通信人家园

标题: 大学生被控劫持手机号码窃取 500 万美元比特币  [查看完整版帖子] [打印本页]
时间:  2018-8-1 10:36
作者: leonierx     标题: 大学生被控劫持手机号码窃取 500 万美元比特币

7 月 12 日加州警方逮捕了 20 岁的大学生 Joel Ortiz,他被控与其同伙劫持了数十个电话号码,窃取了价值 500 万美元的比特币和其它数字货币。这是首起曝光的 SIM 劫持案件。SIM 劫持就是利用社会工程技术诱骗运营商将目标的手机号码转到攻击者控制的 SIM 卡上,然后再利用手机号码重置密码入侵受害者数字货币相关账号。Ortiz 是在准备飞往欧洲时在洛杉矶机场被捕的,他面临 28 项罪名的指控。他的一名受害者是数字货币领域的创业家,他被控从这名创业家窃取了超过 150 万美元的数字货币,其中包括通过 ICO 众筹到的100 万美元。法庭文件称,他重置这名创业家的 Gmail 账号,访问了其数字货币账号。这名受害者立即到 AT&T 营业厅里取回他的手机号码,但为时已晚。

我觉得这里所说的“SIM 劫持就是利用社会工程技术诱骗运营商将目标的手机号码转到攻击者控制的 SIM 卡上”
就是指是欺骗运营商,恶意补卡吧。国内好像在以前移动推USIM卡远程换卡的时候有过这种恶意补卡盗取银行验证码的现象。
所以说现在移动要补卡,只拿户主SFZ原件还不行,还要服务密码或者通话记录,这可以有效防止这种情况?美国的后付费手机实名制应该更严格,运营商补卡的时候连身份确认都不做,还是因为美国的那些SFZ件防伪能力不强?(虽然美国运营商据我所知,也有服务密码的概念)
In order to track hackers, the agent sent a warrant to AT & T to submit all the call records of the day the hacker placed control of the investor's mobile phone number. According to the records provided by AT & T, it turned out that this number was used from Samsung mobile phones. When I asked investors, I heard that Samsung mobile phones did not remember at all, and this cell phone declared a hacker's phone and identified the mobile phone's identification number ( IMEI ). And when the police sent a warrant to AT & T to check the phone number that the same IMEI mobile phone was sending, about 40 cases were detected

看来这家伙没接触过天朝的黑产者,居然不搞个能改串的手机来干这个活。被抓活该

.

时间:  2018-8-1 11:28
作者: leonierx

In February, T-Mobile sent a mass text warning customers of an “industry-wide” threat. Criminals, the company said, are increasingly utilizing a technique called “port out scam” to target and steal people’s phone numbers. The scam, also known as SIM swapping or SIM hijacking, is simple but tremendously effective.
First, criminals call a cell phone carrier’s tech support number pretending to be their target. They explain to the company’s employee that they “lost” their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering—perhaps by providing the victim’s Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.
Game over.
“With someone's phone number,” a hacker who does SIM swapping told me, “you can get into every account they own within minutes and they can't do anything about it.”

一个电话就能补卡?一个电话就能让运营商把号码“转网”到新卡上?看来洋人有时候真的是服务过度,好骗。





通信人家园 (https://www.txrjy.com/) Powered by C114