Security News
The Federal Communications Commission in the U.S. this week announced that it started to work on rules that would pull the brake on SIM swapping attacks. The decision comes after the agency "Received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud."
Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. Harrington was charged with Eric Meiggs in November 2019 for targeting the owners of high-value Instagram and Tumblr accounts.
"The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families," according to an alert from the organization. In a typical SIM-swapping attack, attackers use stolen, sleuthed or phished personal information - including, crucially, a person's mobile phone number - to impersonate a target.
SIM swapping typically involves crooks tricking cellular network support staff to transfer victims' smartphone numbers to the criminals' own SIMs, and then using those numbers to reset passwords, or get two-factor authentication tokens, via text messages, and ultimately access and drain cryptocoin accounts. Admins using Cisco gear in their networks will want to head over to Switchzilla's security portal and check for applicable updates among the latest batch of 28 patches.
Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found. According to PhishLabs, a typical attack would start with an attacker phishing personal and banking information - often via SMS phishing, which has the added benefit of confirming that a victim's cell phone number is an active line.
Her accounts were drained in spite of using 2FA, showing that SIM swaps can still circumvent what's a good security tool.
Even with considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform...
Six alleged members of "The Community" were indicted, along with three phone service employees who allegedly helped target subscribers.
Tired: Booth babes. Wired: Floof babes. Expired: Conference hall carpets Roundup This week we had an NSA reverse-engineering toolkit released at the RSA Conference, a buffer bashed aboard British...
