took place in September and targeted at least 20 Partner Communications Company subscribers (formerly known as Orange Israel) - all of whom were involved in high-level cryptocurrency projects.
Tsachi Ganot, co-founder of Pandora Security in Tel Aviv, who investigated the incident and helped the victims regain access to accounts told BleepingComputer that all indications are that an SS7 attack.
Pandora Security specializes in creating secure digital environments and provides technology and cyber services to high-end individuals. Profile, such as prominent business personalities and celebrities. According to Ganot, the customers are some of the richest people in the world.
Ganot tells us that intruders may have forged a network operator's SMSC mobile telephony to send the “update location request” for a targeted phone number to the Partner (other providers may still be vulnerable to this type of attack).
Ganot says the attackers had a good knowledge of the victims' accounts and passwords their. They knew unique international numbers subscribers and International Mobile Subscriber Identity Numbers (IMSI).
SS7 attacks, while more common in recent years, are not easy to carry out and require good knowledge of the interaction of home mobile networks and its routing. communication in global level.
In this case, the goal of the hackers was to acquire cryptocurrency. Ganot believes that some of the inbox has been compromised in this way to act as a backup method for other email accounts with more data, allowing the threatening agent to achieve his goal.
This method is well known in the cryptocurrency community and users are usually wary of such requests. Ganot says that "as far as we know no one was caught in the bait".
Although sending verification codes via SMS is widely considered insecure in the information community, many services still rely on this practice, putting users at risk.
Today there are better authentication methods than 2FA authentication SMS or calls. The applications created specifically for this purpose or "physical keys" are among the solutions, says Ganot, adding that telecommunications standards need to be moved away from older protocols such as SS7 (developed in 1975), which can not deal with many modern issues.
The Israeli newspaper Haaretz published details of the attack earlier this month, saying that Israel's national intelligence service (Mossad) and the National Cyber Security Authority participated in the investigation.