Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
About twenty heads of cryptocurrency exchanges from Israel have become victims of cybercriminals. At the beginning of last month, attackers hacked their phones, stole all personal data and began sending messages to their contacts with a request to transfer money. According to Haaretz, hackers working for the government may be behind the cyberattack, as a result of which no funds were stolen.
The actors in the investigation of the cyberattack were a large telecommunications company, information security firm Pandora Security and even the Israeli security service Shin Bet. The National Cyber Security Administration and the Mossad were also involved in the investigation of the incident.
It all started on September 7 this year, when Tzahi Ganot, the co-founder of Pandora Security, a company that protects the top management of companies, announced that they had a "new client." It turned out to be the deputy financial director of a certain company, who complained that his mobile phone was hacked at night, and accounts in Telegram and other services could be compromised.
At that time, the attackers sent messages to the victim's Telegram contacts on her behalf with a request to send the cryptocurrency. Ganot provided the "client" with a price list, and he himself began to reflect on how the phone was hacked - with the help of a fake SIM card or malware. While cryptocurrency-related hacks are commonplace, hacking a Telegram account is not one.
The next morning, Ganota was literally bombarded with similar complaints. According to him, hackers hacked into the phones of about twenty Israelis who are presidents or vice presidents of cryptocurrency companies. In addition to cryptocurrency, the victims were united by another circumstance - they were all subscribers of the same telecom operator, the Israeli telecommunications company Partner.
How did the attackers succeed in hacking? Many services, including Telegram, use verification codes sent in SMS messages to identify users. As a rule, in order to intercept these messages, attackers "clone" (duplicate) the victim's SIM-cards. However, this time, it seems, hackers managed to intercept SMS messages sent by the telecom operator itself.
As the investigation showed, hackers carried out the so-called SMSC spoofing, implying the use of roaming. They gained access to an overseas cellular network that interacted directly with Israeli cellular networks and sent them from the overseas network to an Israeli message, thereby updating the client's location.
The text of the message could be, for example, the following: “The subscriber has just landed in Tbilisi and registered in our network. Please forward all his messages through this network. " As explained by Ganot, the attackers' plan worked, since such an update of the subscriber's location is "a necessary procedure for people entering the territory of a foreign country, whose phones are in roaming mode."
