Attackers use complicated method to try and steal cryptocurrency
Malicious attackers have tried to get Israeli executives working for 20 digital currency firms to pay cryptocurrency by sending them messages after hacking their phones and stealing their identities.
The Israeli newspaper Haaretz reported that the failed
attack took place at the beginning of September and that all the companies
involved were using Partner Communications, a major Israeli telecommunications
company.
The incident was investigated by Mossad and the country's
National Cyber Security Authority.
It quoted Tzahi Ganot, the co-founder of Pandora, a security
firm which provides protection for workers in sensitive positions, as saying
that the attackers appeared to have used the cellular networks of EE, a
division of BT, to gain access to the executives' details.
Ganot said the attack was likely to have been an SMSC (short
message service centre) spoofing attack; this uses the roaming function and the
attackers need access to a cellular network that interacts with Israeli
networks.
“It’s a rare assault. The hackers send a message from a foreign
cell network to an Israeli one, updating the client’s location. For example:
‘The client has just landed in Tbilisi, he has registered with our network.
Please route his SMS messages via this network'," Ganot explained.
"This is a necessary procedure for people entering a
foreign country, whose cell phones are in ‘roaming’ mode.”
He explained that the attackers were likely to be from
another country, and they had managed to hack into the EE cellular network in
the UK; this was probably the origin of the attack.
Ganot's company was brought into the picture on 7 September
by one of the executives, who contacted him after his phone was hacked and his
Telegram account compromised.
The attackers had sent messages to his Telegram contacts,
asking them to send cryptocurrency.
After Ganot posted news about this to his clients and also
some digital currency groups, he received a flood of messages, all complaining
of similar hacks.
Ganot, who formerly worked for the NSO Group, a firm that
makes surveillance software, told Haaretz that the identity theft had been
carried out by using SMS verification.
He said he had contacted Partner about the incident and
claimed the telco had mishandled it from the start.
“Partner replied to our queries with ‘what does it have to
do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or
customer service'," he said.
"One representative even suggested I join their
anti-virus service for five shekels (A$2.06) a month."
He said he had then contacted Partner’s data security
director Yaniv Sabag. “He asked for the victims’ details and phone numbers but
afterward he asked that each one of them approach customer services separately
and open a call, otherwise he wouldn’t be able to look into their cases,"
Ganot said.
"I can tell you that to this moment I haven’t been able
to ‘open a call’ in Partner and I’m a business client of theirs - or, more
accurately, I used to be one.
“Finally, Sabag said they were checking out the incident –
but a few days later they cut off all communication, not only with us, but also
with their hacked clients, and didn’t answer their queries.”
A Partner spokesperson told Haaretz: “There is no connection
between this incident and Partner. Incidents like these can take place —
especially during the coronavirus — to clients of other firms as well.”
Comments
Post a Comment