Attackers use complicated method to try and steal cryptocurrency

Malicious attackers have tried to get Israeli executives working for 20 digital currency firms to pay cryptocurrency by sending them messages after hacking their phones and stealing their identities.

The Israeli newspaper Haaretz reported that the failed attack took place at the beginning of September and that all the companies involved were using Partner Communications, a major Israeli telecommunications company.

The incident was investigated by Mossad and the country's National Cyber Security Authority.

It quoted Tzahi Ganot, the co-founder of Pandora, a security firm which provides protection for workers in sensitive positions, as saying that the attackers appeared to have used the cellular networks of EE, a division of BT, to gain access to the executives' details.

Ganot said the attack was likely to have been an SMSC (short message service centre) spoofing attack; this uses the roaming function and the attackers need access to a cellular network that interacts with Israeli networks.

“It’s a rare assault. The hackers send a message from a foreign cell network to an Israeli one, updating the client’s location. For example: ‘The client has just landed in Tbilisi, he has registered with our network. Please route his SMS messages via this network'," Ganot explained.

"This is a necessary procedure for people entering a foreign country, whose cell phones are in ‘roaming’ mode.”

He explained that the attackers were likely to be from another country, and they had managed to hack into the EE cellular network in the UK; this was probably the origin of the attack.

Ganot's company was brought into the picture on 7 September by one of the executives, who contacted him after his phone was hacked and his Telegram account compromised.

The attackers had sent messages to his Telegram contacts, asking them to send cryptocurrency.

After Ganot posted news about this to his clients and also some digital currency groups, he received a flood of messages, all complaining of similar hacks.

Ganot, who formerly worked for the NSO Group, a firm that makes surveillance software, told Haaretz that the identity theft had been carried out by using SMS verification.

He said he had contacted Partner about the incident and claimed the telco had mishandled it from the start.

“Partner replied to our queries with ‘what does it have to do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or customer service'," he said.

"One representative even suggested I join their anti-virus service for five shekels (A$2.06) a month."

He said he had then contacted Partner’s data security director Yaniv Sabag. “He asked for the victims’ details and phone numbers but afterward he asked that each one of them approach customer services separately and open a call, otherwise he wouldn’t be able to look into their cases," Ganot said.

"I can tell you that to this moment I haven’t been able to ‘open a call’ in Partner and I’m a business client of theirs - or, more accurately, I used to be one.

“Finally, Sabag said they were checking out the incident – but a few days later they cut off all communication, not only with us, but also with their hacked clients, and didn’t answer their queries.”

A Partner spokesperson told Haaretz: “There is no connection between this incident and Partner. Incidents like these can take place — especially during the coronavirus — to clients of other firms as well.”