Telecoms protocol from 1975 exploited to target 20 crypto executives

Published at: Oct. 20, 2020

Hackers compromised Telegram messenger and email accounts of multiple cryptocurrency executives last month by exploiting a vulnerability in a decades-old protocol. 

The fraudsters are believed to have been trying to intercept two-factor authentication codes of victims in an attack on Israel-based telecommunications provider Partner Communications Company, formerly known as Orange Israel.

The attacks are currently being investigated by Israel’s National Cyber Security Authority and national intelligence agency Mossad.

According to cybersecurity publication Bleeping Computer, the devices of at least 20 Partner Communications Company subscribers were compromised.

Israel-based cybersecurity firm Pandora Security’s analysis of the event suggests the devices were likely breached via a Signaling System 7 attack. SS7 comprises a set of protocols that are used to facilitate the exchange of information within public switched telephone networks interacting over digital signaling networks.

Hackers can exploit SS7 to intercept text messages and calls by using a roaming feature and “updating the location of their device as if it registered to a different network.”

Despite first being developed in 1975, the SS7 protocol is currently in widespread use globally.

Pandora co-founder Tsashi Ganot warned that national governments must update their telecommunications infrastructure to protect against modern security threats.

He said the hackers had also impersonated their victims on Telegram in unsuccessful attempts to lure close acquaintances into making crypto trades:

“In some cases, the hackers posed as the victims in their [Telegram] accounts and wrote to some of their acquaintances, asking to exchange BTC for ETC and the like [...] as far as we're aware no one fell for the bait.” 

The SS7 attacks are reminiscent of SIM-swapping that reassigns the phone number associated with a victim’s SIM-card to a device under the hackers’ control. 

U.S.-based telecom providers have faced multiple lawsuits from crypto executive clients that have been targeted by SIM-swap attacks.

Tags
Related Posts
US Blockchain Investor Terpin Awarded Over $75 Million in SIM Swapping Case
United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets. Reuters reported the news on May 10. Per the report, the California Superior Court last week ordered Manhattan resident Truglia to pay the amount above in compensatory and punitive damages. The amount is reportedly one of the largest court judgments awarded to an individual in the crypto space thus far, Reuters notes. As previously reported, Terpin filed the complaint against Truglia in particular in late December, after first filing a lawsuit against AT&T …
Blockchain / May 11, 2019
Millions of Telegram Users’ Data Exposed on Darknet
Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet. A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday. According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes. About 40% of entries in the database should be relevant Telegram has reportedly acknowledged the existence …
Technology / June 24, 2020
Unofficial Iranian Telegram Applications Leak Data of 42M Users
While Telegram isn’t giving up its ongoing legal battle with United States regulators to launch its TON blockchain project, some online perpetrators are taking advantage of the messenger’s popularity to expose millions of user records of third-party versions of Telegram app. Per an investigation by cybersecurity firm Comparitech and security researcher Bob Diachenko, at least 42 million Iranian “Telegram” usernames and phone numbers were leaked via unofficial Iranian-made versions of Telegram, while real Telegram is banned in the country. 42 million Iranians that are willing to use the banned messenger got their data exposed According to a March 30 report …
Blockchain / March 31, 2020
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023