this post was submitted on 26 Aug 2023
64 points (98.5% liked)

Technology

59689 readers
3168 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
64
Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security (krebsonsecurity.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

Summary

  • A security consulting giant Kroll disclosed that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms.

  • The attack targeted a T-Mobile phone number belonging to a Kroll employee and resulted in the transfer of that employee's phone number to the threat actor's phone.

  • As a result, the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis.

  • People with stolen data are being subjected to phishing attacks.

Minimizing Reliance on Phone Company for Security

  • The SIM-swapping attack against Kroll is a reminder that we should not rely on mobile phone companies for our security.

  • Many online services allow users to reset their passwords by clicking on a link sent via SMS. This means that if someone gains control of your phone number, they can also gain access to your online accounts.

  • To protect yourself, you should remove your phone number from any online services that allow password reset using the phone number, starting with important accounts.

  • If you cannot remove your phone number from an online service, you should check to see if there is an option to disable SMS or phone calls for authentication and account recovery. Use a security key or a one-time code from a mobile authentication app instead of SMS for authentication.

SIM-swapping

  • SIM-swapping is a type of attack where the attacker tricks a mobile carrier into transferring a victim's phone number to a device that they control.

  • This gives the attacker access to the victim's SMS messages and phone calls, which can be used to reset passwords, gain access to online accounts, and commit other types of fraud.

  • SIM-swapping attacks are becoming increasingly common, and they have been used to steal millions of dollars from victims.

  • Mobile providers may not be liable for financial losses caused by SIM-swapping attacks. In a 2023 case, a California judge dismissed a lawsuit against AT&T for a 2017 SIM-swapping attack that resulted in the theft of more than $24 million in cryptocurrency.

all 4 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago (1 children)

How people in the security sector operate without 2FA with dedicated apps is totally beyond me.

[–] [email protected] 5 points 1 year ago

From the sound of this one, the person probably didn't even have 2FA. Someone took over the phone number, requested for password reset, and got access to the accounts.