An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes
The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes.
Once in possession of these codes, attackers could take control of targets online accounts, including their banking and cryptocurrency exchange accounts (and also web-based email accounts that could serve as a gateway to many other systems). The returns could be massive, and several cryptocurrency users suffered losses in the millions.
SIM-swapping benefits from the overall lax security at phone companies, but the DOJ says that the insiders made it much easier to undertake these attacks against high-value targets. According to the DOJ, sometimes the insiders simply reached into the system and changed ownership of phone numbers; other times, they provided confederates with the information needed to trick customer service reps at the telcos into making the switch.
Insiders have been implicated in SIM-swapping since the beginning, and criminals cultivated "plugs" (insiders) who would augment their low wages with bribes to help with SIM-swaps. The indictment paints a picture of plugs who made a few hundred dollars for helping with frauds that netted millions.
The security economics are pretty straightforward here: phone numbers used to be low value, then they were repurposed to protect high-value assets, and the assumptions about how far attackers would go to steal phone numbers remained the same, while the actual lengths increased considerably. Read the rest
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/c0E9HXrATj4/inside-jobs.html