Costly Identity Theft: Sim Swapping stealing identity attack on mobile phone companies (staff) – Spanish and Romanian police arrested 26 individuals theft over €3.5 mill $3.9 mill by hijacking people’s phone numbers via SIM swapping

16.Mar.2020

Administration / Server, alternatives, android, Apps Android Smart Phone, BETRUG SCAM HOAX FRAUD VERARSCHUNG, BiGData, crazy stuff, CryptoCurrencies / Bitcoins / Ethereum, Cybercrime, hacktivism, Privacy / convenience vs surveillance / Orwell, Privacy Protection / Datenschutz / DSGVO / GDPR

this really raises the question: the mobile (complete computer) phone (number) as key to everything?

is it a good idea to rely on smart phones (that are essentially a very small laptop and a cellular modem) and phone numbers to identify users? (and grant them access to bank accounts, bitcoin accounts, mail accounts, social security, tax systems, tesla cars, twitter accounts, facebook accounts… god knows what else accounts… nuclear missiles?)

also: whatever someone tweeted/shared on Facebook, there is no gurantee that is her/him: https://www.nytimes.com/2020/07/15/technology/twitter-hack-bill-gates-elon-musk.html

SIM swapping / costly identity theft:

“Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people’s phone numbers via SIM swapping attacks.

The law enforcement agencies arrested 12 and 14 people in Spain and Romania, respectively, as part of a joint operation against two different groups of SIM swappers, Europol said.

The development comes as SIM swapping attacks are emerging as one of the biggest threats to telecom operators and mobile users alike. The increasingly popular and damaging hack is a clever social engineering trick used by cybercriminals to persuade phone carriers into transferring their victims’ cell services to a SIM card under their control.”

src: https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html

privacy is key again:

the more (big)data a social engineering attacker has about a specific victim (like birthday, place of birth… favorite milk shake u name it) – the more effective the social engineering attack will be (because, to the phone company staff… obviously the person at the other end of the line knows so much about “himself”… can only be him faking an emergency).

the question is: should Trump and Hilton operate a Smart Phone AT ALL?

…while it still can be considered “funny” if celebrities are hacked (complete address book of Paris Hilton friend’s phone (2005) and naked photos leaked to the internet).

It is, of course not so funny for the victims.

“Paytsar Bkhchadzhyan, 31, Los Angeles has been sentenced to 57 months in federal position for hacking reality-star/heiress Paris Hilton’s bank and online accounts in an identity theft scheme. “

She tried to steal Paris Hilton’s identity, and now she’s going to prison

“Paris Hilton Nude Photos Exposed In Hack”

“The hacked address book is the least of Paris Hilton‘s problems. The hacker was also able to download all of Hilton’s personal cell phone photos. Several of the photos not only show Paris Hilton naked but also show her engaging in sexual acts with another woman.” (src, hacker was caught and sentenced to 5 years forced labor for the NSA)

“HEIRESS Paris Hilton isn’t storing her nude pictures on the iCloud any more” (src)

Also not so funny: if twitter thinks someone else is Trump and let’s them tweet whatever they want.

Elon Musk had to remove himself as CEO of Tesla… after the “might take Tesla private, Saudis might buy Tesla” tweet. (the Saudis did not and Tesla was not taken private)

This is – how severe – a single tweet can be and how severe identity theft can become.

Companies CAN NOT rely on “it is a complete computer” phone-numbers to identify a legitimate user.

users:

be careful about private information sharing post online
would NEVER EVER use smart phone banking apps for money transfers no matter how “convenient” that is
NEVER store sensitive information in online clouds (icloud, dropbox etc.)
- this is one of the first things attackers will download and search for more passwords
if you get strange messages about “thank you for your new phone plan” if you can not log in to your phone network… rush to the next AT&T store WITH YOUR IDENTITY CARD and identify yourself to an actual person
BitCoin users: KeepKey Hardware Wallet
- (the simplest hardware wallet, great for beginners, ~$40): https://amzn.to/2tcvLLm
- Trezor One Hardware Wallet (great hardware wallet for storing BTC, ETH, and ERC-20 tokens, ~$50): https://www.amazon.com/gp/product/B00R6MKDDE/
- Ledger Nano X Hardware Wallet (high-end hardware wallet, bluetooth-enabled, available for pre-order ~$120): https://shop.ledger.com/products/ledger-nano-x?r=d9193197bcbd
- Ledger Nano S Hardware Wallet (another great hardware wallet for storing BTC and ERC-20 tokens, ~$50): https://www.amazon.com/gp/product/B01J66NF46/
- Trezor Model T Hardware Wallet (high-end hardware wallet with top-notch security, ~$160): https://www.amazon.com/gp/product/B07B8Q2G3K/

phone companies / carriers:

need to implement very strict privacy rules / find ways to properly identify people on the other side of the phone before shipping SIMS to people who “lost” it.
OPERATE AN ACTUAL STORE (WITH REAL PEOPLE!) IN EVERY MAJOR CITY THAT USERS CAN RUSH TO IN STATE OF EMERGENCY X-D